Deployment Overview of Proxmox VE on Server¶
Prerequisites and Basic Requirements¶
The deployment environment requires a Debian-based operating system with specific release versions. The system must have root privileges to execute installation and configuration tasks. The deployment supports the following Debian releases:
-
Debian 11 (Bullseye)
-
Debian 12 (Bookworm)
-
Debian 13 (Trixie)
The server must be able to resolve and connect to the hostkey.in domain. The deployment process involves network configuration adjustments, including hostname updates and hosts file modifications.
FQDN Configuration¶
The final panel for the application is accessible via a Fully Qualified Domain Name (FQDN) structured within the hostkey.in domain. The format for the FQDN is:
proxmox<Server ID>.hostkey.in:443
Where <Server ID> is the unique identifier assigned to the specific server instance. The service operates behind a reverse proxy, mapping the external HTTPS port 443 to the internal Proxmox port 8006.
File and Directory Structure¶
The deployment creates specific directories and places configuration files in standard system locations and custom data directories. Key locations include:
-
Nginx Configuration Directory:
/root/nginx -
Docker Compose File:
/root/nginx/compose.yml -
User Configuration:
/data/nginx/user_conf.d/proxmox<Server ID>.hostkey.in.conf -
System Repositories:
/etc/apt/sources.list.d/pve-install-repo.list -
GPG Keys:
/etc/apt/trusted.gpg.d/proxmox-release-<debian_release>.gpg
Application Installation Process¶
The Proxmox VE application is installed directly onto the host operating system using the apt package manager. The process involves adding the official Proxmox VE repository, importing the appropriate GPG key based on the Debian release, and installing the necessary packages.
For Debian 11, the pve-kernel-5.15 package is installed. For Debian 12 and Debian 13, the proxmox-default-kernel package is utilized. The core application and dependencies are installed via the following packages:
-
proxmox-ve -
postfix -
open-iscsi -
chrony(on Debian 12)
The standard Debian kernel is removed during the process to ensure the Proxmox kernel is the default. A system reboot is required after the initial kernel installation to apply changes.
Access Rights and Security¶
Access to the Proxmox interface is secured via HTTPS. The deployment utilizes Docker-based Nginx with Certbot to manage SSL/TLS certificates. The Nginx container acts as a reverse proxy, terminating SSL connections on the standard HTTPS port and forwarding traffic to the internal Proxmox port.
The firewall and access control are managed through the Nginx configuration and the Docker service itself. The Nginx service is configured to handle external requests on port 443 and forward them to the internal service running on port 8006.
Docker Containers and Their Deployment¶
Docker is installed on the host to manage the reverse proxy and SSL certificate renewal. The deployment utilizes Docker Compose to orchestrate the Nginx service.
The Docker container is launched using the image jonasal/nginx-certbot:latest. The service is configured with the following parameters:
-
Image:
jonasal/nginx-certbot:latest -
Restart Policy:
unless-stopped -
Network Mode:
host -
Volume Mounts:
-
nginx_secretsmapped to/etc/letsencrypt(external volume) -
/data/nginx/user_conf.dmapped to/etc/nginx/user_conf.d
The Docker service file at /lib/systemd/system/docker.service is updated on Debian 13 (Trixie) to ensure compatibility, followed by a daemon reload and service restart.
Proxy Servers¶
The system employs an Nginx reverse proxy running inside a Docker container to handle SSL termination and routing. The proxy is configured to accept traffic on the external domain proxmox<Server ID>.hostkey.in and forward it to the internal Proxmox interface.
The configuration includes:
-
Email for Certbot:
[email protected] -
Internal Target:
https://proxmox<Server ID>.hostkey.in:8006 -
Configuration File:
/data/nginx/user_conf.d/proxmox<Server ID>.hostkey.in.conf
The proxy configuration explicitly sets the proxy_pass directive to route requests to the internal Proxmox service on port 8006.
Permission Settings¶
The Nginx configuration directory is created with specific ownership and permissions:
-
Path:
/root/nginx -
Owner:
root:root -
Mode:
0755
The Docker Compose file is created with the following permissions:
-
Path:
/root/nginx/compose.yml -
Owner:
root:root -
Mode:
0644
Location of Configuration Files and Data¶
Configuration files and data are distributed across the system as follows:
| File/Directory Path | Description |
|---|---|
/root/nginx/compose.yml | Docker Compose definition for Nginx and Certbot |
/data/nginx/user_conf.d/proxmox<Server ID>.hostkey.in.conf | Nginx server block configuration |
/data/nginx/nginx-certbot.env | Environment variables for Certbot |
/etc/apt/sources.list.d/pve-install-repo.list | Proxmox VE repository source |
/etc/apt/trusted.gpg.d/proxmox-release-*.gpg | GPG keys for package verification |
/root/nginx | Base directory for Nginx Docker configuration |
Available Ports for Connection¶
The deployment exposes the following port configuration:
| Direction | Port | Protocol | Description |
|---|---|---|---|
| External | 443 | TCP | HTTPS access to the Proxmox interface via Nginx |
| Internal | 8006 | TCP | Direct Proxmox VE management interface (behind proxy) |
Starting, Stopping, and Updating¶
The Proxmox VE service is managed as a native system service. The Nginx proxy is managed via Docker Compose.
Service Management Commands:
-
Start Nginx Proxy:
-
Stop Nginx Proxy:
-
Restart Docker Service:
-
Reload systemd:
To update the application, standard apt commands are used to fetch the latest packages from the Proxmox repository, followed by a system reboot if the kernel or core services are updated.