Martin/proxmox-infrastruktur
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
572665b60f89bbee4e8c4067e09b6694c3e0f65d
proxmox-infrastruktur/README.md
Martin Eckardt 4b218a70dd Add dual NVMe storage documentation and snapshot troubleshooting 
- Updated architecture diagram with actual disk sizes (100GB/200GB)
- Added Storage section with NVMe layout and snapshot commands
- Added VM/Storage troubleshooting section:
  - Snapshot feature not available (Raw Device fix)
  - Storage overview and disk migration
  - Thin pool warnings explanation
- Updated changelog with storage optimization

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-28 21:46:50 +01:00

257 lines
6.4 KiB
Markdown
Raw Blame History

# Proxmox Infrastruktur
Self-Hosted Services auf Proxmox VE mit Docker.
## Architektur
```
Internet
|
v
[Windows VPS: 217.154.65.205]
- nginx Reverse Proxy
- SSL (Let's Encrypt via win-acme)
- WireGuard Server
|
| WireGuard Tunnel (10.0.0.0/24)
v
[Proxmox: 192.168.178.111]
- Hypervisor
|
v
[VM 100 "docker-services": 192.168.178.200 / 10.0.0.2]
- Docker Host
- Alle Services als Container
- 100GB System (local-lvm/NVMe1)
- 200GB Data (nvme-data/NVMe2)
```
## Services
| Service | Port | URL (Extern) | Beschreibung |
|---------|------|--------------|--------------|
| Nextcloud | 8081 | eckardt-cloud.duckdns.org | Cloud Storage |
| Vaultwarden | 8083 | eckardt-vault.duckdns.org/vault/ | Passwort Manager |
| n8n | 5678 | eckardt-vault.duckdns.org/n8n/ | Workflow Automation |
| Gitea | 3000 | eckardt-git.duckdns.org | Git Repository |
| Websites | 8082 | eckardt-vault.duckdns.org | Statische Websites |
| API | 8000 | eckardt-vault.duckdns.org/api/ | FastAPI Backend |
| **Netdata** | 19999 | eckardt-monitoring.duckdns.org | System Monitoring |
| Audiobookshelf | 13378 | (intern) | Audiobook Server |
## Quick Start
### Voraussetzungen
- Proxmox VE oder Debian/Ubuntu mit Docker
- WireGuard fuer externen Zugriff
- Min. 4GB RAM, 50GB Speicher
### Installation
```bash
# Repository klonen
git clone https://eckardt-git.duckdns.org/Martin/proxmox-infrastruktur.git
cd proxmox-infrastruktur
# Environment-Variablen konfigurieren
cp docker/.env.template docker/.env
nano docker/.env # Passwoerter anpassen!
# Deployment starten
sudo ./scripts/deploy.sh
```
## Verzeichnisstruktur
```
proxmox-infrastruktur/
├── docker/
│ ├── docker-compose.yml # Haupt-Konfiguration
│ ├── .env.template # Environment Template
│ └── .gitignore # Secrets ausschliessen
├── configs/
│ ├── nginx/
│ │ └── nginx.conf # VPS Reverse Proxy
│ └── wireguard/
│ └── wg0.conf.template # WireGuard Template
├── scripts/
│ ├── deploy.sh # Installations-Script
│ ├── backup.sh # Backup-Script
│ └── health-check.sh # Health-Check Script
├── docs/
│ ├── INSTALL.md # Detaillierte Installation
│ └── TROUBLESHOOTING.md # Problemloesungen
└── README.md # Diese Datei
```
## Wartung
### Health Check
```bash
# Alle Services pruefen
/opt/scripts/health-check.sh
# Einzelnen Container pruefen
docker inspect --format='{{.State.Health.Status}}' nextcloud
```
### Backup
```bash
# Vollstaendiges Backup
/opt/scripts/backup.sh all
# Einzelner Service
/opt/scripts/backup.sh nextcloud
# Automatisches Backup (crontab -e)
0 3 * * * /opt/scripts/backup.sh all >> /var/log/backup.log 2>&1
```
### Updates
```bash
cd /opt/docker
# Alle Container aktualisieren
docker compose pull
docker compose up -d
# Einzelnen Container aktualisieren
docker compose pull nextcloud
docker compose up -d nextcloud
```
### Logs
```bash
# Alle Container
docker compose logs -f
# Einzelner Container
docker logs -f nextcloud
# Letzte 100 Zeilen
docker logs --tail 100 nextcloud
```
## Sicherheit
### Implementierte Massnahmen
- **Isolierte Netzwerke**: Jeder Service hat sein eigenes Docker-Netzwerk
- **Resource Limits**: CPU und Memory Limits pro Container
- **Health Checks**: Automatische Ueberwachung aller Services
- **Rate Limiting**: nginx begrenzt Anfragen pro IP
- **TLS 1.2+**: Nur sichere Verschluesselung
- **Security Headers**: X-Frame-Options, X-Content-Type-Options, etc.
### Zu beachten
- `.env` Datei NIEMALS committen
- Admin-Tokens regelmaessig rotieren
- Backups extern speichern
- Updates zeitnah einspielen
## Netzwerk
### WireGuard Tunnel
```
VPS (Server) Proxmox (Client)
10.0.0.1 <--> 10.0.0.2
217.154.65.205 192.168.178.111
```
### Ports
| Port | Service | Zugriff |
|------|---------|---------|
| 51820/UDP | WireGuard | VPS extern |
| 80 | nginx HTTP | VPS extern |
| 443 | nginx HTTPS | VPS extern |
| 3000 | Gitea Web | Proxmox intern |
| 2222 | Gitea SSH | Proxmox intern |
## Troubleshooting
Siehe [docs/TROUBLESHOOTING.md](docs/TROUBLESHOOTING.md) fuer:
- Container startet nicht
- Permission denied Fehler
- Netzwerk-Probleme
- SSL-Zertifikat Fehler
- Backup-Probleme
- VT-x/KVM nicht verfuegbar
- VM Snapshots funktionieren nicht
- Storage-Migration zwischen NVMes
## Storage
### Proxmox Storage Layout
| Storage | NVMe | Modell | Verwendung | Kapazitaet |
|---------|------|--------|------------|------------|
| `local-lvm` | nvme0n1 | WDC 476GB | VM System Disks | ~350GB Thin Pool |
| `nvme-data` | nvme1n1 | SKHynix 476GB | Data Volumes | ~450GB Thin Pool |
### VM 100 Disk-Konfiguration
| Disk | Storage | Groesse | Mountpoint |
|------|---------|---------|------------|
| scsi0 | local-lvm | 100GB | / (System) |
| scsi1 | nvme-data | 200GB | /data |
### Snapshots
```bash
# Snapshot erstellen
qm snapshot 100 <name> --description "Beschreibung"
# Snapshots auflisten
qm listsnapshot 100
# Zu Snapshot zurueckkehren
qm rollback 100 <name>
# Snapshot loeschen
qm delsnapshot 100 <name>
```
## Changelog
### 2025-12-28
- Initial Setup mit allen Services
- Gitea auf eigener Subdomain (eckardt-git.duckdns.org)
- Security Hardening:
- Fail2Ban (SSH: 3 Versuche = 24h Ban)
- SSH Key-Only Authentication
- UFW Firewall
- Automatische Security Updates
- Docker no-new-privileges
- nginx Rate Limiting
- Vaultwarden Registration disabled
- Gitea Registration disabled
- Isolierte Docker-Netzwerke pro Service
- Resource Limits (CPU/Memory) pro Container
- Logging mit Rotation (10MB, 3 Files)
- Netdata Monitoring hinzugefuegt (eckardt-monitoring.duckdns.org)
- Host + Docker Container Monitoring
- WireGuard + Fail2Ban Integration
- Separates Git-Repository: proxmox-netdata
- VT-x im BIOS aktiviert fuer VM-Support
- Docker Container Migration zu VM 100:
- VM erstellt: 10GB RAM, 6 Cores, 100GB System Disk
- Separates 200GB Data Volume fuer Nextcloud/Services
- WireGuard auf VM konfiguriert (10.0.0.2)
- Alle Container erfolgreich migriert
- Alte Container auf Host gestoppt
- Storage-Optimierung:
- Zweite NVMe (SKHynix 476GB) als nvme-data Storage aktiviert
- Data Volume auf nvme-data migriert (Live-Migration)
- Snapshots aktiviert (Raw Device zu Proxmox-managed konvertiert)
- NVMe 1 (WDC): VM System Disks
- NVMe 2 (SKHynix): Nextcloud/Data Volumes
Reference in New Issue View Git Blame Copy Permalink