Questions about where doing the installation of Nginx:

[dpailler]

Hi,
I would like to use pve to install servers for lawyers.
Physicals servers in the office.

I have tested yet the installation of several vm for AD dhcp, domain controllers; files server, nextcloud and the use of the service of guacamole from Apache.

In first time, Il will install a cluster of two servers for a begin of HA.

But I have never install reverse proxy before. It seems NGINX is the one to use.

My question is, do i install NGINX on a new Debian VM dedicate to it or directly on pve?
I don't think the second option is the good one because if the host machine fall down, as the IP adress of the nginx server is linked with the IP Public, I will not have access anymore to my webservices from outside, won't I?

In that way , is the VM the best solution?

Regards

 

[toomanylogins]

Install opnsense as a vm and this is the firewall to the public iP. Opnsense has a nginx add on which is perfect to route to other vm's.
Works great.
Paul

 

[Dunuin]

OPNsense can also be run HA using pfsync, you could setup multiple DMZs for better security and there are additional plugins like suricata for intrusion detection/prevention and so on. So with two synced OPNsenses on different nodes a faiiling server wouldn't be a problem as when the master OPNsense VM becomes unresponsive the backup OPNsense will take its place within a second without any downtime or disrupted connections.

And you can have a look at haproxy (OPNsense by the way got a haproxy plugin too).

And you should have a look at keepalived which can be useful in many cases where you need failoner for services. Should also work with a nginx proxy.

And keep in mind that you don't got quorum with just 2 PVE node. So you might want to have atleast a small third host as a qdevice.

In general I would run as much as possible in guests and not directly on the host, so if something causes troubles it will only effect the VM and not the whole host. And its way easier to rollback/restore a snapshot/backup of a VM than setting up everything again the PVE host.

 

[dpailler]

Thank you for your answers,
the configuration of the Office is a sublease so the infrastructure network preexists.
As I suspect our lan would be a vlan... or not!
The guy who administrate the network has answered at the question if I can have my own DHCP:"Yes (we will disable DHCP on the dedicated network)" so VLAN??
The internet access seems to be with an only Public IP (which is free and that I can use).
So, I have taken a look at opnsense, but the configuration seems to be linked with the hardware of the network interface and necessity to have 2 Public IP.
As my project of ha configuration have in summary 3 PVE for the ha and a PBS, as I need 4 redirections of website , I think Opnsense is too complet or complex for my project .
In Proxmox I have read the Notion of container and , in the list there is Nginx. So If I install this container on my first pve, can it be replicated as the vm and managed as them in ha?

Thx for your help and lights!