Proxmox with BOA and Cloudflare for dev testing

[lexsoft00]

Would like to learn more about virtualization systems and setting up a homelab with a custom open source firewall Opnsense. This will help remove some of the anxiety and paranoia of doing changes directly on the server by trying them first on a VM .

1. Prepare Proxmox / VM

• Create a VM for BOA with adequate resources (e.g. 8+ GB RAM, 4+ CPUs)
• Install a supported OS (Debian or Devuan version supported by BOA).
• Ensure open outbound ports: 25, 53, 80, 443.

2. Install BOA

• Login to the VM as root (SSH).
• Run BOA install script, e.g.:

wget -qO-- https://github.com/omega8cc/boa/raw/5.x-dev/boa.sh | bash
boa in-lts public server.mydomain.org my@email o1 php-max

3. Setup Cloudflare Tunnel for Secure External Access

• On Cloudflare, under Zero Trust / Tunnels, create a new tunnel
• Install cloudflared on your Proxmox host
• Configure the tunnel to expose the BOA web interface (and possibly Aegir control panel) via a hostname, e.g. master.boa.example.com.

Or use something like https://github.com/fosrl/pangolin on a private VPS to get a private IPV4.

Any thoughts if this is going to work?

[omega8cc]

Running BOA inside Proxmox will work, but Cloudflare and OPNsense sound like a lot of extra moving parts.

If the goal is just safe testing, a tiny cheap VPS is usually simpler and much closer to real-world use — no tunnels or special firewall setup needed.

Plus, BOA already comes with (not yet well documented) built-in logic to control web access per site and per IP address via simple txt configuration file.

Could you be please elaborate on the intended use case so we could understand if that’s something we could assist with?

_{Sent with GitHawk}

[lexsoft00]

True, a cheap VPS could be a simpler solution, but I'd prefer to eliminate the overhead that comes with troubleshooting issues, such as reinstalls when things break, the need for snapshot services, and ultimately having to manually replicate a full service setup.

Running Proxmox on a small mini PC offers greater flexibility for cloning VMs and experimenting with different solutions simultaneously, while also providing faster performance with reduced waiting times.

Ideally, I'd like to tinker and experiment using a real domain that can communicate with other services without exposing my home IP address to the public internet.

I've run BOA installation in a VM for testing purposes, and it works well. However, it doesn't install Aegir because it requires a valid domain with proper DNS configuration.

Cloudflare offers a free tunnel solution that allows you to expose local IPs, such as 192.168.10.50:8443, to the public internet. Not the best solution as it bypass the home router firewall.

It would be great if we can bring back the local install.

[omega8cc]

If the ultimate goal is to be able to run BOA in the local mode then definitely bringing the local install would be the most straightforward way to do that. We are going to revisit this abandoned feature while working on compatibility with other popular ways to develop Drupal locally.

_{Sent with GitHawk}