IPv4 address is becoming rarer by each day. In some cases, it can be pretty hard to get multiple IPv4 address for your Proxmox server.
Thankfully, Proxmox is basically a Debian Linux OS with Proxmox layer on top of that. So that gives us quite a lot of flexibility.
This tutorial will help you to create a fully functional Proxmox server running multiple containers & virtual machines, using only a single IPv4 address.
These are the main steps :
- Create port forwarding rules
- Make sure it’s executed automatically everytime the server is restarted
- Setup a reverse-proxy server : to forward HTTP/S requests to the correct container / virtual machine
- Setup HTTPS
For CT (container) / VM (virtual machine) that contains webserver, point 3 is important – because there’s only one public IP address, so there’s only one port 80 and 443 that’s facing the Internet.
By forwarding port 80 and 443 to a reverse-proxy in a CT, then we’ll be able to forward incoming visitors, by hostname / domain name, to the correct CT/VM.
1. CREATE PORT FORWARDING RULES
Modify the following to match your host’s interface name & CT/VM’s internal IP addresses, then copy-paste to terminal :
###### All HTTP/S traffic are forwarded to reverse proxy iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 10.10.50.1:80 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 10.10.50.1:443 ###### SSH ports to each existing CT/VM iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22101 -j DNAT --to 10.10.50.1:22 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22102 -j DNAT --to 10.10.50.2:22 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22103 -j DNAT --to 10.10.50.3:22 iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 22104 -j DNAT --to 10.10.50.4:22
Then we save it :
iptables-save > /etc/iptables.rules
2. EXECUTE IPTABLES AT SERVER RESTART
Edit /etc/network/interfaces file, find your network interface name that’s facing the Internet (in my case, vmbr0) – then add the pre-up line as follows :
auto vmbr0
pre-up iptables-restore < /etc/iptables.rules
3. SETUP REVERSE-PROXY
In a CT, install Nginx. Then for each domain, create a configuration file like this, for example: /etc/nginx/sites-available/www.my_website.com :
server {
listen 80;
server_name www.my_website.com;
location / {
proxy_pass http://10.10.50.2:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
To activate it (assuming you’re using Ubuntu) link it to /etc/nginx/sites-enabled/ , then restart Nginx :
ln -s /etc/nginx/sites-available/www.my_website.com /etc/nginx/sites-enabled/www.my_website.com /etc/init.d/nginx restart
note: as noted before, all HTTP/s traffic will have to go through this reverse-proxy. You may wish to tune this Nginx installation accordingly.
4. SETUP HTTPS
It’s very easy with Let’s Encrypt once you’ve done point 3 above. Do the following on the reverse-proxy CT :
sudo apt-get update ; sudo apt-get install -y certbot python3-certbot-nginx sudo certbot --nginx sudo /etc/init.d/nginx restart
Reference: