May I say that… as arrangement could work? But OwnCloud should push backup to Nextcloud not the other way around… Nextcloud could have a valid certificate… 
LE: It still can be done - working for BOTH servers!
- On your Nethserver, use a named based virtual host for the second server, pointing that name to the IP of the second server.
- Set the virtual host on NethServer to handle all SSL for the second server.
- Use that defined alias, eg owncloud.domainname.tld as an Alias in NethServer’s LetsEncrypt configuration.
The toughest bit: moving the SSL certs to server 2!
Enable root ssh access (trustedhosts !) from your nethserver to your second server.
Using something like this script (started everytime NethServer updates it’s LE cert!). Adapt paths and targets as needed.
(Taken from here: Howto install NethServer as Samba AD domain controller v0.2, use search for the exact point!)
touch /etc/e-smith/events/certificate-update/nsdc-cert
nano/etc/e-smith/events/certificate-update/nsdc-cert
and copy the following (adapted!) contents to the newly created file:
#!/bin/bash
cp -f /etc/pki/tls/private/localhost.key /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
cp -f /etc/pki/tls/certs/localhost.crt /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
chmod 600 /var/lib/machines/nsdc/var/lib/samba/private/tls/key.pem
chmod 644 /var/lib/machines/nsdc/var/lib/samba/private/tls/cert.pem
This should do:
Copy over both relevant certs to your second server (owncloud)
Restart the relevant apache services on the owncloud server.
This should work!
I use this to allow my AD to have a correct LE cert, as certain AD enabled Apps (In my case a JAVA one) needed a valid SSL cert on the AD itself!
My 2 cents
Andy
1 Like
@Andy_Wismer
Sorry for the late reply but I ran into some problems…
I’m still looking for a solution for saving to owncloud, but without a certificate it won’t work. And I can’t register two domain names for one IP address…
I read what you suggested, but if I understand correctly, you recommend that I run the server running owncloud as a virtual host on Nethserver. I don’t think this is a good idea, because then the Nethserver practically went on its own…
I’m already confused about the rest of the description… There should be a better solution.
Not quite correct…
Owncloud is already running, just without SSL. Keep it that way!
- Nethserver does LE SSL validation for both Servers, Nethserver and Owncloud Server.
- NethServer uses Name based Reverse Proxy (On Apache, built in) to forward requests to owncloud.domainname.tld (Whatever name you prefer…)
- In the Reverse Proxy, you can specify the SSL is handled by NethServer, owncloud is accessed internally via IP, no SSL!
- To certify both hostnames for LE, use an alias for owncloud.domainname.tld in the LE request.
- To make things “clean”, proper and correct, I’d also suggest adding in a few DNS entries, especially for the NethServer and the Owncloud-Server. This on your Nethserver…
- Ports 80 and 443 must both point to NethServer. Owncloud can only be accessed by Reverse Proxy on NethServer from external Internet.
Hope this classifies things for LE / Reverse Proxy…
My 2 cents
Andy
1 Like
I understand that, but if Nethserver stops, will owncloud not be available?
If I set the owncloud certificate and it cannot be verified, is it not available or am I wrong?
If your site has any SPOF (Single Point of Failure) you may need to calculate that in.
EG: Your firewall breaks down, both become unaccessible.
Why create a headache for absolutely NO advantage?
A self-created SSL cert is nowadays hardly usable, so why bother?
On any modern smartphone, you can probably still manually override the warning, but it’ll only work for a few days or weeks… Not worth the trouble, especially since LetsEncrypt is free and works well!
My 2 cents
Andy
You’re absolutely right. If Nethserver isn’t running, I can’t even save from it.
However, owncloud is not just for backup purposes. I store approx. 6 TB of data (documents, pictures, drawings, etc.) which I have to access remotely even if the Nethserver is not running or its certificate cannot be checked, therefore it is not possible to connect to it…
It might be a good solution, but maybe it should be run on the router?
That’s where this comes in…
As your environment doesn’t encompass a full fail-over or redundancy, that’s a risk one must take.
Good (and fast backups / restore) help with good availability. Better would be using full virtualization, but that entails higher overhead (costs).
A manual change of port forwarding to the Owncloud-server would help during a NethServer downtime.
In my experience with NethServer - now all virtualized, before also with hardware installations, i can only say Nethserver is very rock solid!.
All of my 30 clients have NethServer running as AD and other services in House. All use LetsEncrypt. During the last 3-4 years (using LetsEncrypt on NethServer), I’ve only had to manhandle a couple of servers (once each), but maybe 5 servers…
And usually a short issue, erasing the existing LE certs, emptying the folder and recreating the LE request.
Often the issue was caused by an outage during updating. Not all clients have a UPS - and not all have Internet FailOver either…
I’d try out the solution as suggested, YMMV (Your mileage may vary), but you’ll find it works fairly rock solid. (Depending on your hardware and internet connection (stability, quality).
My 2 cents
Andy
If I could get rid of virtualized Windows, I could use a simple VPS in a server hosting. Then the backup to owncloud would not be a problem because then only owncloud would need a certificate…
Unfortunately, I won’t be able to remove virtualized Windows until next year, but I should already be placing my Nethserver in server hosting this month. However, now the availability of Windows virtualization via VPN does not work. There are more small problems, but I am constantly working on them.
Everything is starting to fall apart…
I’m running a “cloud” based environment hosted by Hetzner (A german hoster), but in their site in Finland.
I’m using a full server (Ryzen based) and am running Proxmox on it.
Inside Proxmox, I run my NethServer, a virtual OPNsense firewall and two Windows VMs, for using Remote Desktop.
Note: Even though the firewall is virtualized, if it needs a reboot, it’s accessible via VPN in about 2-3 Minutes. All ROCK Solid !!!
But a full server costs a bit more than a VPS…
If you’re interested and need some help for this, drop me a PM…
The PI-Hole in the Network image above is using my SSL solution I suggested. In itself, the PI-Hole has no SSL. This is provided for by one of the NethServers, and the NethServer also handles the LE requests for both (NethServer and PI-Hole).
@Andy_Wismer
I’m interesting into Proxmox and have a few questions.
For me, OPNsense is not important because I use my own router (Mikrotik).
Do all of the icons in the picture you attached represent an independent virtualized host and operating system?
What hardware are you using?
Hi @steve
I have about 30 clients, all using Proxmox and NethServer (as VM). As you can imagine, I do have a prefered Server supplier (HPE), but as in real live, it’s not always as planned…
This client needs a new Proxmox server, the old one got “killed” by lightning while the UPS was being replaced. Proxmox is at the moment running on a Mac Mini (Intel) server with an i7 and 16 GB RAM and only a single NIC… But it’s only temporary, I can’t run all needed VMs at the moment… UPS is handled by a Raspberry PI as NUT server.
This is a doctor’s practice. There’s a new HPE Server, the old Server is now used as PBS (Proxmox Backup Server). UPS is handled by a Raspberry PI as NUT server. There are also X-Ray devices (These aren’t really virtual, these are the real thing!).
Hardware here:
This is a financial services company (called Treuhand in german). The older Novell Netware servers are still running (Just for audit reasons), still running in VMWare. The VMWare Hypervisor is a virtualized Hypervisor running in Proxmox!. UPS is handled by a Raspberry PI as NUT server.
This client uses a new HPE server, and an old one is still active (10 years old now!). Replacement of the old server is in planning. This client also uses PBS.
These are a few examples to show Proxmox can easily be used for almost everything!
The earlier image I sent is a Hosted environment I use for myself.
Here’s another hosted environment, also used for my clients:
The hardware specs:
Disks: All NVME !
CPU: A decent CPU for such a box!
The “hosted” environments use a virtual VM running OPNsense as virtual firewall / router.
If I need to reboot the Proxmox, it takes 2-3 minutes, and the Proxmox inkl. Firewall and VPN are accessible.
All shown symbols represent either Hardware (Proxmox and PBS server), or a virtual host running as server or PC…
For your choice of applications / servers, I’d suggest the following:
- ZoneMinder - Depends on recording quality and amount of cameras. Do not underestimate 4 cameras recording HD! (Also for storage if on the same box)
- TVheadend - This can use CPU (Also for storage if on the same box)
- Serviio DNLA - No idea about usage
- Owncloud (Nextcloud) - 8 GB RAM and 4 (better 8) cores
- Home Assistant 4 GB RAM and 4 cores. I’m running a virtual HA at home for testing, my productive HomeAssistant runs on a 4 GB Raspberry!
- Nethserver 8 GB RAM and 4 (better 8) cores
Consider these valuse on the lower, but working end!
Very good performance is with 16 GB RAM, and 8 cores. (This is also valid for Windows systems - 32 GB RAM and 16 cores were actually slower for a 2022 server!)
Note: I use NethServer (For Home and my clients) for a lot of services, among them: AD, Files, Print, Mail, NextCloud, Guacamole, Zabbix Monitoring, Mesh Central and more!
The Zabbix (Monitoring) can use quite a bit of RAM / Diskspace - don’t underestimate. I usually do a reorg of the database every 6-12 months, depending on size of the network.
A small note: Proxmox will install on almost everything which has 4 GB RAM available. I’ve even installed Proxmox on a small PCengines router box (4 CPU cores, 4 GB RAM and a 120 GB SSD), and also installed Proxmox on a 8 GB RAM Raspberry PI!
I hope this helps in your planning and sizing of required hardware!
My 2 cents
Andy
This is a pretty serious solution…
I would be interested in what hardware is required for the following solution:
ZoneMinder
TVheadend
Serviio DNLA
Owncloud (Nextcloud)
Home Assistant
Nethserver
and much more…
These are serious pieces of hardware. 16-24 CPU cores… Unfortunately I only have one CPU with 4 cores and 8 threads…
Zoneminder is very CPU and RAM demanding because it has 18 Full HD cameras. TVheadend uses 4 tv tuners to record up to 20 streams with ffmpeg and broadcast IPTV streams on the network. Serviio DNLA provides a movie library for TVs, but it transcodes the movies with ffmpeg. Other services are added to this. The CPU sometimes spins quite a bit…
Maybe I should change the server, but I can’t find anything better than my old Dell R210 II server because they are all so big that they don’t fit in the 600x600 rack cabinet at home…
I hope there will be a solution for it…
Well, I did write that both Zoneminder and TVHeadend can be quite CPU intensive. Besides the CPU, both need resources for storing the file, and the continious access during transcoding causes a lot of Overhead due to storage. (Think Interrupts during storage!).
A good friend of mine is using 4-6 Raspberries with TVHeadend, storage is done on a Synology NAS.
At home I also have a HPE Microserver Gen10 Plus with a 4-core CPU (No Hyperthreading!) and 32 GB RAM.
I also have some friends using a HP Microserver Gen8 with a max of 16 GB RAM.
It’s not always and everyone who have a budget of “I just won the EuroBillions lottery!”…
(And the lottery is still called EuroMillions - not Billions!)
A good choice may be a self built server using a custom board (Ryzen?) in an appropriate casing.
A friend built a Proxmox server using one of these boards:
https://www.mini-itx.com/~C3758D4I-4L
Basically an Atom CPU!
I installed that server via Remote. To tell the truth, I never thought an Atom as a “Server” CPU, but I must say, I was quite impressed with tha power available. Installing NethServer went quite fast, so did OPNsense… This board supports up to 128 GB RAM, and has about ten connectors for disks!
As always, YMMV (Your mileage may vary!).
Proxmox does a very good job of virtualizing the hardware, and making the resources available for multiple virtual hosts.
I’ve seen people allocate dedicated NICs to VMs - a really bad idea, as you only get a max of the NIC speed. Using VirtIO, you can get 10 GBE speeds on almost all current OSs, Some even give you 100 GBE! A Windows VM displaying 100 GBE (I read 100 MB/S) caused me to waste 3 hours reconfiguring virtual networking, until I discovered my error in reading!
A Windows Workstation with 100 GB/S Ethernet - and the server also virtualized (But only 10 GB/S!) makes for nice transfer speeds!
Where more than one Proxmox is used, I often use “Shared Storage” (Mostly on NAS with RAID10, today I’d use ZFS!). This makes for very fast live migration, under 90 seconds using 1 GB/S Ethernet speeds on a dedicated “Storage” network with a seperate, dedicated cluster network (Also 1 GB/S).
In single Proxmox environments, shared storage doesn’t provide much benefits (Except from less load on the Hypervisors CPU during storage access.). Good IO capabilities from the board are more important!
Generally:
2 small SSDs for System, in ZFS Mirror
2 larger SSDs in ZFS Mirror as Storage for VMs, or several such Mirrors (Seperating System, & Storage of the VMs for example).
Are very good considerations.
ZFS means you should NOT use any built in RAID Hardware - I remove any RAID cards and use simple SATA or SAS connections to the controller.
Proxmox features:
- Fast Live Migration or even full High Availability Cluster (All free!)
- Live Backups for all OS - with PBS even extremly fast incremental Backups…
- Simple licensing - you don’t feel like you want a simple coffee and you get stuck with an overloaded Starbucks style menu…
- Enterprise class management, incl. very fine grained group permissinos
And much more!
I used to be an avid VMWare ESXi user, using VMWare since 1999. In 2015, I started using Proxmox, soon migrated my clients one by one to Proxmox and have NEVER regretted it!
The illustrated “Hosted” environment with Ryzen CPU and 128 GB RAM, all NVME takes about 1 hour to do backups of all VMs (19 VMs and LXCs - more VMs than LXCs…). Transfer from the cloud to my home (Another PBS) takes about an hour for the backups. The target server is a HP Proliant Microserver Gen8 with 16 GB RAM, a 120 GB SSD for system and two 6 TB SATA disks for storage, all in ZFS!
My 2 cents
Andy
PS: I’ve also seen real IT people allocate 3 cores for a VM! Where do these people get the idea of 3 cores? There has NEVER existed any SMP multiprocessing platform with an uneven number of CPUs/cores !
I’ve also seen network administrators building in NICs into Proxmox, just to allocate 2 1 GB/S NICs for BONDING instead of using VirtIO NICs (10 or 100 GB/S!) and providing Proxmox with a couple of decent NICs!
Both provide for less performance!
Thank you for the information and advice.
Soon I will have some time and I will install a test Proxmox environment and then I will see how I will be able to use it…
Before that, I still need to find out how to integrate my DSC Neo alarm center into the Home Assistant.
1 Like
Hi
I don’t think you’ll regret it…