Create interface

To create a new interface add this snippet in the host /etc/pve/interfaces file. The host will not have an IP address on this interface.

auto vmbr<X>
iface vmbr<X> inet manual
    bridge_ports none
    bridge_stp off
    bridge_fd 0

Access internal networks

By default the proxmox host will not route any packet through the pfsense since it already has a default gateway to access the internet. In order for the host to be able to reach VM and containers on itself we need to be explicit in declaring our routes.

In order to do so we must add in the vmbr1 interface declaration in /etc/network/interfaces post-up and pre-down route hook. Like so

post-up /sbin/ip route add via dev vmbr1
pre-down /sbin/ip route del via dev vmbr1

Bind Mounts

To share a ZFS subvolume to another container edit the /etc/pve/lxc/<ct-id>.conf and add the bind mounts configuration

mp<id>: <storage>:<subvolume-name>,mp=<mount point>,backup=0,size=<subvolume size>
mp0: local-data:subvol-105-disk-2,mp=/mnt/calibre-data,backup=1,size=10G

SSL certificates

Same as pfSense, proxmox comes with a self-signed certificate. We will create a new certificate and set it for the proxmox and netdata GUI.

  • Create a new certificate for domains:

    • proxmox.{hostname}
    • netdata.{server}.{hostname}
    • proxmox.{server}.{hostname}
  • Export certificate and key

  • Import the certificate and key in the proxmox GUI host > certificate. They will be located at /etc/pve/local/pveproxy-ssl.<pem/key> on the host

  • Update the certificate location in the proxmox and netdata nginx site configuration

  • Launch ansible playbook to update nginx.