Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

Proxmox on Hetzner Cloud

profile picture
Author
Nascire
Published
2021-12-09
Time to read
6 minutes reading time
Table of Contents

Introduction

In this tutorial I will guide you on setting up Proxmox in a Hetzner Cloud instance. Even if we can´t (till now) use KVM, as nesting is not supported/enabled, we can still benefit using LXC containers.

At the end of this tutorial, we will be able to deploy LXC containers, which can communicate to the outside world, and even have ports redirected to them.

I will, in the near future, expand this tutorial with the following (optional) steps:

  • "Routing-VM with HAProxy", so we can host multiple containers with webservers (even with HTTPS!)
  • Clustering with multiple instances

Prerequisites

  • Hetzner Cloud instance
  • All commands provided can be run either via SSH, or by using the WebUI-Shell

Step 1 - Install Proxmox VE

At the time of writing, only the ISO for Proxmox VE 6.4 is available - either, you request to be provided the current Proxmox VE 7.0.2 ISO via ticket, or you run a manual upgrade afterwards: https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0

I will not cover the installation itself, as this is perfectly documented by Proxmox: https://pve.proxmox.com/wiki/Installation

The only point to keep in mind is, do you want to use the included Proxmox VE storage replication framework (https://pve.proxmox.com/pve-docs/chapter-pvesr.html)?

If this is the case, and you don´t want/need an additional Cloud Volume, you have to choose zfs (RAID0) during installation.

Note: Clustering will be added in the near future

After the installation completed, don´t forget to unmount the ISO again.

Step 2 - Repository configuration (optional)

If you have no license and want to leave it that way, you will need to adapt the repository configuration. For this, we disable the pve-enterprise and activate the pve-no-subscription repositories.

sed -i 's/^deb/#deb/g' /etc/apt/sources.list.d/pve-enterprise.list
echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bullseye pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list

Step 3 - Network configuration - prerequisites

In case you want to stick with the default Linux Bridge, there´s nothing to do. I, however, prefer to use OpenvSwitch.

As a preparation, we make sure we have the most recent package lists available:

apt update

Step 3.1 - Install ifupdown2

To be able to apply our changes on the network configuration via the WebUI, we have to install the ifupdown2 package:

apt install ifupdown2 -y

Step 3.2 - Install OpenvSwitch (Optional)

apt install openvswitch-switch -y

Step 3.3 - Remove default Bridge

As we do, in no way, benefit from the default Bridge, we will remove it. For this, adapt /etc/network/interfaces as below, and save it as /etc/network/interfaces.new:

auto lo
iface lo inet loopback

auto ens3
iface ens3 inet static
        address <your.public.ip.address>/32
        gateway 172.31.1.1
        pointopoint 172.31.1.1
        dns-nameservers 185.12.64.1 185.12.64.2
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -F

Afterwards, we can activate this change without loosing connectivity via the WebUI. Select your Host on the left side, and in the menu navigate to System -> Network, where you can click on Apply Configuration

post-up echo 1 > /proc/sys/net/ipv4/ip_forward enables forwarding for packets. post-up iptables -t nat -F flushes all Masquerade/Forwarding rules

Step 4 - Network configuration

This step depends on wether you want to use the basic Linux Bridge, or an OpenvSwitch-Bridge. You will have to choose a subnet for your containers, and an IP for your Host as Gateway. For example:

  • Subnet: 172.20.1.0/24
  • Gateway: 172.20.1.1

Select your Host on the left side, and in the menu navigate to System -> Network.

Step 4.1.a - Linux Bridge

Click Create -> Linux Bridge, choose a name and fill the desired subnet (by using the Gateway-IP) for your containers: 172.20.1.1/24 Leave all other fields on their default values.

Step 4.1.b - OpenvSwitch Bridge

Click Create -> OVS Bridge and choose a name (e.g. vmbr0) for the bridge. Next, click Create -> OVS IntPort, choose a meaningful name (e.g. gw_vmbr0) and select the Bridge we just created. Additionally, we also fill the desired subnet (by using the Gateway-IP) for your containers: 172.20.1.1/24

Step 4.2 - Masquerade

For our containers to be able to communicate to the outside world, we need to tell our Host to Masquerade them. To do this, we edit the file /etc/network/interfaces.new and search for a line like iface vmbr0 inet ..., where vmbr0 is of course our before choosen name. Either directly below, or after the following indented lines, insert the following (indented):

        post-up iptables -t nat -A POSTROUTING -s '172.20.1.0/24' -o ens3 -j MASQUERADE

Of course, you have to replace 172.20.1.0/24 with your desired subnet.

Afterwards, we can activate our changes - select your Host on the left side, and in the menu navigate to System -> Network, where you can click on Apply Configuration

Step 5 - Port forwarding (Optional)

In case you want to forward a port from your Host to a container, we edit the file /etc/network/interfaces and search for our masquerade-line. After it, again indented, insert the following:

        post-up iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 80 -j DNAT --to 172.20.1.1:8080

Of course, adapt this line to your needs (udp instead of tcp, target, ...).

Either directly save the file, and paste the inserted line without post-up, or save the file as /etc/network/interfaces.new and activate it via the WebUI.

Step 6 - Create container

The process itself is not scope of this tutorial, and any documentation needed should be available here: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#chapter_pct

Keep in mind, when creating a container, to give it an IP from your chosen subnet, and to specify for chosen Gateway IP (see introduction to Step 4)

Conclusion

We now have a basic setup, on which we can deploy LXC containers. In the near future, as mentioned in the beginning, I will extend this tutorial.

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue
Try Hetzner Cloud

Get 20€ free credit!

Valid until: 31 December 2024 Valid for: 3 months and only for new customers
Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue