User Tools

Site Tools


proxmox

Proxmox VE Server Setup

This is a summary of steps to install Proxmox.

  • Install Proxmox VE
  • Under DNS, add all DNS servers
  • Under Hosts, add all Proxmox hosts

Configure NTP

 # nano /etc/chrony/chrony.conf
    Add 'server 139.169.206.5 iburst' and 'server 198.122.144.26 iburst'
 # systemctl restart chronyd
 # journalctl --since -1h -u chrony

Configure Repositories

  • Navigate to Updates > Repositories. Highlight the enterprise repos and click the Disable button.
  • Click 'Add' and the No-Subscription repo and the Ceph Quincy no-subscription repo.
  • Navigate to Updates and select 'Refresh'
  • Click 'Upgrade'

Configure Storage

  • Under Disks, add storage disks by using 'Initialize disk with GPT'
  • Under Disks/LVM-Thin, add the new disk
  • Under Local/ISO Images, upload ISO images for creating VMs

Configure Cluster

Checklist

  • Dedicated NICs for the cluster
  • < 5ms latency
  • Use IP addresses, not names
  • HA requires at least 3 hosts
  • The cluster name cannot be changed later
  • Changing the hostname and IP is not possible after cluster creation

Ubuntu VMs

Install an approved release of Ubuntu from an ISO file

> sudo nano /etc/ssh/sshd_config
  change "PermitRootLogin without-password" to "PermitRootLogin yes"
> sudo apt install network-manager
> sudo nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
  Add the line
  network: {config: disabled}
> sudo nano /etc/netplan/50-cloud-init.yaml
  Edit the file with static IP settings: 
  network:
    version: 2
    ethernets:
      ens18:
        dhcp4: false
        dhcp6: false
        addresses:
          - 139.169.156.11/24
        routes:
          - to: default
            via: 139.169.156.1
        nameservers:
           addresses:
             - 139.169.16.150
             - 139.169.31.2
> sudo nano /etc/sysctl.conf
   Insert the following lines at the bottom of the file:
    # Disable IPv6
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    net.ipv6.conf.lo.disable_ipv6 = 1
> sudo sysctl -p

Misc

> sudo apt install nano
> sudo apt install nfs-common
> sudo apt install net-tools
> sudo apt install nmap

Webmin

> sudo curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh
> sudo sh setup-repos.sh
> sudo apt install --install-recommends webmin
> systemctl status webmin.service

firewalld

 >

NTP Client

> sudo apt install ntp
> sudo nano /etc/ntpsec/ntp.conf
  server 139.169.206.5 prefer
  (Remove other server & pool sources)
> ntpq -p

Guest Agent

> sudo apt install qemu-guest-agent 
> sudo systemctl enable qemu-guest-agent
Shutdown the VM
Under VM options, enable 'QEMU Guest Agent'
Start the VM
> systemctl status qemu-guest-agent.service

Squid

 > 

Apache

 > 

Apache SSL

 Create a CSR:
 >

Nagios

Do NOT install Nagios using repositories. It's unsupported!

 > su

MariaDB

>

phpMyAdmin

>   

Mumble Server

 > sudo apt install mumble-server
 > sudo dpkg-reconfigure mumble-server
 > sudo nano /etc/mumble-server.ini
    users=100
    welcometext="<br />Welcome to the CTSD <b>Murmur</b> server.<br /><br />By accessing and using this information system, you acknowledge and consent to the following:<br />   You are accessing a <b>U.S. Government information system</b>, which includes:<br />   (1) this computer<br />   (2) this computer network<br />   (3) all computers connected to this network including end user systems<br />   (4) all devices and storage media attached to this network or to any computer on this network<br />   (5) cloud and remote information services.<br /><br />This information system is provided for U.S. Government-authorized use only.<br />You have no reasonable expectation of privacy regarding any communication transmitted through or data stored on this information system.<br />At any time, and for any lawful purpose, the U.S. Government may monitor, intercept, search, and seize any communication or data transiting, stored on, or traveling to or from this information system.<br />You are NOT authorized to process classified information on this information system.<br />Unauthorized or improper use of this system may result in suspension or loss of access privileges, disciplinary action, and civil and/or criminal penalties.<br />"

UniFi Network Controller

>

Windows VMs

  • Configure the VM to use VirtIO network adapter(s)
  • Install an approved release of Windows from an ISO file
  • To install the VirtIO network drivers, mount the VirtIO ISO file and run virtio-win-gt-x64
  • To install the enable QEMU agent, run guest-agent\qemu-ga-x86_64.msi
  • SHUTDOWN the VM, in the Options menu enable the QEMU guest agent then start the VM.
  • Enable the administrative share
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Debian VMs

Install Debian 12 from an ISO file

> sudo nano /etc/ssh/sshd_config
  change "PermitRootLogin without-password" to "PermitRootLogin yes"

> sudo nano /etc/network/interfaces
  # The primary network interface
  allow-hotplug ens18
  auto ens18
  iface ens18 inet static
     address 192.168.10.103
     netmask 255.255.255.0
     gateway 192.168.10.1
     dns-nameservers 192.168.10.107 192.168.10.1

No-IP DUC

 > mkdir /home/username/noip
 > cd /home/username/noip
 > wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
 > tar vzxf noip-duc-linux.tar.gz
 > cd noip-xxx
 > sudo make
 > sudo make install
 > sudo noip2 ­-S
 To reconfigure the client: /usr/local/bin/noip2 -C
proxmox.txt · Last modified: 2025/06/03 12:43 by w5ged