Selfhosted

40198 readers

971 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago

MODERATORS

[email protected]

virtualizing PFSense. What else works besides ESXi for virtual networking? (lemmy.world)

submitted 9 months ago by [email protected] to c/[email protected]

43 comments fedilink hide all child comments

with the demise of ESXi, I am looking for alternatives. Currently I have PfSense virtualized on four physical NICs, a bunch of virtual ones, and it works great. Does Proxmox do this with anything like the ease of ESXi? Any other ideas?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (16 children)

Yes it does run, but BSD-based VMs running on Linux have their details as usual. This might be what you're looking for: https://discuss.linuxcontainers.org/t/run-freebsd-13-1-opnsense-22-7-pfsense-2-7-0-and-newer-under-lxd-vm/15799

Since you want to run a firewall/router you can ignore LXD's networking configuration and use your opnsense to assign addresses and whatnot to your other containers. You can created whatever bridges / vlan-based interface on your base system and them assign them to profiles/containers/VMs. For eg. create a cbr0 network bridge using systemd-network and then run lxc profile device add default eth0 nic nictype=bridged parent=cbr0 name=eth0 this will use cbr0 as the default bridge for all machines and LXD won't provide any addressing or touch the network, it will just create an eth0 interface on those machines attached to the bridge. Then your opnsense can be on the same bridge and do DHCP, routing etc. Obviously you can passthrough entire PCI devices to VMs and containers if required as well.

When you're searching around for help, instead of "Incus" you can search for "LXD" as it tend to give you better results. Not sure if you're aware but LXD was the original project run by Canonical, recently it was forked into Incus (and maintained by the same people who created LXD at Canonical) to keep the project open under the Linux Containers initiative.

[–] [email protected] 1 points 9 months ago (4 children)

Very informative, thank you.

I am generally very comfortable with Linux, but somehow this seems intimidating.

Although I guess I'm not using proxmox for anything other than managing VMs, network bridges and backups. Well, and for the feeling of using something that was set up by people who know what they're doing and not hacked together by me until it worked...

[–] [email protected] 2 points 9 months ago (3 children)

I guess I’m not using proxmox for anything other than managing VMs, network bridges and backups.

And LXD/Incus can do that as well for you. Install it an by running incus init it will ask you a few questions and get an automated setup with networking, storage etc. all running and ready for you to create VMs/Containers.

What I was saying is that you can also ignore the default / automated setup and install things manually if you've other requirements.

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago) (1 children)

Okay, I think I found a bit of a catch with Incus or LXD. I want a solution with a web UI, and while Incus has one, it seems to have access control either browser certificate based or with a central auth server. Neither are a good solution for me - I would much prefer regular user auth with the option to use an auth server at some point (but I don't want to take all of this on all at once.)

I hope it's okay that I keep coming back to you with these questions. You seem to be a strong Incus-evangelist. :)

I guess I could only expose the web UI on localhost and create an SSH tunnel in order to use it...? Not so good on mobile though, which is the strongest reason for a webui.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (1 children)

You aren't wrong, the WebUI is stateless, it doesn't know of any users nor it stores any other context information.

The certificates are required for the UI client to authenticate with the underlying LXD server itself. Much like the SSH authentication is boils down to creating a public/private key pair and the PK is added to your browser(s) and the public key to the server. I believe this is a good walkthrough of the process for anyone starting out.

At work we use Authelia and HAProxy to get around the need to distribute a certificate for each client / mange our logins with SSO and 2FA. At home I simply use Nginx as a reverse proxy to the WebUI with the proxy_ssl_certificate passing a certificate down to it. Here another configuration example of how to use Nginx to pass the certificate, you can then use Basic HTTP Auth to add a simple username/password to it.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

Thanks for your patience. I appreciate it and I'm learning a lot. 🙏

There's a chance yet!

edit: That actually seems simple enough and should integrate nicely with the rest of my network. Cool!

load more comments (1 replies)

load more comments (12 replies)