800+ IT
News
als RSS Feed abonnieren๐ Setting up a Homelab: Part 1 Proxmox and LetsEncrypt
๐ก Newskategorie: Programmierung
๐ Quelle: dev.to
As someone who likes to tinker around with stuff, I tend to break my system quite often. For a long time, I have wanted to allow myself to test applications and operating systems without breaking my ongoing OS install.
One way to test application is by using virtual machines or docker. While I use docker quite a lot for testing and for production workloads, testing an entire operating system on docker is not feasible. For this reason, I wanted to use virtual machines. But I also did not want to run Virtual Machines on my laptop, as I do not like my laptop getting hot everytime I want to test something new. Recently, I got my hands on a used desktop, a decent machine on which I could start building my home lab.
As I wanted to run a bunch of Virtual Machines and containers on the server, Proxmox seemed to be a good fit as it supports both VMs and Containers using KVM and LXC.
P.S. This is not supposed to be a tutorial. I only wrote this piece so that I can look back on it after a year and hopefully remember how I did stuff.
Installation
To install Proxmox VE, I just followed the documentation on the Proxmox website and completed a standard installation. As the installer is straightforward, the installation itself was quite easy.
Configuration
Right after I installed Proxmox, I tried logging into the web console, and I saw this.
A self-signed certificate was generated and used by Proxmox which will always generate a warning on the browser. I did not like seeing this when trying to work on my home lab. So, I started looking for ways to put a valid SSL certificate in Proxmox.
During my research, I found that Proxmox could be made to integrate with acme.sh; a free SSL certificate generator powered by ACME(Let's Encrypt).
Generate and Apply SSL Certificate
Docs: https://pve.proxmox.com/wiki/Certificate_Management
After skimming through the documentation, I thought that the integration would be quite easy, and indeed it was, after a couple of failed attempts.
You can register and deactivate ACME accounts over the web interface Datacenter -> ACME or using the pvenode command-line tool.
Following this excerpt from the documentation, I went to Datacenter -> ACME -> Accounts -> Add, and registered an account with Lets Encrypt V2.
Since The Proxmox instance was not accessible directly from the public internet, I proceeded to add the plugin for DNS challenge based verification.
To add a Challenge Plugin:
- In the challenge plugins section, click on Add.
- In the popup that appears, give a name to the plugin that you will create in the Plugin ID section. Remember this value as the PLUGIN_NAME.
- Set the
DNS APIoption to DNS provider, and fill in the generated form as required. Then clock on save.
In my case, I am using Cloudflare, so I filled in the CF_Account_ID, CF_Email, CF_Token and CF_Zone_ID fields.
You might only need the CF_TOKEN but the process failed due to some reason when only the CF_TOKEN was used. So I filled in all the applicable fields.
Now, to generate the certificated for a node, you need to go to the Datacenter -> NODE_NAME -> System -> Certificates to generate/setup the certificate.
- In the ACME Section, Click on Add.
- In the popup that appears, select challenge type as DNS, and the Plugin type as the name that you used when creating the DNS plugin (PLUGIN_NAME).
- In the domain field, fill in the domain name that you want to generate the SSL certificate for. Now click on apply.
- The certificate should be generated and applied. Proxmox will restart the webproxy to apply the new certificate.
