I’ve been thinking.
It must be possible, maybe even commonly practised among the Qubes community, to use a high-end server machine installed with Qubes to host numerous virtual servers.
So I’m interested to know what anyone here has used theirs for to give me some ideas for if I ever have the opportunity to host virtual servers of my own.
Thanks.
Why would you do that? Qubes OS isn’t very good at this.
What would you recommend in this case? OpenStack?
Xcp-ng is based on xen, and designed specifically for server virtualization.
Not to host ‘numerous virtual servers’, but time to time I host one or two virtual servers on my setup.
For example, I hosted a lab server for students during a teaching session.
A ‘Appvm’ where I configured everything needed, and then I launched a ‘Disposablevm’ out of this ‘Appvm’.
So if the student break something I can quickly launch a new ‘Disposablevm’. and for the next session I can just relaunch a ‘Disposablevm’
How do you expose ports from your Dispvm? I miss easy way to do it. Do you have any script for that?
I am using that for 4.1: Qubes-os port forwarding to allow external connections · GitHub
and that for 4.2: Qubes-os port forwarding to allow external connections · GitHub
Out of curiosity, could you run Qubes on a VM in Xcp-ng?
No - Xen wants to see the hardware. There’s specific tools for specific jobs, not sure why u are insisting on using Qubes. Just use Xcp-ng
No. I mean can I run a Qubes virtual machine within XCP-ng?
Give it a try and report back. I’m curious how this whole thing goes.
One month ago I migrated most of the services I hosted on a cloud provider to my Qubes OS machine.
I have nginx & personal website + peertube + nextcloud + matrix server + searxng + dns server & doh (6 qubes, 3 are appvm, 2 are standalone. Many subdomaines).
Work as expected.
I have. Hosted a QubesOS mirror inside an AppV 
Just remember to set the folders containing any data as persistent, otherwise you’ll lose everything whenever you close the Qube 
Found that out more times than I would have liked 
Can you please make a brief guide on how to do that in general with specific example/s you can share, so a newbie like me could also make something alike, without compromising on security?
What I like to do is connect the virtual server (qube) to a VPN, and set up the port forwarding via the VPN server.
This has two benefits:
Just run the services in one or multiple qubes and create NAT rules to forward the packets. There is nothing special.
If for example I’ll host a personal website on port 80 and 443, wouldn’t that conflict with other qube/s to browse the internet, though?
Do I need to touch sys-net for NAT or just sys-firewall? I use the defaults.
no, because this happens in different directions.
The web browser does not use ports 80 and 443 in the source, it’s the destination
you need to modify the firewall of each netvm used to provide Internet to the qube
The in and out, got it, thanks.
So I should not touch the sys-firewall and only the firewall inside the qube/s?
I’m also not really sure how I can use secondary, static IP along with the existing one, so I could use one IP as I’m using it currently for everyday tasks and the secondary, static IP for the services. I guess my router should also support multiple public IPs, but I’m not sure how to check that.