Just my 2 cents:
As mentioned use a firewall and open the appropriate port. I can HIGHLY recommend pfSense. I'm running it inside a VM as well and it handles everything. Put your MC Server on a different subnet/DMZ than your LAN.
To access your server for administration set up a VPN. I wouldn't recommend opening up SSH to the outside world unless you really know how to secure it. Only asking for trouble.
As a better way to run a MC Server I can recommend Linux Game Server Manager (LGSM). Makes it very easy. Here ya go Handles updates, backups, notifications etc.
Cloudflare offers a service called "Spectrum" that markets in part directly to people wanting to protect their private Minecraft servers. Basically shields your true IP address and protects from botnet attacks etc.. by routing the traffic through them first:
https://www.cloudflare.com/products/cloudflare-spectrum/minecraft/
It's "Free" for up to 5gb/month with their pro plan if you happen to already use it. If not, it looks like $20/month to get a pro plan.
" Currently, it is impossible to setup the NordLynx protocol on pfSense routers using the WireGuard client, as the NordLynx protocol is only available with the NordVPN application on desktop and mobile devices at this time."
The requirements list a DirectX 12 capable display. IIRC, the default display is not fully compatible. A switch to the VirtIO GPU option may help. You might want to also make sure you have UEFI and a seperate EFI disk.
I don't have my proxmox up right now, but from my memory these steps should help you get an Ubuntu LXC set up. They might be a little off, but should point you in the right direction.
On the command line of your proxmox try running pveam update (you can probably skip this step, honestly).
Then on the storage where ISOs are stored, there should be a button that says something like "add image." Clicking that should bring up a prompt with a dropdown list of prebuilt container images.
Select whatever image you want and let it download. I believe it should have a Debian or 2, the latest Ubuntu and Ubuntu LTS, and a couple others like Fedora. If you did pveam update, it should also have everything offered by turnkeylinux.org.
Hit the "Create Container" button, and select the desired image as the base image. Configure it as needed. Boot the image, and update/install/configure.
Many linux distros include the VESAFB driver, but it won't be selected at boot if it feels there's an appropriate driver available. It's not the pretties, or the fastest, but it sometimes gets the job done.
There is no link between proxmox version and kernel version. The current kernel major is 5.x so it's normal that your proxmox is using kernel 5.x :)
The latest stable kernel is 5.5.1 (https://www.kernel.org/).
What others have said: Proxmox is an operating system. You will have to format your hard drive to install it. You will not have access to the VMs from the console.
Most of that is true -- or close to the mark. You can work around some of it, but you won't be happy.
If you want to have a machine that allows more than one VM and allows console access, have a look at Qubes.
Proxmox really is a great virtualization platform if that's what you're looking for. I managed a VMware-centric datacenter since 2003. I was running ESXi at home until I 'used up' the free license. I switched to Proxmox more than a year ago and have zero complaints. I think that Proxmox could easily replace ESXi in a large number of cases, but IT management remains wary of open source products. At my last job we were paying tens of thousands of dollars a year in VMware licenses. Nothing we were doing was all that special and Proxmox would have handled our use case with ease.
You can get a free ESXi license from VMware - it allows up to eight CPUs to be allocated (unless that changed recently). The benefit to running ESXi is that it's really the industry standard for virtualization. You'll get your hands dirty with a technology that you can put on your resume (if that matters). Proxmox works just as well (if not better) and has no limitations; sadly, putting it on your resume doesn't mean much to folks who might care.
If you only need a device, but not all that fancy stuff the emulator can do, fire up a new VM using an Android X86 iso, then connect adb by network to it (adb connect 192.168.x.x).
Just follow the virtualbox guide and adapt to proxmox where needed https://www.android-x86.org/documentation/virtualbox.html
Unprivileged containers remap container UIDs as they are seen by the host.
Example: Root user on the host is UID 0.
Root user on an unprivileged container is UID 0 inside the container, but seen as UID 100000 on the host.
The remapping in step 3 allows you to tell the host to use a different UID. You could remap UID 0 on the container to UID 0 on the host (unsafe and equivalent to a privileged container), or better map UID 109 on the container to UID 109 on the host, and ensure UID 109 on the host has r/w access to your nfs mount points.
Hopefully that makes some kind of sense. It's hard to wrap your head around at first.
Unprivileged is important to securing your host (emphasis added).
"LXC containers can be of two kinds:
The former can be thought as old-style containers, they're not safe at all and should only be used in environments where unprivileged containers aren't available and where you would trust your container's user with root access to the host.
The latter has been introduced back in LXC 1.0 (February 2014) and requires a reasonably recent kernel (3.13 or higher). The upside being that we do consider those containers to be root-safe and so, as long as you keep on top of kernel security issues, those containers are safe.
As privileged containers are considered unsafe, we typically will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. We will however try to mitigate those issues so that accidental damage to the host is prevented."
https://grafana.com/dashboards/10048
​
This is pretty much everything you can do (at least that I figured out) from just the external stats that proxmox produces.
stand up a zabbix server and install a monitor agent on the Proxmox hosts and all the VMs
It is open source and theres lots documentation.
No performance stats in the WebUI, but you can see what's going on using drbdadm and drbdtop from the CLI.
The DRBD satellites are aka your PVE hosts in this use case. The controller manages the satellites and also hosts the API that Proxmox talks to in order to provision DRBD storage when you create containers and VMs.
After it is provisioned, your DRBD storage will continue to operate even if the controller is offline, but you won't be able to make any changes to it until your controller is operational again. So, you can run the controller on one of your hosts, or you can create a HA container or VM and run your controller on that instead, ensuring that a controller is always running in your cluster somewhere.
This article goes into more detail. Since I'm not a paying subscriber to Linstor, I do not have access to their virtual appliance. But setting up a Debian container, adding the Linstor repo, and installing the controller software is pretty easy, so I don't think their appliance is really necesssary.
Good work, though I personally just use the Dark Reader which works great with the vast majority of websites.
I find the following settings look great: >-20% brightness
>-10% contrast
>+30% sepia
> I now have some options to put some larger drives in the Gen8 and use it for backups. But what should I use?
What is the context of the question? What type of hard drives?
FreeNAS might be worth a look for that Gen8. You could have the Win boxen image to that. Macrium offers a free business edition now.
If you go this route be sure to have FreeNAS send a log report of some sort so someone, somewhere knows it is running and doing the job.
File server is my secondary NAS (if you can call it that). Its just a container with a samba shared 150GB volume for my uh... private files ;) and temporary storage
My main NAS is a much larger 8-bay QNAP unit.
RTMP server is (iirc, i haven't used it in a while) an nginx based... rtmp server. I was experimenting with game streaming to my friends when I wanted to share some live gameplay but I didn't want to go through the usual Twitch/YT routes since I could never get acceptable video quality out of them.
Lounge is my IRC bouncer - https://thelounge.chat/
https://www.amazon.com/dp/B00XDRUW2I
Got the 30m version which turned out to be considerable overkill despite my measurements.
Works perfect with my 1440p 144hz monitor (along with sound output). I can’t speak to the 4K or 8k frame rate claims, but always take those with a lot of skepticism..
What type of VPN? Mullvad supports Wireguard and Wireguard works fine in a container. You need to install the modules in the baremetal Proxmox, then install the client tools inside the container (unprivileged). There's a few guides out there if you google it.
EDIT: VM#2 (the torrent one) is connected to IPVanish VPN. Not freaking sure why he is getting normal bandwidth, and the other 2 arent :-/
VM#1 & #3 without VPN results:
Testing download speed........................................
Download: 38.46 Mbit/s
Testing upload speed..................................................
Upload: 29.79 Mbit/s
VM#2 with VPN connected:
Testing download speed........................................
Download: 58.56 Mbit/s
Testing upload speed..................................................
Upload: 21.94 Mbit/s
If the SSD is the same size, you could just use dd to clone the drive from a live CD/USB. Example: dd if=/dev/sda of=/dev/sdb status=progress.
I also have used one of these to clone drives w/o a computer. Does 1:1 drive clones and it functions as a USB 3.0 to SATA adapter for 2x drives.
With any clone method, make absolutely sure you have your source and destination in the right places.
And yeah, like mentioned, CloneZilla also works.
For reference, I have qbittorrent-nox running in a vm connected by wg to Mullvad and I can get 100s of Mbps when grabbing several torrents. While my Proxmox network config is more complex than average, the torrent vm is just another host on my LAN out to pfSense running on hardware with a 1 Gbps link.
How exactly are you testing when you get the numbers you posted above?
I didn't realise you could use the WIFI port and had a look around I also found this Allowish-network-adapter-1000Mbps-Ethernet
I don't know if it would work though.
When you can get a intel nic it would be better to pass through to the pfsense VM. But only if you need the full 1 GBit for your internet connection.
Here in germany we have Intel i350 based dual nics ideal for your case:
https://www.amazon.de/Kalea-Informatique-Karte-Express-MiniPCIE/dp/B08HDL93V1
I have four of these AMD Radeon RX550 Graphics Cards,4G/128bit/GDDR5 in a server running proxmox that are passed through to Windows VMs (VDI server). They work reasonably well.
This is what I've used before (not this exact one but similar) https://www.amazon.com/COMeap-2-Pack-Graphics-030-0571-000-Adapter/dp/B07M9X68DS I think but can't be certain that just using a ATX power cable marked for CPU instead of GPU might work
As far as I know, there's none. Been having the same problem myself for many months now.
Incidentally, there are two apps I use on my Android phone:
The official one: https://play.google.com/store/apps/details?id=com.proxmox.app.pve_flutter_frontend
This one from Sigma Mode: https://play.google.com/store/apps/details?id=dev.reimu.proxmon
I don't know enough about cluster stability to comment on the other poster's concerns, but I can at least confirm that this Plugable 2.5Ge adapter does indeed work out of the box with Proxmox/Debian drivers, and at very close to rated speeds (I use it to connect a 2nd interface over to a NAS, not for clustering applications). https://www.amazon.com/gp/product/B084L4JL9K
I booted up a brand new lxc with ubuntu 20.04.
I installed mullvad following the comment in the reddit post you linked above.
All the permissions looked fine when I ran the command, however when installing mullvad, I had this error -
N: Download is performed unsandboxed as root as file '/root/MullvadVPN-2022.4\' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
I tried to login to mullvad using mullvad account login {account number} which again produced this error -
Error: Management interface error
Caused by: Management RPC server or client error
Caused by: transport error
Caused by: error trying to connect: No such file or directory (os error 2)
Caused by: No such file or directory (os error 2)
I have no idea what directory it is trying to access. The mullvad daemon had failed to start though.
By NVME adapter do you mean something like this? If so, will keep it in mind for a potential upgrade in future, it's not something that I can immediately get into for now.
docker isn't that hard, or isn't that bad. plenty of tutorials online, but if you want an inexpensive book that explains it all very very well i recommend docker deep dive.
I guess you are in the Europe? The energy crisis here in the UK sucks.. Thanks Tories.
This is more of a hardware question than a proxmox one but this is what I can think of:
- If your hardware has an IPMI, IDRAC, ILO etc, you can probably pull metrics from that.
- Some UPS's can return power usage data, query your UPS if you have one.
- For the most simple option a hardware watt meter would do, something like this.
This might be a totally ghetto way but here it goes.
There's an app called vopono
that allows you to launch programs using specific VPNs instead of the regular gateway. It has native support for Nord in both Openvpn and lynx and it also has a specific guide on how to run Privoxy with it.
You could set up a VM that on start would launch a Privoxy instance using Vopono through a NordVPN endpoint and just set your clients to use that VM as the proxy. Yo can even randomize it so thay ever time the VM starts it picks a NordVPN server at random.
That should accomplish what you want.
I use a similar setup but on my main machine. Basically on startup it launches Privoxy picking a Mullvad VPN server randomly and I have Firefox set to use that.
It's nvme direct to board. Crucial P2 CT2000P2SSD8 2 TB Internal SSD, Up to 2400 MB/s (3D NAND, NVMe, PCIe, M.2) https://www.amazon.co.uk/dp/B08GVDNTGJ/ref=cm_sw_r_apanp_2wEx3TkLAczG7
Someone mentioned there was something wrong/dodgy with these in that they were using cheap controllers or something.
I ran a benchmark on it and was getting full speeds in windows but that said a cheaper brand name I had prior to this defo seems snappier when I had windows on it.
I've been monitoring things using dstat and have noticed it does top out at about 2400MBs or so. Haven't really done much that's intensive write wise other than restoring large backups.
I think prior to making this thread I had set things up incorrectly. I thought I had created a second lvmthin but I just added the drive via storage so everything was still being stored on the default lvmthin which was the SSD which proxmox was installed on.
I don't get much over 7% io wait now with multiple machines running so I'm happy for now
I've used these Radeon RX550s on a proxmox server for VMs that need a GPU for things like adobe and ArcGIS.
Relatively inexpensive for a GPU these days.
Thanks guys - I think this sets the stage for v4 of the homelab (the 3x NUC Via 1GBE is v3)
Not going to do this for a year at least, but any thoughts about something like this?
https://www.amazon.co.uk/StarTech-com-5Gbps-Ethernet-Network-Adapter/dp/B081SM5CMY
Or at that stage, would it be best to sell on the NUCs and buy something with dual NICs present on the mobo - possibly 10GBE?
Nope, just the agent installed on the host, keep in mind proxmox is Debian, so it just works. The disks are regular USB ones but 3.5", the kind that use an external power supply, and the timers are similar to these ones
I mount and unmount them via a cronjob a few minutes after/before the timer starts/stops them and make sure the timer has the correct time once every couple if months as the ones I've seen drift quite a bit.
ST8000VNZ04/N004
Seagate IronWolf 8TB NAS Internal Hard Drive HDD – 3.5 Inch SATA 6Gb/s 7200 RPM 256MB Cache for RAID Network Attached Storage
https://www.amazon.com/dp/B084ZV4DXB?ref=ppx\_yo2ov\_dt\_b\_product\_details&th=1
Anything is possible. I was trying to install the Mullvad VPN client for Ubuntu server. I could never get it to connect and it was spitting out errors whenever you tried to do anything via the cli. Exact same routine with a VM and it all just worked.
I haven't tried multiple enclosures or additional USB storage devices.
It's a Mediasonic 4-bay USB drive enclosure. (old Amazon link)
I passed through the USB 3.1 host controller in Proxmox to the VM, and now the VM sees 4 separate drives which DrivePool pools as a single volume (with optional folder duplication.)
Mediasonic has newer models, and I'm sure other options would work well.
The best way to run nextcloud is actually specified in the nextcloud docs. They recommend their Ubuntu VM at the top of the list for a reason. You should read their admin guide as well.
I like the power draw theory. That doesn't account for why the disks show up fine in the CLI. But maybe that's an issue with under-powering.
It has its own power supply. And it's well engineered. Here is the Device. I would be surprised if they didn't design it well enough to run 5 drives and the fan.
This is not an endorsement of course because it's not exactly working. I thought someone might have used a disk array attached through USB to Proxmox and have insight into not losing connection.
I use two of thesein the half width slots
I also use one of these in a 16x slot, but you be careful my brother found he had to use matching nvme drives. He had tried doing two 512GBs and two 1TBs and it didn't work.
I've found running a cheap repeater with ethernet cable connection to be a lot less hassle / cheaper / more reliable than plugging a wifi dongle directly into my daily driver.
Hey, the controllers that are unreliable with ZFS are the RAID ones because they do store information on the RAID configuration on themselves - so effectively, if they die you lose information on the RAID and it becomes really difficult to fix things. Plus, ZFS wants to have direct access to the disks and having the RAID controller in-between creates confusion. Not so with a SATA controller, which does not host any information at all and just acts as the equivalent of a USB hub - you just connect stuff to it and that's it, all the information is on the disks themselves.
I bought this one because it was cheap: https://www.amazon.co.uk/gp/product/B07TD57RGZ/
Basically any PCIe SATA controller that's supported works okay for this.
Oh got it, so when people refer to VPN, its not like NordVPN but more like setup own private VPN and use the 'clients' (my remote machine) to connect to the 'server' (proxmox machine). I always assumed it meant use Nord lol, thanks for the tip!
I tried running both. Switching to kmod made it barely faster (+2mbit). Weird thing is that it's only my Mullvad uplink. Every other wg connection is as fast as it gets. Maybe it's outgoing tunnels are slower than incoming?
I run a somewhat similar but simpler setup with OPNsense as a VM on Proxmox using openvswitch (1 WAN, 1 LAN) and have no issues whatsoever with wireguard (NordVPN). I get speeds close to my non-vpn speeds. Same performance with NIC passthrough. I did setup a Mullvad connection once for testing, and it was noticeably slower than Nord.
PS: Are you using the kmod or go version of wireguard?
Is your container unprivileged? because I did the same thing and mullvad doesn't work
# mullvad connect
Error: Management interface error
Caused by: Management RPC server or client error
Caused by: transport error
Caused by: error trying to connect: No such file or directory (os error 2)
Caused by: No such file or directory (os error 2)
# systemctl status mullvad-daemon
* mullvad-daemon.service - <a rel="nofollow" href="https://www.mullvad.net/">Mullvad</a> VPN daemon
Loaded: loaded (/opt/Mullvad VPN/resources/mullvad-daemon.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-02-07 16:42:29 CST; 2min 35s ago
Process: 384 ExecStart=/opt/Mullvad VPN/resources/mullvad-daemon -v --disable-stdout-timestamps (code=exited, status=1/FAILURE)
Main PID: 384 (code=exited, status=1/FAILURE)
CPU: 34ms
Feb 07 16:42:28 qbit systemd[1]: mullvad-daemon.service: Main process exited, code=exited, status=1/FAILURE
Feb 07 16:42:28 qbit systemd[1]: mullvad-daemon.service: Failed with result 'exit-code'.
Feb 07 16:42:29 qbit systemd[1]: mullvad-daemon.service: Scheduled restart job, restart counter is at 5.
Feb 07 16:42:29 qbit systemd[1]: Stopped Mullvad VPN daemon.
Feb 07 16:42:29 qbit systemd[1]: mullvad-daemon.service: Start request repeated too quickly.
Feb 07 16:42:29 qbit systemd[1]: mullvad-daemon.service: Failed with result 'exit-code'.
Feb 07 16:42:29 qbit systemd[1]: Failed to start Mullvad VPN daemon.
# ll /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Jan 7 19:18 /dev/net/tun
I had the same problem with a Dell G5000 that has a Dell BIOS. I never did figure out how to get proxmox to work with the onboard m.2 a lot. I ended up adding an additional M.2 slot via a PCIe expansion card. Worked immediately.
ACTIMED NVMe PCIe Adapter M.2 SSD... https://www.amazon.com/dp/B09FLGR1X9?ref=ppx_pop_mob_ap_share
thanks for the response. would you mind answering a similar question as well? I just bought a new to me pc, https://offerup.com/item/detail/1338079310 . I'm a NON-gamer, but I need a graphics card for this b/c I need it to be displayport for my kvm. I use windows 10, but also might run a linux vm inside vm ware workstation pro (type 2 hypervisor) on this machine. Same budget... $100. what card would you suggest?
For what it's worth, I run a Jellyfin server on a tiny SBC running Proxmox and forego the need for hardware encoding by using Handbrake to convert everything to H.264 8bit before uploading to my Jellyfin server. The Jellyfin client on every device supports H.246 8bit, so no transcoding is needed. I went from seeks taking 5-10 secs to load with H.265 source files and general stutteriness to a seamless seek and rewind experience after converting everything.
It's not ideal, and it takes a little trial and error to get a profile sorted in handbrake to give you a similar quality H.264 file to the source file, but it's still an option if severely hardware-restrained.
Interesting, how are you able to do that unprivileged? I currently use Jellyfin's instructions and they state it has to be a privileged container if this is done on Proxmox.
I imagine your frustration. you could try some other things I have in mind:
if none of this works and you are interested in testing other hypervisor that may work best with your use case (because its constructed to operate headless), look for xcp-ng https://xcp-ng.org/ guides are a little hard to find but I can give you directions if you want, I use this on my homelab (have all features that proxmox have)
I was going based off of this from XCP-ng's documentation, which I have managed to get "working" but the VMs crash shortly after (still diagnosing this one, some kind of driver problem): https://xcp-ng.org/docs/compute.html#vgpu
​
In terms of pooling, I'm not sure what the main difference would be, from what I understand you could have say 4 AMD GPUs installed and just select which one for each VMs vGPU. Am I missing something or would pooling sort of just make this easier in terms of selecting the right GPU (and maybe some automation behind load balancing or something)?
Also, do you have a monitor or anything plugged in? These dummy plugs were recommended on another post
DTECH HDMI Dummy Plug 4K Display Emulator Compatible with Windows Mac OSX Linux (fit-Headless, 3 Pack) https://www.amazon.com/dp/B07C4TWZRM/ref=cm_sw_r_apan_glt_i_K126HEZVA81MJT6PAEK1
https://www.reddit.com/r/Proxmox/comments/mib3u6/a_guide_to_how_i_got_nvidia_gpu_passthrough_to_a/
It came with the slimline cable already connected. I just had to buy a new external tray that fit in the slot and connected an SSD into the tray.
I’m not really a network guy but if you’re using a single static address you should use /32 so it would be 192.168.100.2/32 CIDR Calculator the CIDR IP Range box shows you what the IPs in that range will be
https://www.linbit.com/blog/linstor-setup-proxmox-ve-volumes/ https://kvaps.medium.com/deploying-linstor-with-proxmox-91c746b4035d
It's a bit outdated and some things might change, but basically: 1. Install linstor-controller on some server (vm or lxc is fine) 2. Install linstor-satellite on each pve node where you want to use drbd as a storage 3. On each pve node create zpool (you should be able to put linstor-controller on this storage, I have different zpool for local storage, than for drbd) 4. Inside linator controller connect to satellites 5. Configure storage as per instructions in provided links 6. Edit /etc/pve/storage.cfg and add drbd storage
In those tutorials they put linstor-controller on the drbd itself, I don't recommend that. I have mine in different zpool replicated to each node every 30 minutes to achieve HA.
I would go with proxmox 2 ssds mirror, but if you don't want to reinstall you can use clonezilla to clone the 2TB into a image disk and then recreate that image into one of the 256GB ssd, and using the other ones for storage/vms/backups. With clonezilla you can clone/image only the used sectors of a hdd not need for a whole disk with empty spaces and also support LVM version 2, good luck.
Bonus points for anyone who has a solution that runs under LXC?
​
edit: should've googled for 2 seconds.
Don't use Kali for daily driver desktop use. It's not designed for that.
Any of the major desktop-oriented distros will do much better: Ubuntu, Debian, Manjaro, Arch, Pop, elementary, etc.
Yes, you don't configure the physical interfaces themselves, you create a bond with the mode that suits you (https://www.kernel.org/doc/Documentation/networking/bonding.txt), just put the slave interfaces names separated by a single space each, nothing more. Finally you configure the bridge according to your network settings and set the bond interface name in "bridge ports".
It should be OK then!
No, the grub entries are there. No matter which kernel I select, I get: error: premature end of file /boot/initrd.img-5.4.78-2-pve
After that, it says press any key to continue. After about 10 seconds it refreshes the screen and shows a blinking _ and nothing happens.
I tried changing the compression methods for the initrd, rebuilding the initrd, reinstalling the kernel, etc. Nothing seems to help.
The only thing I can think of is the issue is something else.
Here's a screenshot.
We need to define what do you understand by "Docker".
If its image, than its just a name for OCI standard - nothing wrong with it, no licensing issues, as it's "open". All use them and no plans to change it.
If its engine, than it can be perfectly replaced in k8s. If I understand correctly, Docker is not default anymore, it's containerd. https://kubernetes.io/docs/setup/production-environment/container-runtimes/
https://letsencrypt.org/docs/challenge-types/
However, if the internet can reach your letsencrypt mechanism (certbot?), then your troubleshooting should start there.
According to the website, they list a number of ways to install it. LXC is just a Linux container. I don't see why you couldn't run in that.
EDIT: I just installed it in a container using the turnkeylinux nodejs template. I setup the container, add my user, import ssh key, installed sudo, then ran sudo npm install -g --unsafe-perm node-red
and launched it with node-red
.
I can then access it from my local browser.
It's really dead simple with npm, docker, or snap.
> gcc - needed to compile any binary components of nodes you want to install
idk when that comes in to play but to get started, it's not needed. besides, it's a simple install from the ubuntu repos if you do.
You might want to give iotop a run - it pretty much gives you a top like overview of all processes running and their IO usage.
This might help identify the ones that are high. I’m my experience one high IO from a single VM can affect your whole system. First thing I also always check is RAM and Swap usage - the second you have high SWAP IO will go through the roof - a reason not to enable Swap on SSDs.
I thought that EC2 only supports nested virtualisation on their bare-metal instances (so their regular instances don't expose VT-x support?)
Without that support you could still run containers fine, but VMs would slow to a crawl due to missing KVM acceleration support.
>https://aws.amazon.com/ec2/features/ > >Bare metal instances > >These instances are ideal for workloads that require access to hardware feature sets (such as Intel® VT-x),
Take a look @ https://yunohost.org/#/index_en
It integrate "almost" everything you need :
Portal, webserver, mysql, ldap, mail server, etc..... with lots of apps including nextcloud.
You just need to add another VM for OO.
If security is important, keep it on VM only.
Enjoy+++
Yeah I am planning on making a mac and windows setup across one screen. You can use software like https://symless.com/synergy to handle the mouse/keyboard. The thin client is really up to you I’ve seen a raspberry pi thin client as well. You can also buy or build thin clients anyway you want. It wouldn’t take much effort to setup this.
I run https://www.android-x86.org/ in a VM. Games likely wont run on here well, it's not very fast. if you want to run games you might try something more emulator like ... ex https://www.bluestacks.com/
You absolutely can use docker in a VM. See docker dev blog
https://www.docker.com/blog/containers-and-vms-together/
With regards to the learning curve. Getting started with docker isn't terribly difficult. Most docker containers have a few things.
-p for the port
-e for environmental variables
-v for volumes.
Most docker hub pages tell you what variables to set and which are optional, as well as the volumes you need and the ports.
I've had good luck with using Ventoy as my USB boot installer. Just copy your ISO(s) to a USB stick that has Ventoy installed, boot from it and it all shows up on a pick list! I've had it work with FreeBSD, Linux and Windows so far.
Try Ubuntu, use balenaEtcher to make your USB stick.
Use the boot menu hotkey (F11 maybe) and make sure you see UEFI next to the USB stick name.
If it works with Ubuntu, that's a clue and you can probably raise an issue on the Proxmox community forums.
If it does not work with Ubuntu, then it's something to do with your BIOS settings/LSI HBA.
I say Ubuntu only because the installer has ZFS. I don't believe Debian 11 bullseye has ZFS during install, or I would suggest that. Not near my system to check.
In the end, if you just want to make it work, yank out the LSI card and just directly cable to motherboard. You can always do a zfs send
and zfs recv
to move the pools around to a second system or external drive, if you want to throw the LSI back in one day.
Find/buy yourself an 8 or 16GB USB2 Flash Drive and then download balenaEtcher from https://www.balena.io/etcher/ then flash the ISO file to the USB flash drive using the above app.
If you're using Rufus to create the USB, it doesn't work for some reason.
BalenaEtcher is the only one I could ever get working: https://www.balena.io/etcher/
The other option, is you have a SuperMicro board so you can use the IPMI (plug it in, set the address in the BIOS settings however you like, then open that IP in a web browser). The IPMI control allows you to mount an ISO straight over the client from your own PC and it will detect as a CD Drive. Alternatively, it allows you to mount ISOs over SMB. Just make sure you have the relevant OpenJDK runtimes installed (I just grab all of them under "Runtimes" on Ninite and that works fine) as you have to use the Java console for ISO mounting, not the HTML5 one.
Another note, there's a bug I've run into with Nvidia GPUs. Make sure you are not using a HDMI monitor (use VGA/DVI/DP instead) as the installer fails to load over HDMI for some reason.
I did try that but I can't start the container if I do this. I found something similar here https://emby.media/community/index.php?/topic/49680-howto-vaapi-transcoding-inside-lxc-container/ which does let me start the container, but it doesn't find the ihd driver
root@jellyfin:~# vainfo error: can't connect to X server! libva info: VA-API version 1.7.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: va_openDriver() returns -1 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so libva info: va_openDriver() returns -1 vaInitialize failed with error code -1 (unknown libva error),exit
>Do I need to allocate a large portion of storage when setting up the VM or is it best to create a truenas VM to house these and then share over the network?
TrueNAS recommends bare-metal installaiton.
Consider installing any Linux VM and then install jellyfin https://jellyfin.org/docs/general/administration/installing.html
Actually not as many ISPs block port 25 as they used to, now many blacklist all residential IPs instead so legitimate mail servers block incoming connections from mail servers originating from a residential IP. I use this site to help troubleshoot email server issues from time to time
He is mounting a CIFS share from another system, like a NAS.
His Proxmox server is 10.0.1.10 (from the URL in the browser); however, the 10.0.1.7 address that he enters for "Server" in the Add CIFS dialog is another system on his LAN that has a CIFS share created and available.
This is adding storage that Proxmox will use. At 6:17 he selects...
For content that will be stored on that storage. You'll learn that Proxmox organizes storage by content. This confuses a lot of people who are new to Proxmox. Proxmox is mounting these for use as storage, not sharing them. He probably adds to the confusion by naming the share "PROXMOX". The share name is irrelevant - it could be "ORANGE".
By the way, he also says the containers are Docker containers, which is incorrect. They are Linux Containers (LXC), which are entirely different from Docker containers.
The reason you can't mount a SMB or NFS share is probably because you are running an unprivileged container. See https://linuxcontainers.org/lxc/getting-started/ for more info how to run a privileged container instead. Beware that you lower security since the root account in the privileged container is mapped to the root account in the host os.
LXC containers by default run as un-privileged... meaning UID/GID of root in the container are not the same as UID/GID of root in the host. See the following
I figured as much, but the first google result for privileged vs unprivileged lxc containers was pretty fear inducing
https://linuxcontainers.org/lxc/security/
>LXC containers can be of two kinds:
>
>Privileged containers
>
>Unprivileged containers
>
>The former can be thought as old-style containers, they're not safe at all and should only be used in environments where unprivileged containers aren't available and where you would trust your container's user with root access to the host.
​
I don't have a specific threat i'm concerned with, just the fact that the container will be opened to the internet and I assumed it was best practice to try to be as secure and up to date as possible.
As far as I know, iperf is the standard way - we in telco use that daily (except for when we use specialized devices) and how we determine the performance of whatever we need to test (most often a router, wireless link or a leased circuit).
For a more real use-like testing, I installed https://librespeed.org/ on one of my computers and use that - but that is only informational, if it measures a lot less than iperf, it is usually something in configuration of the network device that is being tested.
I just saw your post and happy to see that you succeeded!
Also check out the dashboard: https://grafana.com/grafana/dashboards/10048
I think it may interest you :)
Just checked, it's an Ubuntu server running in an LXC container with 4gb of RAM. I used the Ubuntu Linux 19.04 template. https://pve.proxmox.com/wiki/Linux_Container Currently shares out an 8tb chunk of space via Samba. Webmin does indeed provide a web based management GUI for all things Unix, not just Samba. http://www.webmin.com/ hope that helps.
Not to deter you from Proxmox... I use it myself, and think it's great, but in your case wouldn't moving to something like XCP-ng https://xcp-ng.org/ be more advisable. It's a fork of Xen and migrating should be much easier. Have you looked at it and ruled it out?
As an aside, I would definitely look for the >6.6.0 bios, I didn't have an issue booting the r710 without a card in the storage slot.
As for your performance issues, you will have to do some troubleshooting to narrow the possible causes. One place to start would be to read here: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#user-content-2-setup
There's a section on considerations for LUKS on RAID storage and since LUKS isn't RAID-aware, there are a few ways to setup luks with ZFS and it seems they don't all perform the same.
I would recommend OPNsense as a more stable organization and new user friendly devs that don't act juvenile, also there is the recent question of open source pfSense CE versus the the closed source pfSense plus and whether netgate will let pfSense CE wither on the vine and die within a year or 2.
Netgate / pfSense acts in bad faith
Buffer overruns, license violations, and bad code: FreeBSD 13’s close call
I would look into softhether. They offer two solutions, one is of course a standard easy to setup traditional vpn. But the other is through "their" VPN Azure setup (aka zero confirmation setup).
This last one just has your "server" connect to one of their remote servers, and then your clients connect to their remote server and they relay the connection between the two. It's not the fastest thing in the world. But it's functional and again doesn't remote any firewall (other than the servers local firewall) or dns changes.
Website: https://www.softether.org/
Run a VM. Run it in the VM. Or run Pfsense as a firewall for your server and VMs and run it on there. That's the best idea . Protect everything. Just spin up whatever OS you want and run the instructions https://www.wireguard.com/install/
Some super basic instructions for a rpi which would be similar to any install https://engineerworkshop.com/2020/02/20/how-to-set-up-wireguard-on-a-raspberry-pi/
Pfsense has instructions on the netgate forums.
>i get the same results if try to add wireguard interface on the host
Then the host seems to lack the wireguard module. To use wireguard in a container you need to load the wireguard module on the host, and give the container CAP_NET_ADMIN. You could also create the interface on the host and move it to the container. It doesn't require CAP_NET_ADMIN on the container, but in this case wireguard will send and receive the wireguard packages on the host instead of in the container.
It wasn't terrible, surprisingly. I'm switching up my setup now, but I was able to game using moonlight and a 2080 on six cores of a 3800x and a virtual display adapter with very playable frames. I didn't do any performance benchmarking between bare metal and inside proxmox, but I was happy with the performance I got.
Use Clonezilla to perform drive-to-drive clonning.
Here is the manual. https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/03_Disk_to_disk_clone
We have ~14 dell R720/R720xd
I am in the process of converting the storage from spinning to ssd.
I still use two spinning drives for the OS, then create a raid 10 in proxmox using zfs. We use x4 of these:
https://www.amazon.com/gp/product/B07FN3YZ8P/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1
​
And then 4x 2tb NVMe for a raid 10 storage. So far, no issues and a lot faster.
I set up opnsense in a vm. Set that to connect to my vpn provider (NordVPN has instructions on how to set up in opnsense) Then set the containers I wanted to use opnsense as the default gateway.
Only thing id stress is to test that when the VPN goes down, the containers lose connection, rather than going out on an open connection.
I should blame my bad English (non native speaker, sorry).
Here is the link on Amazon, 6C6T 4500U is less than $500, the upgrade version 4800U (8C16T) was selling around $700 (MSRP as I remember was just 599 but price actually went up after launch) and it's out of stock most of the time. There is also a 4300U model which is even cheaper, they all equipped with 1G + 2.5G LAN
I've been looking at this : https://www.amazon.com/Lenovo-ThinkCentre-M72e-Performance-Professional/dp/B01M0XWPI5
Will it work well?