Proxmox updates US based repos

yaboc

Renowned Member
Nov 13, 2012
81
2
73
Hi,

I've searched the forum for this topic and didn't see any hits. I want to deploy proxmox hopefully a cluster with ceph however our dilemma is that we do not allow connection from outside of US. Servers are actually isolated and get updates from local repos. Is there a US based proxmox repository for updates? Can the repository be mirrored locally? Thank you
Y
 
Please help me to understand, why do you have such a restriction?

(Our North America download server are in Canada.)
 
Hi Tom. Financial industry with strict security requirements for in-house servers. I potentially could get updates by temp connection to the outside but only to US based servers. CAN is most likely blocked as well. Just trying to see if any workaround can be achieved to keep current with updates. Or we could go without updates and just do rebuilds with every major update (would like to avoid that).
 
We use apt as package management, so if know how you can do offline update too. But online updates would be easier, most use a http proxy for limited internet access.
 
thanks Tom i will check if canadian repo is blocked (66.70.154.81) but i believe it is. i will try other options. it's not fun to run things in sych a restricted env :/
 
i will try other options. it's not fun to run things in sych a restricted env :/

Another option is obvious: get the smallest digital ocean droplet in US IP zone, install a reverse proxy and proxy the canadian server... IP address restrictions are so easy to circumvent if you live in the zone that is restricting it.
 
  • Like
Reactions: yaboc
we were able to get updates by temp connection to our 'internet' network which allows the CAN repo. That link is disabled after the update is performed. Thanks everyone for coming up with multiple ways of getting porxmox updated. I'm sure these solutions will help someone in the future.
 
we were able to get updates by temp connection to our 'internet' network which allows the CAN repo. That link is disabled after the update is performed.

If you can live with it ... it's just fine. We do a similar setup for backing up our machines. We update some servers "from the outside" and enable access to update repositories in the firewall just before running the update and disable them afterwards. Works fine.

I do not know if you can mirror the pve-enterprise repository, but you sure can mirror the other repositories (we do) and you can then have a local mirror in your company. The packages are cryptographically signed, so you will notice tampering.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!