PVE简介

PVE-全称Proxmox VE,是一个开源的服务器虚拟化环境Linux发行版。本文档通过通过部署PVE6,在互联网上建立一个小型数据中心,一个公网IP+一个路由+N个内网服务器对外提供服务,前提是你的VPS或物理服务器资源够强大,至少4C/8G/40G,否则部署后资源太少,没意义。
系统采用Debian10 x64,安装步骤省略,本文重点是安装后优化配置。

配置更新源

rm /etc/apt/sources.list.d/pve-enterprise.list
echo 'deb http://download.proxmox.com/debian/pve buster pve-no-subscription' >> /etc/apt/sources.list.d/pve-no-subscription.list
apt-get update && apt-get dist-upgrade

安装优化工具

项目地址:https://github.com/gzzchh/pve_knife

开启BBR

echo 'net.core.default_qdisc=fq' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_congestion_control=bbr' >> /etc/sysctl.conf
sysctl -p
lsmod | grep bbr

关闭订阅提醒

nano +380 /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js

if (data.status !== 'Active') {

修改成

if (false) {

保存退出,重启服务,清浏览器缓存。

systemctl restart pveproxy

ISO路径

/var/lib/vz/template/iso/

下载CentOS7

wget http://linux.mirrors.es.net/centos/7.7.1908/isos/x86_64/CentOS-7-x86_64-Minimal-1908.iso

下载Deepin15

wget http://cdimage.deepin.com/releases/15.11/deepin-15.11-amd64.iso

img2kvm镜像转换命令

img2kvm <img_name> <vm_id> <vmdisk_name> [storage]

举例:

./img2kvm /var/lib/vz/template/iso/iKuai8_x64_3.2.9_Build201911151520.img 100 vm-100-disk-0

开启qemu-guest-agent

VM中安装agent

apt-get install qemu-guest-agent

pve中执行开启命令

qm set VMID --agent 1

CentOS7安装并开启agent,开机自动运行

安装

yum install qemu-guest-agent

开启agant

systemctl start qemu-guest-agent

开机自动启动

systemctl enable qemu-guest-agent

单公网IP开启内核转发功能

vi/etc/sysctl

net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv6.conf.<p style="color:red">eno1</p>.autoconf=0
net.ipv6.conf.<p style="color:red">eno1</p>.accept_ra=2
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.proxy_ndp=1
net.ipv6.conf.all.proxy_ndp=1

其中红色部分(eno1)修改为自己的网卡名

单公网IP防火墙中配置端口转发

编辑文件/etc/network/interfaces
配置举例:

auto lo
iface lo inet loopback

iface ens3 inet manual

auto vmbr0
iface vmbr0 inet static
        address 45.95.185.42
        netmask 255.255.255.0
        gateway 45.95.185.1
        bridge_ports ens3
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address  172.16.10.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

post-up   iptables -t nat -A POSTROUTING -s '172.16.10.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '172.16.10.0/24' -o vmbr0 -j MASQUERADE

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.10.2:80
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 172.16.10.2:80
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 172.16.10.2:443
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 172.16.10.2:443
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 10122 -j DNAT --to 172.16.10.2:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 10122 -j DNAT --to 172.16.10.2:22
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2812 -j DNAT --to 172.16.10.2:2812
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2812 -j DNAT --to 172.16.10.2:2812

配置后重启PVE系统后生效。

参考资料

参考配置网络,实现单公网IP客户机NAT访问互联网
https://www.izcv.com/1056.html
https://blog.csdn.net/jsdtwyk/article/details/89061758

Last modification:May 15th, 2020 at 05:45 pm