how to setup proxmox with nginx as reverse proxy

The setup of nginx is basically the same as described here, but some additional directives have to be configured to make Websockets, used for the noVNC console, work: cat /etc/nginx/sites-available/proxmox map $http_upgrade $connection_upgrade {     default upgrade;     ” close; } server {     listen [::]:443 ssl;     server_name YOUR-FQDN-HERE;     ssl on;     ssl_certificate […]

how to get the real visitor ip for cloudflare users in nginx

getting the real visitor ip for cloudflare users in nginx is easy: 1) add a new config file like so: sudo nano /etc/nginx/conf.d/cloudflare.conf #CloudFlare set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 104.16.0.0/12/22; set_real_ip_from 108.162.192.0/18/22; set_real_ip_from 131.0.72.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 162.158.0.0/15; set_real_ip_from 172.64.0.0/13; set_real_ip_from 173.245.48.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 190.93.240.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 199.27.128.0/21; set_real_ip_from […]

how to setup nginx as a reverse proxy

Setting up a reverse proxy using nginx is easy: for this how-to i will use debian 1) install nginx: sudo apt-get install nginx 2) remove to default config (or move somewhere else for reference): sudo rm /etc/nginx/sites-enabled/default sudo rm /etc/nginx/sites-available/default 3) copy your certificates to the machine or generate some if using self-signed certificates, for […]

how to mount host directories inside a proxmox lxc container

Proxmox supports the creation of custom mountpoints inside a lxc container straight from the proxmox container .conf file: locate your container conf file under /etc/pve/lxc/<ID>.conf and add the following: mp0:/mount/point/on/host,mp=/mount/point/on/lxc mp1:/another/mount/point/on/host,mp=/another/mount/point/on/lxc thats it! edit: another way, in the same file, as pointed out in the comments is: lxc.mount.entry: /bkup bkup none bind,create=dir,optional 0 0 This method […]

how to enable tun/tap inside lxc

To enable the tun/tap interface in a lxc container – eg. for Openvpn – one needs to edit the lxc configuration file. Its default location for all containers is: /etc/lxc/default.conf and you have to add: lxc.cgroup.devices.allow = c 10:200 rwm This works in Proxmox 4.2, too. note: be aware that the config file above applies […]

archive server with freenas and SMR drives

i decided to build an archive server to store huge amounts of static data, for this reason i decided to get the best price/gb drives and build an raid5/6 from them. It turned out the drives are seagate archive hdds with 8tb capacity and SMR. Having had a bad time with seagate drives (Desktop) i […]

proxmox, a side project

After the pfsense router upgrade i installed proxmox on the retired AMD E-350D with 16GB DDR3 RAM, which is a debian based distro aiming to provide a virtualization platform and is accessible via web ui. The concept of linked clones is nice to see – in vmware esxi this is only supported for VDI deployments […]

vmware esxi, part2

With lots of new services that run on my vmserver it was time for an upgrade, but this time i didnt want to do a forklift upgrade as the server still was potent enough and i wanted to test cluster features. I ordered the same build as the existing one to keep maximum compatibility and […]

vmserver upgrade

With the change to ZFS for my storageserver i decided to also change my vmfileserver to ZFS for the same benefits. But there is more: i decided to change the mainboard and cpu to some celeron i had lying around from some testserver, go with raid10, add an L2ARC with 2x 120GB Samsung SSDs and […]

new server for storing vm images

As my Virtualization environment grows i decided to go for shared storage (via NFS async) with a dedicated vmfileserver. I decided to go with raid5 for the start as raid10 would be far better performance wise because most vm access is random IO, but i wanted a bit more space to experiment with everything. I just […]

storageserver software change

After reading more about bit-rot and how to prevent it i stumbled upon ZFS and BTRFS. Both offer block-level checksums so if your pool consists of mirrors or is parity based you can recover from such bit-rots with the normal raid recovery process of copying from the correct mirror or reconstructing from parity. For ZFS […]

expanding the storageserver

When my amount of data reached ~9TB i decided its time for an upgrade, and reading about optimal numbers of disks for raid5/6 i decided to go with 8+1/2 depending on raid5/6 which means a total of 9 or 10 disks with a usable capacity of ~24TB i upgraded to 10 disks with raid6, because […]

building my first storageserver

Initially i only had some encrypted external USB HDD’s, but having no money for an extra backup of the data (not critical, but i dont want to lose it), i decided to go with raid5. I knew of the possible problems regarding URE during rebuild, but after various test rebuilds using real HDD’s in combination […]

vmware esxi, the beginning

My journey to virtualization began with vmware in 2012, at first just with the vmware player but later on with esxi (5.0). At that time my whole concept was a single “server” using direct attached sata disks for storage and using a single network adapter for network connectivity. The setup was a small AMD E-350D […]