PVE简介
PVE-全称Proxmox VE,是一个开源的服务器虚拟化环境Linux发行版。本文档通过通过部署PVE6,在互联网上建立一个小型数据中心,一个公网IP+一个路由+N个内网服务器对外提供服务,前提是你的VPS或物理服务器资源够强大,至少4C/8G/40G,否则部署后资源太少,没意义。
系统采用Debian10 x64,安装步骤省略,本文重点是安装后优化配置。
配置更新源
rm /etc/apt/sources.list.d/pve-enterprise.list
echo 'deb http://download.proxmox.com/debian/pve buster pve-no-subscription' >> /etc/apt/sources.list.d/pve-no-subscription.list
apt-get update && apt-get dist-upgrade
安装优化工具
项目地址:https://github.com/gzzchh/pve_knife
开启BBR
echo 'net.core.default_qdisc=fq' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_congestion_control=bbr' >> /etc/sysctl.conf
sysctl -p
lsmod | grep bbr
关闭订阅提醒
nano +380 /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
将
if (data.status !== 'Active') {
修改成
if (false) {
保存退出,重启服务,清浏览器缓存。
systemctl restart pveproxy
ISO路径
/var/lib/vz/template/iso/
下载CentOS7
wget http://linux.mirrors.es.net/centos/7.7.1908/isos/x86_64/CentOS-7-x86_64-Minimal-1908.iso
下载Deepin15
wget http://cdimage.deepin.com/releases/15.11/deepin-15.11-amd64.iso
img2kvm镜像转换命令
img2kvm <img_name> <vm_id> <vmdisk_name> [storage]
举例:
./img2kvm /var/lib/vz/template/iso/iKuai8_x64_3.2.9_Build201911151520.img 100 vm-100-disk-0
开启qemu-guest-agent
VM中安装agent
apt-get install qemu-guest-agent
pve中执行开启命令
qm set VMID --agent 1
CentOS7安装并开启agent,开机自动运行
安装
yum install qemu-guest-agent
开启agant
systemctl start qemu-guest-agent
开机自动启动
systemctl enable qemu-guest-agent
单公网IP开启内核转发功能
vi/etc/sysctl
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv6.conf.<p style="color:red">eno1</p>.autoconf=0
net.ipv6.conf.<p style="color:red">eno1</p>.accept_ra=2
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.proxy_ndp=1
net.ipv6.conf.all.proxy_ndp=1
其中红色部分(eno1)修改为自己的网卡名
单公网IP防火墙中配置端口转发
编辑文件/etc/network/interfaces
配置举例:
auto lo
iface lo inet loopback
iface ens3 inet manual
auto vmbr0
iface vmbr0 inet static
address 45.95.185.42
netmask 255.255.255.0
gateway 45.95.185.1
bridge_ports ens3
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
address 172.16.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up iptables -t nat -A POSTROUTING -s '172.16.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.10.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.10.2:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.10.2:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 172.16.10.2:443
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 172.16.10.2:443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10122 -j DNAT --to 172.16.10.2:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10122 -j DNAT --to 172.16.10.2:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2812 -j DNAT --to 172.16.10.2:2812
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2812 -j DNAT --to 172.16.10.2:2812
配置后重启PVE系统后生效。
参考资料
参考配置网络,实现单公网IP客户机NAT访问互联网
https://www.izcv.com/1056.html
https://blog.csdn.net/jsdtwyk/article/details/89061758
版权属于:xinlon(除特别注明外)
本文链接:https://note.xinlon.cc/archives/14/
本站文章采用 知识共享署名4.0 国际许可协议 进行许可,请在转载时注明出处及本声明!
One comment
博主真是太厉害了!!!