Initially after installation, there are a lot of things that you may want to 'fix'. These are some basic configuration issues that are made not only on the Proxmox Server, but from the remote systems using the Web UI for connection through Port 8006.
Some of these may be useful to you; but not all may be useful. Even if you do not need them, they may be beneficial to know for future use.
Web UI
Once you have the Proxmox Server started, you can access the server from a web browser by going to the IP address of the Proxmox Server and port 8006.
The issue is that the Proxmox Server has a self-assigned certificate, and you will get these errors every time you connect until you can make your browser trust the server. Keep in mind that this process may need to be done for each node, depending on how you do the process. Figure 1 shows a typical error, as seen in Firefox.
FIGURE 1
I will cover this process on three web browsers and then how to do it in Windows. I'm sure that in some businesses, they still use Windows.
Before you start this process, there is a file you need from the Proxmox Server. The file is '/etc/pve/pve-root-ca.pem'.
You will need a USB flash drive to copy the certificate file to for copying it to client systems.
Insert the USB and find the device name:
After you have the device name, you need to create a folder to use for mounting:
Now, you can issue the command to mount the USB device to the newly made mount point:
Replace the 'x' in 'sdx1' with your device name. If you have multiple partitions on the flash drive, you may need to change the '1' as well.
After the system mounts the USB flash drive, you can copy the file to the drive:
The file should not be on the flash drive. Remove the flash drive and insert it into the remote system that will access the Web UI.
If your browser is Firefox, then we can do the following to get the certificate set up in the browser so it will trust the Proxmox Server. In Firefox, go to the address 'about
references'. On the left side of the window should be the line 'Privacy and Security'. Click on it. In the right pane, scroll down and find the section for 'Certificates'. Click on the button labeled 'View Certificates'. In the window that appears, select the 'Authorities' tab. Click on 'Import' and then point to the 'pem' file on the USB flash drive. Select 'Trust this CA to identify websites' and click on 'OK'. Click 'OK' again and you should be back at the main Firefox window.
For Chrome, you need to follow these steps. In the address bar, type in 'chrome://settings'. Select the 'Main menu' option, which is the three lines in the top left of the window. When the drop-down box appears, select 'Privacy and Security'. Scroll down to 'Security' and select it. Towards the bottom of the list is a section that is labeled 'Manage Certificates'. Select it. In the new window, select the option 'Install by you' in the right pane. For 'Trusted Certificates', select the 'Import' button. Find and select the 'PEM' file you copied onto the USB flash.
For Arch Linux, we will not import the certificate to Web, the browser in Arch, but we will import it into the Operating System certificates so the entire system will accept the certificate. Create the folder structure '/usr/local/share/ca-certificates' with the command:
Place the 'PEM' file into the folder you created and then run:
Once completed, you should be able to open Firefox, Chrome or Web (in Arch) and they should work without giving a certificate error.
For Windows, we can trust a certificate for the entire system to allow any application to access the Proxmox Server, no matter the browser you have installed. In your OS search bar, type in 'certmgr' and open 'Manage Computer Certificates' from the Control Panel. If you are asked for permission, click 'Yes'. In the left pane, click on 'Trusted Root Certification Authorities'. In the right pane, there should be a folder named 'Certificates'. Right-click on this folder, select 'All Tasks' and then 'Import'. Click on 'Next' so you can search for the 'PEM' file downloaded from the Proxmox Server. You may need to change the 'File Types' to 'All files'. Click on 'Next' and then 'Next' and 'Finish'. You should be informed that the import was successful. Click 'OK'. Close the 'certmgr' to finish the import. You should be able to access the Proxmox Server from a browser within Windows and not get an error.
So, from any browser, I am using Firefox in my Figures, you can access your Proxmox Server and see a screen similar to Figure 2.
FIGURE 2
Adding the certificate on Ubuntu is like on Arch, just copy the 'pem' file to '/usr/local/share/ca-certificates' Once the copy is done, you need to update the certificate services with the command:
Open the browser you wish to use, and you should not get an error in connection.
One last browser to consider is Microsoft Edge, which can be installed on Debian-based Linux distros. The difference between using Edge for the Web UI is that you can right-click on specific items and get a special context menu to manage items. For example, you can right-click the node and be able to create a VM or CT.
DNS
When you first log in to the Proxmox Server, you must use the Root account, since it is the only one that exists.
For the 'User name', type in 'root'. For 'Password', type in the password you specified during the installation.
You should now see the message 'No valid subscription'. You will see this appear often unless you have a subscription. Click on 'OK' to make it close the message.
There should be a screen similar to Figure 3.
FIGURE 3
Here, you can see the devices shown in the left pane. The middle pane are different options for the selected item in the left pane. Once you choose an option in the middle pane, there will be settings or information in the right pane. The bottom section shows the log, which allows you to double-click on a line to get more detailed information.
During setup, we could only set a single DNS Server so we need to add more for redundancy.
In the left pane, select your Node. Mine is 'pve1', as seen in Figure 3. In the middle pane, select 'System' and then it drops down, so select 'DNS'.
Click on the line that says 'DNS Server1' to highlight it. Above the line, click on 'Edit'. A new window appears to let you add entries for 'DNS server 2' and 'DNS server 3'. Enter the proper IP addresses and click on 'OK'. There should now be more DNS Servers listed.
System Update
Now that the DNS Server list is complete, we can look into updating the system from the Repositories. We need to change the current Repositories since they are set for Subscription based systems.
In the left pane, select the Node. In the middle pane, select 'Updates' and then 'Repositories'. You should have a screen similar to that in Figure 4.
FIGURE 4
The bottom two Repositories on the list are Subscription based and need to be removed. Click on one at a time, then click on 'Disable' to disable the Repository from being used.
Now, we need to add a Subscription-free repository, so click on 'Add'. In the box that appears, choose 'No-Subscription from the drop-down box and click 'Add'.
It is not recommended to use this repository in a production environment, so you will see warnings.
Now, to do a system update and upgrade from the Repositories. Select 'Updates' in the middle pane.
Above the list of packages in the right pane that need upgrading, select 'Refresh' to perform a list update from the Repositories. Once that is complete, click on 'Upgrade' to upgrade the packages.
For each of these processes, a window will appear to show you the progress, similar to watching it in a terminal. When needed, answer questions about any issues during the Upgrade.
Once the 'Upgrade' is done, you can close the extra window that opened. Select 'Refresh' at the top of the window again and it should cause all the packages listed in the right pane to disappear since they have been updated.
User Accounts
We need to start with a basic user account on Debian. In the left pane, select your Proxmox Server Node. In the middle pane, select '>_ Shell'. This should open up a terminal in the right pane.
Now you can perform the following to add a new user, set the password for the user, install the 'sudo' app (only need to do this once) and add the user to the 'sudo' group to give the user elevated privileges in Debian.
Some of these may be useful to you; but not all may be useful. Even if you do not need them, they may be beneficial to know for future use.
Web UI
Once you have the Proxmox Server started, you can access the server from a web browser by going to the IP address of the Proxmox Server and port 8006.
The issue is that the Proxmox Server has a self-assigned certificate, and you will get these errors every time you connect until you can make your browser trust the server. Keep in mind that this process may need to be done for each node, depending on how you do the process. Figure 1 shows a typical error, as seen in Firefox.
FIGURE 1
I will cover this process on three web browsers and then how to do it in Windows. I'm sure that in some businesses, they still use Windows.
Before you start this process, there is a file you need from the Proxmox Server. The file is '/etc/pve/pve-root-ca.pem'.
You will need a USB flash drive to copy the certificate file to for copying it to client systems.
Insert the USB and find the device name:
Code:
lsblkAfter you have the device name, you need to create a folder to use for mounting:
Code:
mkdir -p /media/testNow, you can issue the command to mount the USB device to the newly made mount point:
Code:
mount /dev/sdx1 /media/testReplace the 'x' in 'sdx1' with your device name. If you have multiple partitions on the flash drive, you may need to change the '1' as well.
After the system mounts the USB flash drive, you can copy the file to the drive:
Code:
cp /etc/pve/pve-root-ca.pem /media/test/The file should not be on the flash drive. Remove the flash drive and insert it into the remote system that will access the Web UI.
If your browser is Firefox, then we can do the following to get the certificate set up in the browser so it will trust the Proxmox Server. In Firefox, go to the address 'about
references'. On the left side of the window should be the line 'Privacy and Security'. Click on it. In the right pane, scroll down and find the section for 'Certificates'. Click on the button labeled 'View Certificates'. In the window that appears, select the 'Authorities' tab. Click on 'Import' and then point to the 'pem' file on the USB flash drive. Select 'Trust this CA to identify websites' and click on 'OK'. Click 'OK' again and you should be back at the main Firefox window.For Chrome, you need to follow these steps. In the address bar, type in 'chrome://settings'. Select the 'Main menu' option, which is the three lines in the top left of the window. When the drop-down box appears, select 'Privacy and Security'. Scroll down to 'Security' and select it. Towards the bottom of the list is a section that is labeled 'Manage Certificates'. Select it. In the new window, select the option 'Install by you' in the right pane. For 'Trusted Certificates', select the 'Import' button. Find and select the 'PEM' file you copied onto the USB flash.
For Arch Linux, we will not import the certificate to Web, the browser in Arch, but we will import it into the Operating System certificates so the entire system will accept the certificate. Create the folder structure '/usr/local/share/ca-certificates' with the command:
Code:
sudo mkdir -p /usr/local/share/ca-certificatesPlace the 'PEM' file into the folder you created and then run:
Code:
sudo trust /usr/local/share/ca-certificates/pve-root-ca.pemOnce completed, you should be able to open Firefox, Chrome or Web (in Arch) and they should work without giving a certificate error.
For Windows, we can trust a certificate for the entire system to allow any application to access the Proxmox Server, no matter the browser you have installed. In your OS search bar, type in 'certmgr' and open 'Manage Computer Certificates' from the Control Panel. If you are asked for permission, click 'Yes'. In the left pane, click on 'Trusted Root Certification Authorities'. In the right pane, there should be a folder named 'Certificates'. Right-click on this folder, select 'All Tasks' and then 'Import'. Click on 'Next' so you can search for the 'PEM' file downloaded from the Proxmox Server. You may need to change the 'File Types' to 'All files'. Click on 'Next' and then 'Next' and 'Finish'. You should be informed that the import was successful. Click 'OK'. Close the 'certmgr' to finish the import. You should be able to access the Proxmox Server from a browser within Windows and not get an error.
So, from any browser, I am using Firefox in my Figures, you can access your Proxmox Server and see a screen similar to Figure 2.
FIGURE 2
Adding the certificate on Ubuntu is like on Arch, just copy the 'pem' file to '/usr/local/share/ca-certificates' Once the copy is done, you need to update the certificate services with the command:
Code:
sudo update-ca-certificatesOpen the browser you wish to use, and you should not get an error in connection.
One last browser to consider is Microsoft Edge, which can be installed on Debian-based Linux distros. The difference between using Edge for the Web UI is that you can right-click on specific items and get a special context menu to manage items. For example, you can right-click the node and be able to create a VM or CT.
DNS
When you first log in to the Proxmox Server, you must use the Root account, since it is the only one that exists.
For the 'User name', type in 'root'. For 'Password', type in the password you specified during the installation.
You should now see the message 'No valid subscription'. You will see this appear often unless you have a subscription. Click on 'OK' to make it close the message.
There should be a screen similar to Figure 3.
FIGURE 3
Here, you can see the devices shown in the left pane. The middle pane are different options for the selected item in the left pane. Once you choose an option in the middle pane, there will be settings or information in the right pane. The bottom section shows the log, which allows you to double-click on a line to get more detailed information.
During setup, we could only set a single DNS Server so we need to add more for redundancy.
In the left pane, select your Node. Mine is 'pve1', as seen in Figure 3. In the middle pane, select 'System' and then it drops down, so select 'DNS'.
Click on the line that says 'DNS Server1' to highlight it. Above the line, click on 'Edit'. A new window appears to let you add entries for 'DNS server 2' and 'DNS server 3'. Enter the proper IP addresses and click on 'OK'. There should now be more DNS Servers listed.
System Update
Now that the DNS Server list is complete, we can look into updating the system from the Repositories. We need to change the current Repositories since they are set for Subscription based systems.
In the left pane, select the Node. In the middle pane, select 'Updates' and then 'Repositories'. You should have a screen similar to that in Figure 4.
FIGURE 4
The bottom two Repositories on the list are Subscription based and need to be removed. Click on one at a time, then click on 'Disable' to disable the Repository from being used.
Now, we need to add a Subscription-free repository, so click on 'Add'. In the box that appears, choose 'No-Subscription from the drop-down box and click 'Add'.
It is not recommended to use this repository in a production environment, so you will see warnings.
Now, to do a system update and upgrade from the Repositories. Select 'Updates' in the middle pane.
Above the list of packages in the right pane that need upgrading, select 'Refresh' to perform a list update from the Repositories. Once that is complete, click on 'Upgrade' to upgrade the packages.
For each of these processes, a window will appear to show you the progress, similar to watching it in a terminal. When needed, answer questions about any issues during the Upgrade.
Once the 'Upgrade' is done, you can close the extra window that opened. Select 'Refresh' at the top of the window again and it should cause all the packages listed in the right pane to disappear since they have been updated.
User Accounts
We need to start with a basic user account on Debian. In the left pane, select your Proxmox Server Node. In the middle pane, select '>_ Shell'. This should open up a terminal in the right pane.
Now you can perform the following to add a new user, set the password for the user, install the 'sudo' app (only need to do this once) and add the user to the 'sudo' group to give the user elevated privileges in Debian.
Code:
useradd <user>
passwd <user>
apt install sudo -y
usermod -aG sudo <user>[/code
So, to create the user account in Proxmox, we need to select the 'Datacenter' in the left pane. In the middle pane, select 'Permissions', and then after it drops down more options, choose 'Users'.
You have noticed we are in the 'Datacenter', which includes all the devices we currently have installed. The 'Datacenter' contains all the devices, so anything created in the Datacenter will also be in the lower devices.
After you click on 'Users', you can see a listing in the right pane, which only includes 'root'. Above this is a button to 'Add' users. Click on 'Add'. You should then see an entry form, similar to Figure 5, to allow you to create a new 'User'. Fill in the entries as needed to match the user account you created in Debian. You should notice that there is a check box to 'Enable' the user account. You can always select a user, click on 'Edit' and remove the check in the box to disable an account and prevent the username from being used.
[ATTACH type="full"]29239[/ATTACH]
[B]FIGURE 5[/B]
We now have a user account, but we have assigned no permissions for the Server. Click on 'Permissions', which should be right above 'Users'.
In the right pane, click on 'Add' and choose 'User Permission'. You should then see an entry box, like Figure 6, appear.
[ATTACH type="full"]29240[/ATTACH]
[B]FIGURE 6[/B]
In the 'Path' option, you can set what area the user has permissions to in the 'Datacenter'. If you choose the root (/), then they will have permission over everything. You still need to set what they can do, but this sets where they have rights. For 'User', there is a drop-down box that should list the user account you previously created. 'Role' lets you specify their permissions. The Administrator' option will give full permissions to everything that you specified in 'Path'. The 'Propagate' option allows you to specify if the rights include all listings under the one specified in 'Path'.
[B]Web UI Dark Mode[/B]
Some people dislike a bright white screen shining in their face when managing the Proxmox Server. So, it is possible to change it to a dark theme.
So, click on the username, the one currently logged into the server in the top right corner. From the drop-down list, choose 'Color Theme'.
A new window will appear, so here you need to click on the drop-down list and choose 'Proxmox Dark'. Then click on 'Apply' to set the choice you made.
If your system or web browser theme is set to dark, then it may auto-detect this, but you can override the system theme, if you wish.
The 'Proxmox Dark' theme is shown in Figure 7.
[ATTACH type="full"]29241[/ATTACH]
[B]FIGURE 7
Conclusion[/B]
The information here should be enough to get you working a little with Proxmox to update the system.
You can also add users to the server, both Debian and Proxmox sides. I believe we will get into Virtual Machines (VM) in the next article.
