Skip to content

Deployment Overview of Proxmox Backup Server on Server

Prerequisites and Basic Requirements

The deployment of Proxmox Backup Server requires a Debian 12 (Bookworm) operating system. The installation process involves system-level package management and requires root privileges. The following components and configurations are necessary:

  • Operating System: Debian 12 (Bookworm)

  • Privileges: Root access is required for package installation and service management.

  • Required Packages: curl, wget, ca-certificates, gnupg, zfs-dkms, and linux-headers-amd64.

  • Repository Configuration: The system must be configured to use the Proxmox PBS no-subscription repository.

  • Network Ports:

  • Internal Service Port: 8007

  • External HTTPS Port: 443

FQDN of the Final Panel

The Proxmox Backup Server web interface is accessible via the following Fully Qualified Domain Name (FQDN) format on the hostkey.in domain:

proxmox-backup-server<Server ID>.hostkey.in:443

Replace <Server ID> with the specific identifier assigned to the server instance. The service listens on port 443 for secure HTTPS connections.

File and Directory Structure

The deployment utilizes specific directories for configuration files, data storage, and container management:

  • Repository Configuration: /etc/apt/sources.list.d/pbs.list

  • GPG Key: /etc/apt/trusted.gpg.d/proxmox-release.gpg

  • Nginx Configuration Directory: /data/nginx/user_conf.d/

  • Docker Compose Directory: /root/nginx/

  • Docker Compose File: /root/nginx/compose.yml

  • Nginx Environment File: /data/nginx/nginx-certbot.env

  • SSL Certificates Volume: Mounted at /etc/letsencrypt within the container, mapped to the nginx_secrets external volume.

Application Installation Process

The Proxmox Backup Server is installed as a native package on the Debian host, followed by the deployment of a reverse proxy container.

  1. System Update: The system packages are updated and upgraded to the latest distribution versions.

  2. Dependency Installation: Essential tools including curl, wget, ca-certificates, and gnupg are installed.

  3. Repository Setup:

    • The Proxmox PBS enterprise repository is disabled if present.

    • The contrib and non-free-firmware components are enabled in the main sources list.

    • The Proxmox PBS GPG key is downloaded and added to the trusted keys directory.

    • The Proxmox PBS no-subscription repository is added to /etc/apt/sources.list.d/pbs.list.

  4. Package Installation: The proxmox-backup-server meta-package is installed.

  5. ZFS Support: The zfs-dkms and linux-headers-amd64 packages are installed to support ZFS filesystems.

  6. Service Activation: The proxmox-backup service is started and enabled to run on boot.

  7. Proxy Deployment: A Docker container running jonasal/nginx-certbot:latest is deployed to handle SSL termination and reverse proxying.

Access Rights and Security

Security is managed through the reverse proxy configuration and service isolation:

  • SSL/TLS: The nginx-certbot container automatically manages SSL certificates via Let's Encrypt.

  • Firewall: The external port 443 is exposed for HTTPS traffic. The internal service port 8007 is bound to 127.0.0.1 and is not directly exposed to the external network.

  • User Configuration: The Nginx configuration files are owned by root with permissions set to 0644 for files and 0755 for directories.

  • Container Isolation: The proxy container runs with network_mode: host to facilitate direct port binding and certificate management.

Databases

Proxmox Backup Server manages its own internal database and storage metadata. No external database connection configuration is required for the standard deployment described in the source files. Data is stored locally on the host's filesystem, typically utilizing ZFS datasets managed by the proxmox-backup service.

Docker Containers and Their Deployment

A single Docker container is deployed to act as the reverse proxy and SSL terminator.

  • Image: jonasal/nginx-certbot:latest

  • Restart Policy: unless-stopped

  • Network Mode: host

  • Environment Variables:

  • CERTBOT_EMAIL: Set to [email protected]

  • Volumes:

  • nginx_secrets: External volume mounted to /etc/letsencrypt for certificate storage.

  • /data/nginx/user_conf.d: Host directory mounted to /etc/nginx/user_conf.d for custom Nginx configurations.

The container is managed via a docker compose file located at /root/nginx/compose.yml.

Proxy Servers

The deployment utilizes Nginx within a Docker container to handle incoming traffic.

  • Proxy Software: Nginx (via jonasal/nginx-certbot image).

  • SSL Management: Certbot is integrated into the container for automatic certificate issuance and renewal.

  • Configuration:

  • A custom configuration file is created at /data/nginx/user_conf.d/proxmox-backup-server<Server ID>.hostkey.in.conf.

  • The configuration includes a location / block that proxies requests to the internal Proxmox Backup Server instance.

  • The proxy_pass directive is set to http://127.0.0.1:8007.

  • Routing:

  • External requests to port 443 are routed to the Nginx container.

  • Nginx forwards traffic to the internal Proxmox Backup Server on port 8007.

Permission Settings

File and directory permissions are strictly defined to ensure security and proper operation:

  • Nginx Directory: /root/nginx is created with owner root:root and mode 0755.

  • Compose File: /root/nginx/compose.yml is set to owner root:root with mode 0644.

  • Nginx Config Directory: /data/nginx/user_conf.d is mounted into the container; files within are managed by the deployment process.

  • GPG Key: /etc/apt/trusted.gpg.d/proxmox-release.gpg is set to mode 0644.

Location of Configuration Files and Data

The following table summarizes the critical file locations:

File Type Path Description
APT Repository List /etc/apt/sources.list.d/pbs.list Proxmox PBS no-subscription repository definition
GPG Key /etc/apt/trusted.gpg.d/proxmox-release.gpg Repository signing key
Docker Compose /root/nginx/compose.yml Container orchestration definition
Nginx Env File /data/nginx/nginx-certbot.env Environment variables for the proxy container
Nginx Config /data/nginx/user_conf.d/proxmox-backup-server<Server ID>.hostkey.in.conf Custom reverse proxy configuration
SSL Certificates /etc/letsencrypt (via volume) Let's Encrypt certificate storage

Available Ports for Connection

The system exposes the following ports for client access:

  • Port 443 (HTTPS): The primary entry point for the Proxmox Backup Server web interface, handled by the Nginx reverse proxy.

  • Port 8007 (HTTP): The internal port used by the Proxmox Backup Server application. This port is bound to 127.0.0.1 and is only accessible locally by the Nginx container.

Starting, Stopping, and Updating

Service management commands are used to control the Proxmox Backup Server and the Docker proxy.

  • Proxmox Backup Server Service:

  • Start: systemctl start proxmox-backup

  • Stop: systemctl stop proxmox-backup

  • Enable on Boot: systemctl enable proxmox-backup

  • Status: systemctl status proxmox-backup

  • Docker Proxy Container:

  • Start/Restart: docker compose up -d (executed from /root/nginx)

  • Stop: docker compose down (executed from /root/nginx)

  • Update Image: Pull the latest image and restart the container using docker compose pull followed by docker compose up -d.

  • Package Updates:

  • To update the Proxmox Backup Server software, run apt update followed by apt upgrade proxmox-backup-server.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×