Proxmox Installation and Configuration Guide - n0one42/ansible-homelab GitHub Wiki

📚 Table of Contents

• Overview
• Prerequisites
• Installation Steps
  • Step 1: Boot from Installation Media
  • Step 2: Choose Installation Target
  • Step 3: Configure System Password and Network
  • Step 4: Complete Installation
• Accessing the Web Interface
• Next Steps
• Troubleshooting

🌟 Overview

This guide details the installation and configuration of Proxmox VE, a powerful open-source server virtualization management solution. The following sections will walk through the necessary steps to set up Proxmox, ensuring a robust and flexible virtualization environment.

📋 Prerequisites

• Proxmox VE installation media (USB/DVD)
• A physical server or a virtual machine with at least one disk
• Basic understanding of network configuration
• An SSH key pair for secure communication

🛠 Installation Steps

Step 1: Boot from Installation Media

1. Insert the Proxmox VE installation media into the server.
2. Boot the server from the installation media.
3. Select the Proxmox VE installer from the boot menu.

Step 2: Choose Installation Target

During the installation process, you will be prompted to select the target disk for installation. It is highly recommended to use ZFS, even with a single disk, to take advantage of its features like snapshots and checksumming.

[!NOTE] It is recommended to use ZFS (raid0) even with a single disk. You can adjust additional settings if needed, but the default ZFS configuration is suitable for most setups.

Step 3: Configure System Password and Network

System Password

Set the system password to Temp#1234.

Recommendation: Use Temp#1234 as the initial password. This facilitates automation and consistency across the setup. Key-based SSH authentication will be configured later, and password authentication will be disabled for enhanced security.

Network Configuration

Configure the network settings according to your environment. For this guide, we use the following settings:

Network Settings:

• Static IP: 192.168.1.210
• Gateway/DNS: 192.168.1.1
• Hostname: pve-demo.demo.default

Hint: This will be rewritten since the best practice is to use subdomains of the real domain eg: pve-demo.demo-dmz.mydom.com In this case, demo-dmz would be the subdomain. The Search domain internally set by your router would be: demo-dmz.mydom.com

Additional Details:

• Network Configuration: Ensure the server is connected to the default network 192.168.1.1/24. The static IP 192.168.1.210 is assigned for the Proxmox host.
• Hostname Consideration: It is advisable not to use your public domain internally. Instead, use a subdomain or an internal naming convention like demo.default. In this guide, we use demo.default for the internal network. Other internal networks include demo.mgmt and demo.dmz.

Adapt these settings to fit your network. Using a subdomain like demo.default for internal networks is advisable.

Step 4: Complete Installation

Once the configuration is complete, proceed with the installation. After the installation finishes, the system will reboot.

🌐 Accessing the Web Interface

After rebooting, access the Proxmox VE web interface using the following URL:

https://192.168.1.210:8006

You should see the Proxmox VE interface with the node named pve-demo and the default network configuration (vmbr0).

🔑 Copying SSH Key to the Server

To secure access, the next step is to copy your SSH key to the Proxmox server. This allows for secure, key-based authentication.

Simple Method

ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]

Advanced Method (YubiKey)

ssh-copy-id -i ~/.ssh/id_ecdsa_sk.pub [email protected]

[!TIP] For the highest security, using a YubiKey is recommended. The YubiKey requires touch for authentication, adding an extra layer of security.

If you have not created an SSH key yet, please refer to the Creating SSH Keys Guide. This guide includes instructions for generating both standard SSH keys and YubiKey-based keys.

🔒 Changing the Password

After copying the SSH key, change the default password to a strong one. Two-factor authentication (2FA) is also recommended for enhanced security.

⚙️ Manual Configuration

Some configuration steps will be performed manually to keep the initial setup uncomplicated. This may be automated in the future, hence the use of the temporary password Temp#1234 during installation.

Set Repositories

1. Disable enterprise repositories for Proxmox and Ceph.
2. Enable non-subscription repositories.

Update / Upgrade

Refresh, upgrade, and restart your Proxmox server.

System Hardening

Now, disable SSH password authentication, change the SSH port, and apply other security measures. SSH into your Proxmox VE with your key or use the Web GUI.

nano /etc/ssh/sshd_config.d/10-custom-settings.conf

Add the following configuration:

Port 2222
PasswordAuthentication no
PermitEmptyPasswords no
GSSAPIAuthentication no
X11Forwarding no
UseDNS no
PermitRootLogin yes
ChallengeResponseAuthentication no

Then, apply the changes:

chmod 600 /etc/ssh/sshd_config.d/10-custom-settings.conf
systemctl restart ssh

[!NOTE] When using Include /etc/ssh/sshd_config.d/*.conf, the first obtained value for each configuration parameter is used, even if it appears later in the configuration files. So in this example, if 10-settings has Port 22 and 20-settings has Port 2222, the effective port will be 22 because it appears first in the configuration files. The order of the files matters when using the Include directive; the settings in the file processed first take precedence.

Enabling Snippets

Snippets will be needed later for cloud-init VMs.

🌐 Network Configuration

For the advanced route, you must ensure your Proxmox setup includes 2 VLAN tags: one for infrastructure management and one for a DMZ network. This step is not required for the simple route.

The network configuration involves creating VLANs, bonds, and bridges. This image provides a short overview:

For detailed instructions on setting up the router, switch, and VLAN configuration, please refer to the respective topic in the documentation. (Link later)

[!NOTE] Depending on whether you follow the simple or advanced route, the configuration will vary. This documentation uses the advanced configuration by default. In this setup, there is only one physical network port. A bond will still work with one port, and we will create the requirements if an additional network card is added in the future.

[!CAUTION] We will now set up the advanced version. Changing this can lead to an unreachable Proxmox VE server over the network. (Serial or direct attachment will still work).

Steps:

1. Remove the vmbr0

2. Creating the Linux Bond

3. Creating the Linux VLANs

4. Create the Linux Bridges

5. Apply Configuration

Now, you should be able to access the Web GUI of Proxmox under the address: https://10.0.5.10:8006

6. Update Hosts File, DNS and Search Domain

To make the configuration consistent, update the hosts file to reflect the changes using the GUI:

Also, set the search domain accordingly:

---

[!IMPORTANT] In this setup, Proxmox is installed inside a VM. Therefore, only 2 Linux bridges will be used to represent the VLANs described in the documentation. Instead of having a Linux bond and the Linux VLANs, the configuration will directly use vmbr5 and vmbr90, representing the infrastructure management VLAN and the DMZ VLAN, respectively. This is just a hint to avoid confusion.