==Problem==
Problem: I cannot understand the correct method to securely route traffic from a domain on public ip (reverse-proxy for example) to individual containers or vms.
I like doing all the console configuration early so the ui can take-over updates and maintenance.
Again, I am struggling with host to guest networking.
I like using the web-ui if I can because a picture is worth a thousand words, and it's a nice summary of data.
I can post more config files if needed and also share pictures of the web ui.
Jump to ==Interfaces== if you do not need the fluff pieces.
==Problem==
==Proxmox==
Why Promox?: I decided to consolidate all my server needs into Proxmox LXC or VM. Promox looked easy.
The server is fully update to all latest firmware, bios and Proxmox is already installed an I have a few test guests. I can reinstall if needed.
My old setup spanned 4-7 mini or medium servers at one point.
It was hard to manage and more expensive, but most were plug and play.
Also, different providers had different deals at different times, so bills where all over.
==Proxmox==
==Situation Information==
About Me: Serious Power User, Several Coding Languages, Linux-able and more.... (give me instruction or advice and I am capable of quickly testing/executing them), but my networking configuration skills are poor.
Product: Dell PowerEdge R230
Location: Remote Data Center (no physical access)
idrac Access: Requires vpn and idrac login credentials. (i have access)
Current Host: Proxmox 5.3-8 (newest stable) (i have access & setup)
Current Guests: Debian, Ubuntu, ClearOS (and maybe a Windows or Mac later...) (access but no net)
Public IP Count: 1 (standard ip)
Spec: 8 cores, 8GB RAM, (will upgrade if I can secure and maintain Proxmox)
Plans: Public IP, Firewall, Domain Based Routing (like reverse proxy) to guests, need route from host to guest network, guests will have their own firewall too.
Network: I have recorded the basic networking and routing information of the originally installed Ubuntu server and implemented it on my server.
==Situation Information==
==Interfaces==
The semi-hidden public ip has the same hidden value where 'x' is put.
I would have 'y' for another hidden ip if I had one.
I tried some network tutorials from Proxmox and also debian server/ubuntu server tutorials.
Nothing seemed to get the guests connected.
## begin /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
iface eno2 inet manual
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 1xx.xxx.xxx.248
netmask 255.255.255.224
gateway 1xx.xxx.xxx.225
bridge-ports eno2
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.21.21.254
netmask 255.255.255.224
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
## end /etc/network/interfaces
==interfaces==
==post-script==
If all goes well, I will probably get a subscription at some point. I just need to have proof of concept otherwise I will need to switch to another open source project or go back to waiting and paying for Digital Ocean or some company like that to control everything.
I am quite lost with the host to guest routing. I have ignored firewalls for now, as this is purely for functionality until I can set firewall rules.
==post-script==
Problem: I cannot understand the correct method to securely route traffic from a domain on public ip (reverse-proxy for example) to individual containers or vms.
I like doing all the console configuration early so the ui can take-over updates and maintenance.
Again, I am struggling with host to guest networking.
I like using the web-ui if I can because a picture is worth a thousand words, and it's a nice summary of data.
I can post more config files if needed and also share pictures of the web ui.
Jump to ==Interfaces== if you do not need the fluff pieces.
==Problem==
==Proxmox==
Why Promox?: I decided to consolidate all my server needs into Proxmox LXC or VM. Promox looked easy.
The server is fully update to all latest firmware, bios and Proxmox is already installed an I have a few test guests. I can reinstall if needed.
My old setup spanned 4-7 mini or medium servers at one point.
It was hard to manage and more expensive, but most were plug and play.
Also, different providers had different deals at different times, so bills where all over.
==Proxmox==
==Situation Information==
About Me: Serious Power User, Several Coding Languages, Linux-able and more.... (give me instruction or advice and I am capable of quickly testing/executing them), but my networking configuration skills are poor.
Product: Dell PowerEdge R230
Location: Remote Data Center (no physical access)
idrac Access: Requires vpn and idrac login credentials. (i have access)
Current Host: Proxmox 5.3-8 (newest stable) (i have access & setup)
Current Guests: Debian, Ubuntu, ClearOS (and maybe a Windows or Mac later...) (access but no net)
Public IP Count: 1 (standard ip)
Spec: 8 cores, 8GB RAM, (will upgrade if I can secure and maintain Proxmox)
Plans: Public IP, Firewall, Domain Based Routing (like reverse proxy) to guests, need route from host to guest network, guests will have their own firewall too.
Network: I have recorded the basic networking and routing information of the originally installed Ubuntu server and implemented it on my server.
==Situation Information==
==Interfaces==
The semi-hidden public ip has the same hidden value where 'x' is put.
I would have 'y' for another hidden ip if I had one.
I tried some network tutorials from Proxmox and also debian server/ubuntu server tutorials.
Nothing seemed to get the guests connected.
## begin /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
iface eno2 inet manual
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 1xx.xxx.xxx.248
netmask 255.255.255.224
gateway 1xx.xxx.xxx.225
bridge-ports eno2
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 10.21.21.254
netmask 255.255.255.224
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
## end /etc/network/interfaces
==interfaces==
==post-script==
If all goes well, I will probably get a subscription at some point. I just need to have proof of concept otherwise I will need to switch to another open source project or go back to waiting and paying for Digital Ocean or some company like that to control everything.
I am quite lost with the host to guest routing. I have ignored firewalls for now, as this is purely for functionality until I can set firewall rules.
==post-script==
