How to Setup Proxmox on Hetzner Dedicated Server
This is second in the series that will end with installing SAP B1 on HANA. The first article was on how to setup a new dedicated Hetzner Server as a base.
Proxmox
Proxmox VE is a complete open-source platform for all-inclusive enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined storage and networking functionality on a single platform, and easily manages high availability clusters and disaster recovery tools with the built-in web management interface.
The enterprise-class features and the 100% software-based focus make Proxmox VE the perfect choice to virtualize your IT infrastructure, optimize existing resources, and increase efficiencies with minimal expense. You can easily virtualize even the most demanding Linux and Windows application workloads, and dynamically scale-out your computing and storage as your needs grow ensuring to stay adaptable for future growth of your data center.
You can setup Proxmox on any bare-metal server but for the purposes of this article we are assuming that you are using bare-metal/Dedicated server from Hetzner and you have it set it up as mentioned in the previous article.
Server config
As in the previous article we are assuming the following settings:
Hostname
proxmox.example.com
Network details:
Main IP Settings
- Main IP:
11.11.11.11 - Gateway:
11.11.11.1 - Netmask:
255.255.255.192
Additional IP Settings
- Subnet:
100.100.100.32/28i.e. IPs from100.100.100.33 to 100.100.100.46 - Gateway:
11.11.11.11 - Netmask:
255.255.255.240
Setup Proxmox
Prepare server
sshinto the server where you want to install Proxmox -
- Update the server to ensure everything is upto date
apt update -y && apt full-upgrade -y && apt autoremove -y
If you have logged in using the username and password then it is recommended that you setup SSH-key based authentication as it will be more convenient and also more secure.
- First log off from the server
exit- Copy the public SSH key of the server from where yo are logging in to the remote server
ssh-copy-id [email protected]and follow the prompts- Once you have successfully logged in to the remote server using SSH key then you can edit the
sshd_configfile to disable logging using username/password.
nano /etc/ssh/sshd_config # in the sshd_config file make the following changes PubkeyAuthentication yes PasswordAuthentication noMake sure that the server has proper host settings
nano /etc/hosts
# This file should look similar to this
### Hetzner Online GmbH installimage
# nameserver config
# IPv4
127.0.0.1 localhost.localdomain localhost
11.11.11.11 proxmox.example.com proxmox
#
# IPv6
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
fcc8:7d20:587f:f1c9:550:ba8d:780b:4771 proxmox.example.com proxmox
Add Proxmox VE repository
echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
Add Proxmox VE repository key
wget http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
chmod +r /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
Update the Repository & system
apt update -y && apt full-upgrade -y
reboot
Remove the packages not needed as Proxmox will bring its own version
aptitude -q -y purge firmware-bnx2x firmware-realtek firmware-linux firmware-linux-free firmware-linux-nonfree
Install Proxmox VE packages
apt install proxmox-ve postfix open-iscsi
apt remove os-prober
reboot
You can choose local only for the postfix setup and Use vendor settings… when asked for
Also choose proxmox.example.com when asked for the System main name in the Postfix config screen
Checking Proxmox
Once your server has rebooted, you can ssh back into and check if Proxmox is properly installed
uname -rv
## you should see the result similar to
5.4.78-1-pve #1 SMP PVE 5.4.78-1 (Mon, 30 Nov 2020 10:57:47 +0100)
# Check if the required modules are loaded
lsmod | grep kvm
## result
kvm_intel 253952 0
kvm 659456 1 kvm_intel
irqbypass 16384 1 kvm
Remove Enterprise Proxmox Packages
rm /etc/apt/sources.list.d/pve-enterprise.list && apt-get update
Basic Proxmox security
For basic security, you can install fail2ban which will monitor the login attempts into your machine and if there are multiple login attempts from a particular IP Address, that IP Address will be banned for some time. You can follow the steps outlined in https://pve.proxmox.com/wiki/Fail2ban, but in nutshell the steps are:
#install fail2ban
apt-get install fail2ban
#use /etc/fail2ban/jail.conf as a template for configuration
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
nano /etc/fail2ban/jail.local
#-----
# add the following settings at the bottom of the jail.local
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600
#-----
#create conf for proxmox in fail2ban
nano /etc/fail2ban/filter.d/proxmox.conf
#add the following settings
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
Let’s Encrypt cert
You can now login to Proxmox by going to https://proxmox.example.com:8006 as the system uses self signed certificate, it is recommended to setup Lets Encrypt cert before you log in. For this:
> pvenode acme account register default [email protected]
Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection: 0
Attempting to fetch Terms of Service from 'https://acme-v02.api.letsencrypt.org/directory'..
Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the above terms? [y|N]: y
Attempting to register account with 'https://acme-v02.api.letsencrypt.org/directory'..
Generating ACME account key..
Registering ACME account..
Registration successful, account URL: 'https://acme-v02.api.letsencrypt.org/acme/acct/104920491'
Task OK
> pvenode acme account list
default
> pvenode config set --acme domains=proxmox.example.com
> pvenode acme cert order
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/104900001/6533454314
Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/9030000870'
The validation for proxmox.example.com is pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is 'valid', domain 'proxmox.example.com' OK!
All domains validated!
Creating CSR
Checking order status
Order is ready, finalizing order
valid!
Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Task OK
Host Network Configuration
Due to the way Hetzner network works, there is some extra network configuration that is needed, that will allow us to use the additional IPs that we ordered.
For this you need to edit /etc/network/interfaces file
Add the following at the bottom of the /etc/network/interfaces file
auto vmbr0
iface vmbr0 inet static
address 11.11.11.11 # -- this is your main IP
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
pre-up brctl addbr vmbr0
#each additional IP is listed here
up ip route add 100.100.100.33/32 dev vmbr0
up ip route add 100.100.100.34/32 dev vmbr0
up ip route add 100.100.100.35/32 dev vmbr0
up ip route add 100.100.100.36/32 dev vmbr0
up ip route add 100.100.100.37/32 dev vmbr0
up ip route add 100.100.100.38/32 dev vmbr0
up ip route add 100.100.100.39/32 dev vmbr0
up ip route add 100.100.100.40/32 dev vmbr0
up ip route add 100.100.100.41/32 dev vmbr0
up ip route add 100.100.100.42/32 dev vmbr0
up ip route add 100.100.100.43/32 dev vmbr0
up ip route add 100.100.100.44/32 dev vmbr0
up ip route add 100.100.100.45/32 dev vmbr0
up ip route add 100.100.100.47/32 dev vmbr0
We also need to setup the server for IP Forwarding and this can be done by editing etc/sysctl.conf file.
#make these following changes
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.all.send_redirects=0
After editing the above file, Reboot the server for the setting to take effect.
reboot
ISO Locations
Once the server has rebooted, you are ready to start creating the VMs. For this you need to first store the ISOs of the various OS that you will be installing on the server. The location where you need to store these ISOs is: /var/lib/vz/template/iso
Common OS locations
Windows OS
You can download the official Microsoft Windows ISOs by going to https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016?filetype=ISO. Remember that these are 90 or 180 days evaluation versions and you can insert your paid Windows Key to convert this into a Registered version.
- Link for Windows Server 2012
- Link for Windows Server 2016
Just remember that these links might not be for the latest versions so it is always better to get the link to the latest version from the Eval Center link
cd /var/lib/vz/template/iso
wget https://software-download.microsoft.com/download/pr/Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO
wget https://software-download.microsoft.com/download/pr/17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso
Ubuntu Linux Distribution
To get latest version go to https://ubuntu.com/download/server
- Link to Ubuntu 20.04
cd /var/lib/vz/template/iso
wget https://releases.ubuntu.com/20.04.1/ubuntu-20.04.1-live-server-amd64.iso
SUSE SAP Linux Distribution
To get latest version go to https://www.suse.com/download/sle-sap/
- Link to SUSE 15 SP1
cd /var/lib/vz/template/iso
wget https://updates.suse.com/SUSE/Products/SLE-Product-SLES/15-SP1-QU5/x86_64/iso/SLE-15-SP1-Installer-DVD-x86_64-QU5-Media1.iso
Log in to Proxmox
Once everything is installed, you can log in to Proxmox by going to https://proxmox.example.com:8006. Enter root as the username and your linux root password to login
External references
The following links were very helpful in setting up the server
- https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Buster
- https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve
- Indivar Software Solutions Pvt Limited, India and New Zealand: Co-Founder and CTO
- Credence Medicure Corporation: Co-Founder & Director - IT
- Stakteck Limited: Co-Founder and CTO
