How do I configure to host N web servers?

[michele22]

Hello everyone,

I've been struggling for weeks to host websites through VMs and containers running Ubuntu, Nginx, and WordPress on my Proxmox server.
I replicated the usual Nginx configuration that works on standard cloud servers, but it doesn't seem to work properly.

Issue:

• I cannot reach the website from outside my network using the configured domain name.
• When I try to obtain SSL certificates using Certbot, the process fails.
• I also tried setting up a container (CT) with the WordPress template. While I can access http://ip-host-ct/wp-admin, after logging in it redirects to the configured domain, which fails to load and returns an error page.

I am sure that part of the problems are caused by the fortigate firewall which is configured like this:the router (192.168.0.253) connects the firewall on the dmz port.
The firewall(192.168.0.253) contains the entire network inside. The IP of the machine with proxmox is 192.168.1.98/24 while statically I then assign an IP of this class for the VMs.

When I create a VM I set the network bridge to vmbr0 which refers to the network card with the server's IP.

My Questions:

1. How should I configure the network on the VMs (bridge, NAT, or something else) to ensure the issue is isolated to the firewall and not Proxmox?
2. Are there specific settings or forwarding rules I should focus on for Fortigate to ensure HTTP/HTTPS traffic reaches the VMs?
3. Could the double NAT (router → Fortigate) be causing issues? If so, how can I verify and mitigate this?

My goal would be to create a VM with 5 wordpress sites with related email servers then a VM for a non-wordpress site.
I thank you in advance and hope for your help.

 

[BobhWasatch]

192.168.0.0/16 is for private networks and because everyone uses them they aren't unique and therefore cannot be routed over the Internet. You also can't just set up a local DNS, nobody will know how to reach it. That is why you need to pay for resolveable names and have the DNS hosted somewhere public. Likely one of these reasons is why certbot fails.

If your VM's have such private IP's then you will need to set up port forwarding on your ISP router and point your DNS to your public IP rather than the private one. However, there are still problems.

if you have a "home" internet connection, it is very likely that your ISP will block certain ports like 25 and 443 inbound because they don't want you to be hosting servers without paying for a "business" connection.

You also can't have your various servers on different IP addresses (since a home service usually has only one public IP) so you'll have to put them on different ports. Users will need to connect to something like "https://your-name:your-port". A "business" connection will also generally offer some number of public IP's to mitigate this problem.

I would VERY STRONGLY suggest you learn about IP routing and general security best practices before proceeding. You are going to expose your VM's to the public Internet which is a VERY unfriendly place. You will get hacked quite quickly if you don't know what you are doing. Those VM's will be constantly bombarded with bogus login attempts, attempts to exploit Wordpress, etc. It is not something you can set up and ignore.

Paying for a few VM's at Digital Ocean or Linode takes care of a lot of these issues for you.

 

[michele22]

A thousand thanks! I'll try to explain myself better:
I know that this is the local network, in fact the domain points to the public IP, I have the suspicion that my ISP is blocking my web traffic. But one important thing that I didn't say before is that before adding the firewall to the network I had a single server with Ubuntu that included the various wordpress sites. I decided to use proxmox because nginx configurations were becoming incompatible with other types of services I wanted to use on that machine. Since I would like to use the firewall I don't want to eliminate it from the configuration