Hi all!
I have a Proxmox Virtual Environment installed at home in order to manage some VMs for my private network. In order to see and manage VMs remotely, I configured a virtual host on another machine through apache that redirects all traffic to proxmox.mydomain.com.
Now come some security concerns:
1. Because of the apache proxy, every failed login attempt in the /var/log/daemon.log is logged using the internal proxy IP, instead of the real client IP. I red a lot of documentation talking about using X-Forwarded-For headers and mod_remoteip, but all this kind of stuff should be configured on the pveproxy.conf that is not a "real" webserver (like apache, nginx, etc) so I really don't know where to put my hands on.
2. Also, if I have success logging the correct IPs, I'd like to mount the /var/log/ folder on the proxyserver and configure fail2ban in order to block repeatedly wrong login attempts. Now, I cannot do it because every failed attempt is logged as my proxy IP, so obviously it cannot ban itself.
Anyway, for security reasons, since day one I already disabled root login through web interface and protected my account with 2FA.
Do you have any idea? I tried to find someone with my same problem but didn't find anything. Also, I tried to ask chatgpt hoping it was "better than me" in searching online, but without any luck.
Thanks in advance for every reply to my doubts.
I have a Proxmox Virtual Environment installed at home in order to manage some VMs for my private network. In order to see and manage VMs remotely, I configured a virtual host on another machine through apache that redirects all traffic to proxmox.mydomain.com.
Now come some security concerns:
1. Because of the apache proxy, every failed login attempt in the /var/log/daemon.log is logged using the internal proxy IP, instead of the real client IP. I red a lot of documentation talking about using X-Forwarded-For headers and mod_remoteip, but all this kind of stuff should be configured on the pveproxy.conf that is not a "real" webserver (like apache, nginx, etc) so I really don't know where to put my hands on.
2. Also, if I have success logging the correct IPs, I'd like to mount the /var/log/ folder on the proxyserver and configure fail2ban in order to block repeatedly wrong login attempts. Now, I cannot do it because every failed attempt is logged as my proxy IP, so obviously it cannot ban itself.
Anyway, for security reasons, since day one I already disabled root login through web interface and protected my account with 2FA.
Do you have any idea? I tried to find someone with my same problem but didn't find anything. Also, I tried to ask chatgpt hoping it was "better than me" in searching online, but without any luck.
Thanks in advance for every reply to my doubts.