We use cookies from third party services for marketing activities and to offer you a better experience. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".


Privacy Preferences

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.

  • Privacy Policy
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
    REQUIRED
  • Content Delivery Network
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
    REQUIRED
  • Youtube (Hosting Video Platform by Google Inc.)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Vimeo (Hosting Video Platform)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Google Ads (Advertisement Delivery Network)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Dailymotion (Hosted Video Platform)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Facebook & Instagram (Social Media)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.





How to Setup Proxmox on Hetzner Dedicated Server

How to Setup Proxmox on Hetzner Dedicated Server

How to Setup Proxmox on Hetzner Dedicated Server

This is second in the series that will end with installing SAP B1 on HANA. The first article was on how to setup a new dedicated Hetzner Server as a base.

Proxmox

Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and easily manages high availability clusters and disaster recovery tools with the built-in web management interface.

The enterprise-class features and the 100% software-based focus make Proxmox VE the perfect choice to virtualize your IT infrastructure, optimize existing resources, and increase efficiencies with minimal expense. You can easily virtualize even the most demanding Linux and Windows application workloads, and dynamically scale-out your computing and storage as your needs grow ensuring to stay adaptable for future growth of your data center.

You can setup Proxmox on any bare-metal server but for the purposes of this article we are assuming that you are using bare-metal/Dedicated server from Hetzner and you have it set it up as mentioned in the previous article.

Server config

As in the previous article we are assuming the following settings:

Hostname

proxmox.example.com

Network details:

Main IP Settings

  • Main IP: 11.11.11.11
  • Gateway: 11.11.11.1
  • Netmask: 255.255.255.192

Additional IP Settings

  • Subnet: 100.100.100.32/28 i.e. IPs from 100.100.100.33 to 100.100.100.46
  • Gateway: 11.11.11.11
  • Netmask: 255.255.255.240

Setup Proxmox

Prepare server

  • ssh into the server where you want to install Proxmox -

ssh [email protected]

  • Update the server to ensure everything is upto date

apt update -y && apt full-upgrade -y && apt autoremove -y

  • If you have logged in using the username and password then it is recommended that you setup SSH-key based authentication as it will be more convenient and also more secure.

    • First log off from the server

    exit

    • Copy the public SSH key of the server from where yo are logging in to the remote server

    ssh-copy-id [email protected] and follow the prompts

    • Once you have successfully logged in to the remote server using SSH key then you can edit the sshd_config file to disable logging using username/password.
     nano /etc/ssh/sshd_config
    
     # in the sshd_config file make the following changes
     PubkeyAuthentication yes
     PasswordAuthentication no
    
  • Make sure that the server has proper host settings

nano /etc/hosts

# This file should look similar to this


### Hetzner Online GmbH installimage
# nameserver config
# IPv4
127.0.0.1 localhost.localdomain localhost
11.11.11.11 proxmox.example.com proxmox
#
# IPv6
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
fcc8:7d20:587f:f1c9:550:ba8d:780b:4771 proxmox.example.com proxmox

Add Proxmox VE repository

echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list

Add Proxmox VE repository key

wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg

chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg

Update the Repository & system

apt update -y && apt full-upgrade -y

reboot

Remove the packages not needed as Proxmox will bring its own version

aptitude -q -y purge firmware-bnx2x firmware-realtek firmware-linux firmware-linux-free firmware-linux-nonfree

Install Proxmox VE packages

apt install proxmox-ve postfix open-iscsi

apt remove os-prober

reboot

You can choose local only for the postfix setup and Use vendor settings… when asked for

Postfix Config Setting

Also choose proxmox.example.com when asked for the System main name in the Postfix config screen

Checking Proxmox

Once your server has rebooted, you can ssh back into and check if Proxmox is properly installed

uname -rv

## you should see the result similar to
5.4.78-1-pve #1 SMP PVE 5.4.78-1 (Mon, 30 Nov 2020 10:57:47 +0100)

# Check if the required modules are loaded
lsmod | grep kvm

## result
kvm_intel             253952  0
kvm                   659456  1 kvm_intel
irqbypass              16384  1 kvm

Remove Enterprise Proxmox Packages

rm /etc/apt/sources.list.d/pve-enterprise.list && apt-get update

Basic Proxmox security

For basic security, you can install fail2ban which will monitor the login attempts into your machine and if there are multiple login attempts from a particular IP Address, that IP Address will be banned for some time. You can follow the steps outlined in https://pve.proxmox.com/wiki/Fail2ban, but in nutshell the steps are:

#install fail2ban
apt-get install fail2ban

#use /etc/fail2ban/jail.conf as a template for configuration
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local

#-----
# add the following settings at the bottom of the jail.local
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600

#-----

#create conf for proxmox in fail2ban
nano /etc/fail2ban/filter.d/proxmox.conf 

#add the following settings
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =

Let’s Encrypt cert

You can now login to Proxmox by going to https://proxmox.example.com:8006 as the system uses self signed certificate, it is recommended to setup Lets Encrypt cert before you log in. For this:

> pvenode acme account register default [email protected]

Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection: 0

Attempting to fetch Terms of Service from 'https://acme-v02.api.letsencrypt.org/directory'..
Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the above terms? [y|N]: y

Attempting to register account with 'https://acme-v02.api.letsencrypt.org/directory'..
Generating ACME account key..
Registering ACME account..
Registration successful, account URL: 'https://acme-v02.api.letsencrypt.org/acme/acct/104920491'
Task OK

> pvenode acme account list
default

> pvenode config set --acme domains=proxmox.example.com

> pvenode acme cert order
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/104900001/6533454314

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/9030000870'
The validation for proxmox.example.com is pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is 'valid', domain 'proxmox.example.com' OK!

All domains validated!

Creating CSR
Checking order status
Order is ready, finalizing order
valid!

Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Task OK

Host Network Configuration

Due to the way Hetzner network works, there is some extra network configuration that is needed, that will allow us to use the additional IPs that we ordered.

For this you need to edit /etc/network/interfaces file

Add the following at the bottom of the /etc/network/interfaces file


auto vmbr0
iface vmbr0 inet static
  address 11.11.11.11  # -- this is your main IP
  netmask 255.255.255.255
  bridge_ports none
  bridge_stp off
  bridge_fd 0
  bridge_maxwait 0
  pre-up brctl addbr vmbr0
  #each additional IP is listed here
  up ip route add 100.100.100.33/32 dev vmbr0
  up ip route add 100.100.100.34/32 dev vmbr0
  up ip route add 100.100.100.35/32 dev vmbr0
  up ip route add 100.100.100.36/32 dev vmbr0
  up ip route add 100.100.100.37/32 dev vmbr0
  up ip route add 100.100.100.38/32 dev vmbr0
  up ip route add 100.100.100.39/32 dev vmbr0
  up ip route add 100.100.100.40/32 dev vmbr0
  up ip route add 100.100.100.41/32 dev vmbr0
  up ip route add 100.100.100.42/32 dev vmbr0
  up ip route add 100.100.100.43/32 dev vmbr0
  up ip route add 100.100.100.44/32 dev vmbr0
  up ip route add 100.100.100.45/32 dev vmbr0
  up ip route add 100.100.100.47/32 dev vmbr0

We also need to setup the server for IP Forwarding and this can be done by editing etc/sysctl.conf file.

#make these following changes
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.send_redirects=0

After editing the above file, Reboot the server for the setting to take effect.

reboot

ISO Locations

Once the server has rebooted, you are ready to start creating the VMs. For this you need to first store the ISOs of the various OS that you will be installing on the server. The location where you need to store these ISOs is: /var/lib/vz/template/iso

Common OS locations

Windows OS

You can download the official Microsoft Windows ISOs by going to https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016?filetype=ISO. Remember that these are 90 or 180 days evaluation versions and you can insert your paid Windows Key to convert this into a Registered version.

Just remember that these links might not be for the latest versions so it is always better to get the link to the latest version from the Eval Center link

cd /var/lib/vz/template/iso

wget https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO

wget https://software-download.microsoft.com/download/pr/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso

Ubuntu Linux Distribution

To get latest version go to https://ubuntu.com/download/server

cd /var/lib/vz/template/iso

wget https://releases.ubuntu.com/20.04.1/ubuntu-20.04.1-live-server-amd64.iso

SUSE SAP Linux Distribution

To get latest version go to https://www.suse.com/download/sle-sap/

cd /var/lib/vz/template/iso

wget https://updates.suse.com/SUSE/Products/SLE-Product-SLES/15-SP1-QU5/x86_64/iso/SLE-15-SP1-Installer-DVD-x86_64-QU5-Media1.iso

Log in to Proxmox

Once everything is installed, you can log in to Proxmox by going to https://proxmox.example.com:8006. Enter root as the username and your linux root password to login


External references

The following links were very helpful in setting up the server


Posted by Varinder Singh
Varinder Singh
  1. Indivar Software Solutions Pvt Limited, India and New Zealand: Co-Founder and CTO
  2. Credence Medicure Corporation: Co-Founder & Director - IT
  3. Stakteck Limited: Co-Founder and CTO

Related Posts:

comments powered by Disqus