with the demise of ESXi, I am looking for alternatives. Currently I have PfSense virtualized on four physical NICs, a bunch of virtual ones, and it works great. Does Proxmox do this with anything like the ease of ESXi? Any other ideas?

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    I guess I’m not using proxmox for anything other than managing VMs, network bridges and backups.

    And LXD/Incus can do that as well for you. Install it an by running incus init it will ask you a few questions and get an automated setup with networking, storage etc. all running and ready for you to create VMs/Containers.

    What I was saying is that you can also ignore the default / automated setup and install things manually if you’ve other requirements.

    • tofubl@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      9 months ago

      Okay, I think I found a bit of a catch with Incus or LXD. I want a solution with a web UI, and while Incus has one, it seems to have access control either browser certificate based or with a central auth server. Neither are a good solution for me - I would much prefer regular user auth with the option to use an auth server at some point (but I don’t want to take all of this on all at once.)

      I hope it’s okay that I keep coming back to you with these questions. You seem to be a strong Incus-evangelist. :)

      I guess I could only expose the web UI on localhost and create an SSH tunnel in order to use it…? Not so good on mobile though, which is the strongest reason for a webui.

      • TCB13@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        9 months ago

        You aren’t wrong, the WebUI is stateless, it doesn’t know of any users nor it stores any other context information.

        The certificates are required for the UI client to authenticate with the underlying LXD server itself. Much like the SSH authentication is boils down to creating a public/private key pair and the PK is added to your browser(s) and the public key to the server. I believe this is a good walkthrough of the process for anyone starting out.

        At work we use Authelia and HAProxy to get around the need to distribute a certificate for each client / mange our logins with SSO and 2FA. At home I simply use Nginx as a reverse proxy to the WebUI with the proxy_ssl_certificate passing a certificate down to it. Here another configuration example of how to use Nginx to pass the certificate, you can then use Basic HTTP Auth to add a simple username/password to it.

        • tofubl@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          9 months ago

          Thanks for your patience. I appreciate it and I’m learning a lot. 🙏

          There’s a chance yet!

          edit: That actually seems simple enough and should integrate nicely with the rest of my network. Cool!