Installation Guide¶
Prerequisites¶
- Proxmox VE 9+ (required for OCI image support)
- Isolated network with no existing DHCP infrastructure
- SSH and web UI access (port 8006) to the Proxmox host
Assumptions¶
The following instructions make several assumptions for clarity. You may have to adapt them for your deployment.
- You are using the Proxmox default
localstorage at/var/lib/vzfor all operations. - You are using the Proxmox default
vmbr0network on the10.0.0.0/16subnet. The gateway is at10.0.0.1and the Proxmox host is at10.0.0.2. - The Manager container uses container ID
100. - The domains
example.organd*.example.orghave public DNS entries pointing to the firewall in front of this Proxmox cluster. - At least one Proxmox node is accessible at
https://example.org:8006with a valid HTTPS certificate.
Installation Steps¶
1. Pull the OCI Image¶
Using the Proxmox Web UI or CLI:
skopeo copy docker://ghcr.io/mieweb/opensource-server/manager:latest oci-archive:/var/lib/vz/template/cache/manager_latest.tar
2. Create the Management Container¶
In the Proxmox Web UI or CLI:
pct create 100 local:vztmpl/manager_latest.tar --cores=4 --features=nesting=1 --hostname=manager --memory=8192 --net0=name=eth0,bridge=vmbr0,gw=10.0.0.1,ip=10.0.0.3/16 --onboot=1 --ostype=debian --rootfs=local:50
Static IP Required
The management container must have a static IP. It runs a DNSMasq instance to manage DHCP within the network.
3. Configure Network Access¶
At your firewall, create the following port-forwards:
| Port | Protocol | Destination | Purpose |
|---|---|---|---|
| 8006 | tcp | Proxmox Server | Web UI access to the Proxmox server. |
| 22 | tcp | Proxmox Server | SSH access to the Proxmox server. |
| 80 | tcp | Manager Container | HTTP -> HTTPS redirect served by the Manager. |
| 443 | tcp | Manager Container | HTTPS load balancer service provided by the Manager. |
| 443 | udp | Manager Container | HTTP/3.0 QUIC load balancer service provided by the Manager. |
| 2000-2999 | tcp and udp | Manager Container | Layer-4 load balancing service provided by the Manager. |
4. Start the Container¶
In the Proxmox Web UI or CLI:
pct start 100
5. Initial Account Setup¶
- Navigate to
https://example.org:443. - Your web browser will warn about a self-signed certificate. Accept and bypass the warning. If your domain is in HSTS preload lists, you may need to use the IP address rather than the hostname until certificates are configured in a later step.
- Select the "Register" link and create your account.
First Account
The first account registered is automatically approved with full admin privileges. Register the intended administrator account first.
6. Configure the First Site¶
Further reading: Sites.
- Select "New Site".
- Fill out the information:
- Site Name:
First Site - Internal Domain:
internal.example.org - DHCP Range:
10.0.1.1,10.0.254.254 - Subnet Mask:
255.255.0.0 - Gateway:
10.0.0.1 - DNS Forwarders:
8.8.8.8,1.1.1.1 - External IP:
your.ext.ernal.ip
- Site Name:
- Select "Create Site".
7. Import Proxmox Nodes¶
Further reading: Nodes.
- Select "Import Nodes".
- Fill in the information:
- API URL:
https://example.org:8006 - Username:
root@pam - Password: your Proxmox root password
- TLS Verification: Enable
- API URL:
- Select "Import".
8. Configure an External Domain¶
Further reading: External Domains.
- Select "New External Domain".
- Fill in the information:
- Domain Name:
example.org - Default Site:
First Site - ACME Email and ACME Directory are currently unused.
- Cloudflare API Email and Key are optional unless you are planning to use Cross-Site DNS.
- Auth Server URL:
https://manager.example.org(see Authentication).
- Domain Name:
- Select "Create External Domain".
- Refer to SSL Certificate Provisioning to configure an HTTPS certificate.
9. Finalize the Manager Domain¶
- On the Manager container, select "Edit".
- Expand the "Services" menu.
- Select "Add Service".
- Fill in the information:
- Type: HTTP
- Internal Port:
3000 - External Hostname:
manager - External Domain:
example.org - Require Auth: false
- Select "Update Container".
Warning
After this configuration propagates to the load balancer, you'll no longer be able to access the manager on any other hostname. The bare domain example.org will show the documentation and the manager will only be accessible on manager.example.org.