Unable to use public FQDNs to connect to PVE, VMs and CTs

[slayoffer]

Hello, friends.

I have been struggling with this problem for about 3 days now.

Have started using Proxmox as my HomeLab for study experiments about a week ago. It doesnt have any private/secure stuff on it, so i will share all the details below.

I have a public static ip 95.154.71.237.

I also have FQDNs devcraft.app and pve.devcraft.app with DNS A records set to 95.154.71.237.

My PVE runs at local IP 192.168.1.38 via WiFi. It also has vmbridge ip set to 10.0.0.1 for VMs and CTs to be accessible via internet. So my vms, cts, have ips starting with 10.0.0.2.

PVE dashboard is accessible with 192.168.1.38:8006, 10.0.0.1:8006, 95.154.71.237:8006 and just 95.154.71.237.

PVE, VMs and CTs - all have internet access, can ping anything from them and they can be pinged themselves, can be updated, etc.

One CT has public Plex running on it without any issues on 95.154.71.237:32400.

You can also access my VMs Apache webserver with http://95.154.71.237:8080/

So my biggest problem is that im unable to set domain name pve.devcraft.app for Proxmox host and connect to it using this domain instead of 95.154.71.237:8006

Here is my /etc/hosts:

127.0.0.1 localhost.localdomain localhost
# 192.168.1.107 pve.devcraft.app pve
192.168.1.38 pve.devcraft.app pve
95.154.71.237 pve.devcraft.app pve

I have commented out LAN IP which was given to PVE right after installation, as its impossible to install Proxmox via WiFi.

PVE hostname is pve

/etc/nftables.conf:

#!/usr/sbin/nft -f flush ruleset table ip nat {        chain postrouting {                type nat hook postrouting priority 0; policy accept; masquerade        } }

/etc/network/interfaces (set for NAT):

auto lo
iface lo inet loopback

auto vmbr0
iface vmbr0 inet static
     address 10.0.0.1/24
     bridge-ports none
     bridge-stp off
     bridge-fd 0
 
# Plex CT forwarding
post-up iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 32400 -j DNAT --to 10.0.0.2:32400

# VM SSH forwarding
post-up iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 2223 -j DNAT --to 10.0.0.5:22

# VM 80 forwarding
post-up iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 8080 -j DNAT --to 10.0.0.5:80

I have tried to install Nginx on PVE host and set the following config:

server {

        listen 80;

        server_name pve.devcraft.app;

        location / {

        proxy_pass https://10.0.0.1:8006$request_uri;
        }
}

But it doesnt work. Trying to connect with pve.devcraft.app gives ERR_CONNECTION_FAILED error.

BTW when i try to SSH using ip 95.154.71.237 or pve.devcraft.app domain it works without any problems.

Thanks for your time.

 

[Moayad]

Hello,

But it doesnt work. Trying to connect with pve.devcraft.app gives ERR_CONNECTION_FAILED error.

Regarding the Nginx, maybe you have to set the certificates (see below link [0]). You can also add the domain on the IP 10.0.0.5:80 to the same config, then should work.

[0] https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

 

[slayoffer]

Hello,


Regarding the Nginx, maybe you have to set the certificates (see below link [0]). You can also add the domain on the IP 10.0.0.5:80 to the same config, then should work.

[0] https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

Thanks a lot Moayad!

Im not there yet, but looks like we have some progress already. I have followed the guide at https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

Now it at least has some traction and gives SSL error. I have attached error screenshot.

This is how my nginx config looks now:

upstream proxmox {
    server pve.devcraft.app;
}
 
server {
    listen 80 default_server;
    rewrite ^(.*) https://$host$1 permanent;
}
 
server {
    listen 443 ssl default_server;
    server_name pve.devcraft.app;
    #ssl on;
    ssl_certificate /etc/pve/local/pve-ssl.pem;
    ssl_certificate_key /etc/pve/local/pve-ssl.key;
    proxy_redirect off;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://localhost:8006;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
}

server {

        listen 80;

        server_name pve.devcraft.app;

        location / {

        proxy_pass https://10.0.0.1:8006$request_uri;
        }
}

As for proxy_pass to 10.0.0.5:80, it is a VM ip and i dont want domain name there yet.

 

[slayoffer]

Issue solved.

Thanks to Moayad for the right guidance.

I didnt change anything else in the Nginx config.

All i did was that i installed nginx certbot and issued SSLs for my domain name. Certbot corrected my nginx config and everything is working now!

Btw the guide mentioned comes with deprecated settings, so better use mine starter config for nginx.

apt update

apt install python3-certbot-nginx

certbot --nginx -d pve.devcraft.app -d www.pve.devcraft.app

certbot renew --dry-run

Please mark this topic as solved.

Next step will be to set up domains for VMs and CTs through my WiFi NAT.