To create a new interface add this snippet in the host
/etc/pve/interfaces file. The host will not have an IP address on this interface.
auto vmbr<X> iface vmbr<X> inet manual bridge_ports none bridge_stp off bridge_fd 0
Access internal networks¶
By default the proxmox host will not route any packet through the pfsense since it already has a default gateway to access the internet. In order for the host to be able to reach VM and containers on itself we need to be explicit in declaring our routes.
In order to do so we must add in the
vmbr1 interface declaration in
/etc/network/interfaces post-up and pre-down route hook. Like so
post-up /sbin/ip route add 10.0.1.0/24 via 10.0.0.1 dev vmbr1 pre-down /sbin/ip route del 10.0.1.0/24 via 10.0.0.1 dev vmbr1
To share a ZFS subvolume to another container edit the
/etc/pve/lxc/<ct-id>.conf and add the bind mounts configuration
mp<id>: <storage>:<subvolume-name>,mp=<mount point>,backup=0,size=<subvolume size> mp0: local-data:subvol-105-disk-2,mp=/mnt/calibre-data,backup=1,size=10G
Same as pfSense, proxmox comes with a self-signed certificate. We will create a new certificate and set it for the proxmox and netdata GUI.
Create a new certificate for domains:
Export certificate and key
Import the certificate and key in the proxmox GUI
host > certificate. They will be located at
/etc/pve/local/pveproxy-ssl.<pem/key>on the host
Update the certificate location in the proxmox and netdata nginx site configuration
Launch ansible playbook to update nginx.