HTTP Boot

We’ll set up a PXE Proxy server that runs DHCP and HTTP. This server and can be used along side your existing DHCP/DNS servers. We use Debian in this example but anything that runs dnsmasq should work.

Installation

sudo apt install dnsmasq lighttpd

Configuration

DHCP

When configured in proxy dhcp mode: “…dnsmasq simply provides the information given in –pxe-prompt and –pxe-service to allow netbooting”. That means you’ll need to use a few directives rather than set the values directly. You’ll also need the pxe-service directive even though we aren’t presenting a menu.

sudo vi /etc/dnsmasq.d/netboot.conf 
port=0
dhcp-range=192.168.0.0,proxy

# Enable dnsmasq to provide proxy PXE service to those clients with HTTPClient in their identifier. 
dhcp-pxe-vendor=HTTPClient

# PXE-service isn't actually used, but is required for dhcp-boot to be sent to HTTPClients when in proxy mode.
pxe-service=x86-64_EFI,"Network Boot"

# This sends the bootfile name and next server values
dhcp-boot="http://192.168.0.1/debian-12.5.0-amd64-netinst.iso"

HTTP

Lighttpd serves up from /var/www/http so just drop an ISO there. For example:

sudo wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.5.0-amd64-netinst.iso -P /var/www/html

Client

Simply booting the client and selecting UEFI HTTP should be enough. The debian boot loader is signed and works with secure boot. You can also specify .efi binaries like grubx64.efi. Some distributions support this, though Debian’s doesn’t load it’s config by default over HTTP.

Troubleshooting

dnsmasq

A good way to see what’s going on is to enable dnsmasq logging.

# Add these to the dnsmasq config file
log-queries
log-dhcp

# Restart and follow to see what's happening
sudo systemctl restart dnsmasq.service
sudo systemctl -u dnsmasq -f

If you’ve enabled logging in dnsmasq and it’s not seeing any requests, you may need to look at your networking. Some virtual environments suppress DHCP broadcasts when they are managing the IP range.

lighttpd

You can also see what’s being requested from the web server if you enable access logs.

cd /etc/lighttpd/conf-enabled
sudo ln -s ../conf-available/10-accesslog.conf
sudo systemctl restart lighttpd.service
sudo cat /var/log/lighttpd/access.log