IPv4 address is becoming rarer by each day. In some cases, it can be pretty hard to get multiple IPv4 address for your Proxmox server.
Thankfully, Proxmox is basically a Debian Linux OS with Proxmox layer on top of that. So that gives us quite a lot of flexibility.
This tutorial will help you to create a fully functional Proxmox server running multiple containers & virtual machines, using only a single IPv4 address.
These are the main steps :
- Create port forwarding rules
- Make sure it’s executed automatically everytime the server is restarted
- Setup a reverse-proxy server : to forward HTTP/S requests to the correct container / virtual machine
- Setup HTTPS
For CT (container) / VM (virtual machine) that contains webserver, point 3 is important – because there’s only one public IP address, so there’s only one port 80 and 443 that’s facing the Internet.
By forwarding port 80 and 443 to a reverse-proxy in a CT, then we’ll be able to forward incoming visitors, by hostname / domain name, to the correct CT/VM.
1. CREATE PORT FORWARDING RULES
Modify the following to match your host’s interface name & CT/VM’s internal IP addresses, then copy-paste to terminal :
###### All HTTP/S traffic are forwarded to reverse proxy iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.50.1:80 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.50.1:443 ###### SSH ports to each existing CT/VM iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 10.10.50.1:22 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 10.10.50.2:22 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 10.10.50.3:22 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22104 -j DNAT --to 10.10.50.4:22
Then we save it :
iptables-save > /etc/iptables.rules
2. EXECUTE IPTABLES AT SERVER RESTART
Edit /etc/network/interfaces file, find your network interface name that’s facing the Internet (in my case, vmbr0) – then add the pre-up line as follows :
auto vmbr0
pre-up iptables-restore < /etc/iptables.rules
3. SETUP REVERSE-PROXY
In a CT, install Nginx. Then for each domain, create a configuration file like this, for example: /etc/nginx/sites-available/www.my_website.com :
server {
listen 80;
server_name www.my_website.com;
location / {
proxy_pass http://10.10.50.2:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}To activate it (assuming you’re using Ubuntu) link it to /etc/nginx/sites-enabled/ , then restart Nginx :
ln -s /etc/nginx/sites-available/www.my_website.com /etc/nginx/sites-enabled/www.my_website.com /etc/init.d/nginx restart
note: as noted before, all HTTP/s traffic will have to go through this reverse-proxy. You may wish to tune this Nginx installation accordingly.
4. SETUP HTTPS
It’s very easy with Let’s Encrypt once you’ve done point 3 above. Do the following on the reverse-proxy CT :
sudo apt-get update ; sudo apt-get install -y certbot python3-certbot-nginx sudo certbot --nginx sudo /etc/init.d/nginx restart
Reference:
Thanks for sharing nice information. keep up great work
Chord Lagu
media artikel bermanfaat
Great Article. You have beautifully articulated it. Readers revisit only if they found something useful. So the core formula is to provide value to the readers. Also, Title is very important.
Thanks & Regards
thankyou for the information, dont forget to visit
Chord Lagu
Kunci Gitar
Nice info, thanks for share Kopi Terbaik Paid Promote Jual Batu Akik Batik Tulis Video Viral
Nicely Explain Thanks
I recently used the customwritings.com coupon I found on essaypromocodes.net and I was truly blown away by the speed of delivery. I was expecting to receive the essay within the week, but I was pleasantly surprised to find the essay in my inbox within hours. I would highly recommend essaypromocodes.net for anyone looking for a timely essay.