enhanced tuto server for proxmox

tutos/server.md

@@ -1,5 +1,140 @@
 ssh huho@62.210.206.99
 
+---
+
+install new os steps :
+- exemple os : proxmox
+- connect to ecowan
+- activate IPMI (Intelligent Platform Management Interface) :
+	- fill ip address (ip of internet connexion)
+	- ecowan generates :
+		- the session ip : 51.159.47.149
+		- the username : sd-51086
+		- the password is shown on ecowan panel
+- you can use it to connect to the IDRAC6 panel with different methods :
+	1. either go to the url `https://51.159.47.149`
+	2. or with this script (which download the java packages and create the console for you) :
+		- the script can be found here : **https://gist.github.com/TheJJ/2394cd76d3e2c34d02e3da1bd3e489b2?ref=blockdev.io**
+		- I added it to this config folder
+		- i also added it to the PATH **~/.local/bin/idracclient.py** so you can call it from anywhere like that : **idracclient.py <ip> -u <username>**
+	3. or use a java console, manually (you need to download all the java packages),
+		- folder architecture :
+			idrac-folder/
+			├── jre/                       ← contains bin/java
+			├── jnlp/                      ← optional: keep the original .jnlp here for backup
+			├── avctKVM.jar
+			├── lib/
+			│   ├── libavctKVMIO.so
+			│   └── libavmLinux.so
+			└── start-virtual-console.sh
+		- jre/ :
+			- download from oracle : https://www.oracle.com/java/technologies/javase/javase7-archive-downloads.html
+			- download  `1.7.0_80 or 1.7.0_79` : `jre-7u80-macosx-x64.tar.gz` or `jre-7u79-macosx-x64.tar.gz` (need to create an account)
+		- jnlp/ :
+			- connect to idrac online from ecowan session
+			- download jnlp by clicking `launch virtual console`
+		- avctKVM.jar :
+			- find the file avctKVM to download in the jnlp file by looking for line : `<jar href="https://<idrac-ip>:443/software/avctKVM.jar" />`
+			- download with this curl command to avoid problems with dh : `curl -k --ciphers 'DEFAULT:!DH' "https://51.159.47.149:443/software/avctKVM.jar" -o avctKVM.jar`
+		- lib/ :
+			- find the lines in jnlp file to download :
+				`<nativelib href="https://51.159.47.149:443/software/avctKVMIOLinux64.jar" download="eager"/>`
+				`<nativelib href="https://51.159.47.149:443/software/avctVMLinux64.jar" download="eager"/>`
+			- download them :
+				`curl -k --ciphers 'DEFAULT:!DH' "https://51.159.47.149:443/software/avctKVMIOLinux64.jar" -o avctKVMIOLinux64.jar`
+				`curl -k --ciphers 'DEFAULT:!DH' "https://51.159.47.149:443/software/avctVMLinux64.jar" -o avctVMLinux64.jar`
+			- `mkdir -p lib`
+			- extract from the native library jars
+				`unzip -j avctKVMIOLinux64.jar "*.so" -d lib/`
+				`unzip -j avctVMLinux64.jar "*.so" -d lib/`
+		- start-virtual-console.sh :
+			```
+				#!/bin/bash
+				echo -n 'jre folder: '
+				read dracjrefolder
+				echo -n 'host ip: '
+				read drachost
+				echo -n 'username: '
+				read dracuser
+				echo -n 'password: '
+				read -s dracpwd
+				echo
+				./$dracjrefolder/bin/java -cp avctKVM.jar -Djava.library.path=./lib com.avocent.idrac.kvm.Main ip=$drachost kmport=5900 vport=5900 user=$dracuser passwd=$dracpwd apcp=1 version=2 vmprivilege=true "helpurl=https://$drachost:443/help/contents.html"
+			```
+			- make it executable : `chmod +x start-virtual-console.sh`
+		- then on the console, you don't need to login, just click on attaching a media, map your iso file, and then click on warn reboot, and when prompter press f11 to enter boot menu and choose the virtual cd with the iso file
+
+---
+
+proxmox network configuration :
+
+- hostname (FQDN - Fully Qualified Domain Name) : proxmox.hugulumu.fr
+- ip address (CIDR) : 62.210.206.99/24
+- gateway : 62.210.206.1
+- DNS server : 1.1.1.1 (cloudflare)
+
+still need to do :
+
+- Create the A record (e.g. proxmox.hugulumu.fr) :
+	You can point your domain whenever you want — the hostname is just internal until then.
+- Configure HTTPS (Let’s Encrypt or proxy) :
+	By default, Proxmox uses a self-signed cert. You’ll get browser warnings, but it still works securely.
+- Set up a firewall or 2FA :
+	Strongly recommended later, especially since it’s a public server — but not required to get started.
+	-> Enable 2FA, Or even set up a reverse proxy with HTTPS (Let’s Encrypt) and restrict access with a VPN or fail2ban
+
+todo list :
+
+✅ 1. DNS Configuration
+
+	- [ ] Create an A record:
+		- proxmox.hugulumu.fr → your server’s public IP.
+		- Do it from your domain registrar (where you manage hugulumu.fr).
+	- [ ] Wait for DNS propagation (can take a few minutes to hours).
+
+🔐 2. HTTPS Access
+
+	- [ ] Set up a valid SSL certificate for your Proxmox web UI:
+		- Option 1: Use Let’s Encrypt via acme.sh or Proxmox built-in ACME support.
+		- Option 2: Use a reverse proxy like Nginx or Caddy (if you plan to expose more services later).
+
+🛡️ 3. Firewall Setup
+
+	- [ ] Enable firewall on Proxmox (Datacenter → Firewall → Enable).
+	- [ ] Create basic rules:
+		- Allow Web UI (port 8006)
+		- Allow SSH (port 22)
+		- Block everything else by default
+	- [ ] If your hoster (like Online.net / Scaleway / Hetzner?) has a cloud firewall, configure it too.
+
+🔐 4. Secure Access
+
+	- [ ] Create a new user for yourself, disable root login (or set 2FA for root)
+	- [ ] Enable 2FA (TOTP) for web UI
+	- [ ] Set up SSH key authentication and disable password SSH login (optional but good)
+
+🧰 5. System Updates
+
+	- [ ] apt update && apt full-upgrade
+	- [ ] Enable automatic security updates:
+		```
+		apt install unattended-upgrades
+		dpkg-reconfigure --priority=low unattended-upgrades
+		```
+
+🧠 6. Backups and Templates
+
+	- [ ] Set up a storage volume (local or NFS/SSH backup target)
+	- [ ] Download some VM templates (Debian, Ubuntu, etc.)
+	- [ ] Create a snapshot or scheduled backup job
+
+🚨 Optional (But Nice):
+
+	- [ ] Set up fail2ban or similar tool
+	- [ ] Monitor with cockpit or netdata
+	- [ ] Set up email notifications for Proxmox alerts
+
+
 ---
 
 ipv6 : fe80::d6ae:52ff:fec9:29d6