Proxmox virtual lab with NethServer


(Sgt_Wirehead) #21

Bump,

Any one willing to help out? please :sweat_smile:


(Markus Neuberger) #22

Please post your reverse proxy config. You only need port forward from your router to your nethserver. From there it should work with reverse proxy.

Docs:

http://docs.nethserver.org/en/v7/proxy_pass.html#proxy-pass-section

http://docs.nethserver.org/en/v7/ui/ProxyPass.html#proxypassui-section


(Sgt_Wirehead) #23

Thank you for the reply Markus

here is my proxypass…

# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
# 
#
# 10base
#
SSLProxyEngine on
# ProxyPass: luxurycleaningservices
# Description: luxurycleaningservices.ath.cx
ProxyPass	/luxurycleaningservices	http://192.168.2.10
ProxyPassReverse	/luxurycleaningservices	http://192.168.2.10
<Location /luxurycleaningservices>
    SSLRequireSSL
</Location>

was not sure about virtual hosts but here it is as well

# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
# 
#
# Default virtualhost for proxypass
#
<VirtualHost *:80>
    IncludeOptional conf.d/default-virtualhost.inc
</VirtualHost>



# 
# Virtual Host luxurycleaningservices.ath.cx - *:443
# Description : luxurycleaningservices.ath.cx

<VirtualHost *:443>

    ServerName luxurycleaningservices.ath.cx

    # forcessl_redirect
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]

    #20ssl_engine
    SSLEngine On


    # Reverse Proxy (with exclusion of local Letsencrypt challenge path)
    ProxyPassMatch ^/.well-known/acme-challenge/ !
    ProxyPass  / http://192.168.2.10/ max=3 retry=30
    ProxyPassReverse / http://192.168.2.10/

   ProxyPreserveHost On

    <Location "/">
      <RequireAll>
        Require all granted
        SSLRequireSSL
      </RequireAll>
    </Location>

</VirtualHost>


# 
# Virtual Host luxurycleaningservices.ath.cx - *:80
# Description : luxurycleaningservices.ath.cx

<VirtualHost *:80>

    ServerName luxurycleaningservices.ath.cx

    # forcessl_redirect
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]



    # Reverse Proxy (with exclusion of local Letsencrypt challenge path)
    ProxyPassMatch ^/.well-known/acme-challenge/ !
    ProxyPass  / http://192.168.2.10/ max=3 retry=30
    ProxyPassReverse / http://192.168.2.10/

   ProxyPreserveHost On

    <Location "/">
      <RequireAll>
        Require all granted
        SSLRequireSSL
      </RequireAll>
    </Location>

</VirtualHost>

(Markus Neuberger) #24

Please try it with a virtual host reverse proxy instead of a path or manual config:

In this case the proxypass.conf has no entry, anything is in virtualhosts.conf


(Sgt_Wirehead) #25

Thanks Markus, still getting

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

I have rebooted the webserver, Neth Server and this proxmox node checked the port fowards in the ruter there fine as well with no luck,

I have no idea what I am doing wrorng, somthing is failing somewhere I just cant seem to put my finger on it. :sweat_smile:


(Markus Neuberger) #26

This can have several reasons, i.e. database on webserver not running.

Can you reach the site you want to reach over reverse proxy from another device directly?

What if you browse to the site with IP instead of hostname?

You may try to reverse proxy to another webserver and see if it works. Maybe webserver1 has a problem.

Please post the output of following commands to check your config:

db proxypass show

db vhosts show

What kind of website do you want to reach on webserver1?


(Sgt_Wirehead) #27

well Markus,

The webserver1 is a Turnkey Linux virtual appliance running Odoo you can find the appliance here…
https://www.turnkeylinux.org/odoo

Turnkey Linux have been doing an awesome job of producing pre-built virtual appliances.

It has been working fine with no issues i can port forward to it with the router and the world can see it. I can see it with its ip address internally as well.

when i use Neth Server as the gateway and the external ip address i get the default NS page "Congratulations, your NethServer installation is up and running! "

when i use the domain name i get the “Service Unavailable”

Seems to be a breakdown in communication between the NS and webserver1 TKL appliance its the same for webserver2 though a generic browser error message, i have tested with Firefox, Chrome and Internet Explorer all error.

I did notice during testing that NethServer was not configuring the DHCP correctly for both web servers by omitting to add the a gateway address, is this normal? I have been locking the IP address reservation in the DHCP IP address reservation section as each server appears there.

db proxypass show
luxurycleaningservices.ath.cx=VhostReverse
CertVerification=yes
Description=luxurycleaningservices.ath.cx
HTTP=yes
HTTPS=yes
PreserveHost=yes
SslCertificate=
Target=http://192.168.2.10
ValidFrom=

db vhosts show
Nothing to display


(Sgt_Wirehead) #28

After an update and reboot last night i now have no working lan.

when i ping from a lan pc it fails with 100% packet loss

I am starting to lose faith with NS is there an alternative opensource system that actually will work? or can NS actually work as all i have is troble with it :frowning:

nw02


(Rob Bosch) #29

The first thing I question is you have a RED and a GREEN interface on the same subnet.
I think you should recap your network settings.
Please make a scema first of what you would like to do, then implement this in ProxMox.
Make sure you do not combine different subnets. Also do not combine different roles on the same subnet.


(Sgt_Wirehead) #30

Hi Rob,

My Proxmox network needs to be self contained with no access to the real network only the modem/router for internet, so the virtual self contained network needs its own DHCP, DNS and Reverse Proxy, i will have a separate virtual machine on Proxmox with 2 network adapters one connected to the physical network as this will be running Acronis Backup & Recovery Advanced Server and storing its backups on separate storage machine and the second network adapter connected to the virtual network for collecting backups and management.

so i can not change the settings of the physical network it must stay as is, i can try adding a vlan in the router side of the modem i guess and see if that will allow traffic out to the internet.


(Pedro Sitan) #31

Regards,
I remember I try to do somthing like you network structure, but with proxmox I fail, I not very clear how found the network adapters, but, I can’t create that structure, so, I use hyper-v, I now, It’s microsoft but, it’s help me, thats because it’s so easy create a virtual switch and connect the virtual interfaces to that virtual switch, and then all works fine just with one physical network card.
Just a little recomendation, in your network address never can use this

image

or this

thats are ID networks, not ip address.

If some one know how create something like a virtual switch in proxmox, please, post here, we are here for learn.

sorry for my bad english…


(Sgt_Wirehead) #32

Hi Pedro,

No worries about the English i am use to it :grinning:

I know that Proxmox has Open vSwitch I will have a read and see if its possible to use in this situation as i have no idea how it works.

https://pve.proxmox.com/wiki/Open_vSwitch


(André Wismer) #33

Hi
I am using Proxmox - at least in one case - similiar.
The ProxMox host hast 2 LAN Interfaces, only one is configured on ProxMox, the other defined as a Linux Bridge.
There are PCs / Printers hooked up to the LAN of the ProxMox.
On ProxMox, there is a NethServer running, using the LAN connection as internal LAN, the Linux Bridge of ProxMox connected to a VDSL Bridge as it’s Internet connection. The Nethserver is seen as the Gateway (And as the DHCP/DNS Server) by the client PCs.

-> This is VERY stable!!!

The NethServer also provides Imaging Services with a second Server running FOG-Project (See Articel on NethServer Forum for details on FOG Integration).

ProxMox does NOT use local storage for the VMs, these are stored on a NAS hooked up to a third LAN on the Server, not accessible to anyone. If I need to access or configure that NAS, I temporarily add in a second NIC to a virtual AdminPC, without any routing. That is “Bridged” to the NIC connected to the NAS, giving only that PC access to the NAS. And only when really needed!

I’ve learnt my lesson by having a client (Boss) have Admin access to my storage. When his PC got encrypted, all VMs (Disk files) were encrypted too…
But not my OnSite Backup from the NAS to an older NAS, using a completly different Password, not accessible by anything except Linux. No Mac or Windows Shares…
Only Rsync Access… That saved my Butt!

@geofxgt

The ProxMox “Switch” works just as well as in VMWare or in MS-HyperV.
And is just as easy to setup up. Maybe the different terminology…( I’m running a Windows Server, do I really need a Linux Bridge?)

@Sgt_Wirehead

That’s true, you can’t use a zero “0” as the last figure in an IP Address, that defines the whole Subnet… (It’s a whole Network, not a single IP!!!)

My 2 cents
Andy