Now that we have our first Virtual Machines up and running, we need to start putting it to use. Although a VM uses a bit of extra overhead resources compared to a LXC Container, we do have the benefit of complete isolation from the host machine. This means that if the VM is damaged or completely broken, the host machine, in our case Proxmox, will still be running perfectly. This also means that should you configure your router either with a Virtual Server or a DMZ instead of port forwarding, a Virtual Machine is definitely the option you want listening on the other end. But for now, let’s move our NGINX over to the new VM.
Step 1: Remove the previous LXC Container
This step is only necessary if you are following along with our Build your own homelab series. Because we are now going to move our NGINX config over, we no longer need our previous NGINX LXC Container. Ideally we would like our new VM to use the same IP address as the LXC container, so we need to first delete the LXC Container. In the left navigation pane, select the LXC you want to remove. IN the main window, at the top, click 
, and then click 
. You will need to enter the container ID to confirm the removal of the container, but removal should be fairly quick and painless. Once it is removed, feel free to change the Address Reservation on your router to incorporate the new VM, or set a static IP in the VM itself. To set a IP address in the VM itself is a bit more intricate that setting it on a LXC container, so we will leave that for a future article.
Step 2: Prepare your VM
Installing NGINX on Ubuntu is really easy, but first we need to get our Virtual machine ready. So, to start, navigate to your VM in the left navigation panel, and in the middle navigation panel, click 
. Log in with the details you entered on the Credentials screen when installing Ubuntu VM. With any newly installed VM, we want to make sure our Operating system is updated. To make life a little bit easier with the commands, we will first elevate ourselves to run as root in stead of the logged in normal user. To do that, run the command
sudo suYou will be prompted to enter your password again, so enter your password and you should now be a super user, root. First “check for updates” by running the following command:
apt updatePLEASE NOTE: If you are note running as root you will need to start all commands with the keyword sudo So your command will be sudo apt update.
If there are any packages that can be updated, update them with the command:
apt upgradeThis will start the process of upgrading all packages. You will be prompted if you are sure, just press Y and then <enter> to continue. Upgrading will not take that long.
Step 3: Installing NGINX
The easiest step. To install NGINX, simply run the command:
apt install nginxThat’s it. You will need to confirm again that you want to continue, but installation takes a few seconds. You can now go to the IP address of your VM to confirm that you are seeing the default NGINX HTML Page, as per the last screenshot below.
Step 4: Set up NGINX
Just like the previous time we set up NGINX, we need to go into the configuration directory and add a new configuration file, after which we will create a “shortcut” to the enabled directory to enable our new config. Start by going to the configuration directory
cd /etc/nginx/sites-available/This will change the working directory to that where NGINX stores its configuration files. You can run ls -al to see a list of all files in the directory (we will get to that blue one in a minute). Each of these files are a configuration file and can be seen as a group of sites. We want to add a new file, specifically for all our .local domains, so we will run the command
nano localThis creates a new file, local in the directory and opens it up for editing. We need to add the following:
server {
server_name proxmox.local;
listen 80;
location / {
proxy_pass https://192.168.1.2:8006;
proxy_ssl_verify off; # Skip SSL verification (if using a self-signed cert)
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade; # Needed for WebSocket support
proxy_set_header Connection "upgrade";
}
}
server {
server_name dns.local;
listen 80;
location / {
include proxy_params;
proxy_pass http://192.168.1.3:5380;
}
}Please ensure that the indentation is identical, otherwise this will not work
To break it down, the file contains the following:
– Two server blocks, one for proxmox and one for dns.
– The server_name contains the address that the user entered in their browser to reach this nginx configuration. So one is for promxmox.local and one is for dns.local
– Both listens on port 80, which is http.
– With the location as /, meaning there is nothing after the proxmox.local or dns.local address (ex: http://proxmox.local/ and http://dns.local/), we need to do two things:
– Add the header parameters stating that we are passing this request via proxy
– Pass the request (proxy_pass) to the relevant IP address… and port!
Now that we have a way to pass both the IP address and port, go ahead and save the file with Ctrl+S and exit with Ctrl+X (CMD on Mac). Next up we need to “activate” this configuration file. We do that by creating a shortcut (a soft link in Linux terms) to the activated. Run the following command:
ln -s /etc/nginx/sites-available/local /etc/nginx/sites-enabled/To test that it worked, change into the directory /etc/nginx/sites-enabled/ and run ls-al. You will see one of those blue links for local pointing to the file we created.
We can now test our configuration by running the following command:
nginx -tIf we don’t have any errors, all we need to do is reload NGINX with the following:
systemctl reload nginxWe can now just enter the addresses http://proxmox.local in our browser to access proxmox (without worrying about the port) and the same for http://dns.local to access our Technitium DNS config.
Going to the http://proxmox.local address will open Proxmox
Going to http://dns.local will open Technitium DNS
Take note: Proxmox might not work on your setup, you might get an error when logging in. We will post an update once this has been sorted out.
We also want to set up the DynDNS settings file again, as per our previous article on Nginx and DynDNS for outside access. While still in the sites-enabled directory, run the following
nano wordpressIn the open text editor, add the following config, making sure that the indentation is identical:
server {
listen 80;
server_name techdecode.tplinkdns.com;
location / {
include proxy_params;
proxy_pass http://192.168.1.43;
}
}Please ensure that the IP address is that of your WordPress LXC container. Also change the techdecode.tplindns.com to the DynDNS address you registered on your router that we did in the Dynamic DNS Setup Article. To add the shortcut, run the following command:
ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/This takes our config file called wordpress and creates a shortcut in the sites-enabled directory, ready for NGINX to read. Make sure NGINX configuration is working by running:
nginx -tIf everything is ok, all we need to do is reload the NGINX config. We do that with the command:
systemctl reload nginxNow that NGINX have reloaded, we can access our site from the address techdecode.tplinkdns.com from outside of our home network.
Conclusion
In conclusion, transitioning your NGINX setup from an LXC container to a dedicated VM enhances system isolation and security. Although the process involved several key steps – from removing the old container for those still running NGINX as an LCX Container and preparing your VM to configuring and testing NGINX – the result is a more resilient and streamlined homelab environment. As we move forward, keep in mind that your setup might require tweaks tailored to your unique network conditions. Next up we will get to our first tangible security upgrade, installing SSL certificates.
