Hey Christian! First of all great channel, and thanks for such great videos! I am a Proxmox user for more than 8 years now, and most of the things you summarized in this video are really a must do. One thing I would recommend is setting up a VM in Proxmox, and connect primers to the Proxmox server and pass them through, if your VM is Linux for example, you can share those printers using CUPS and you will have the printers easily available for any device within your network without the need to even install them or configure it. I have done it, and I am able to print from Linux desktop, Windows desktop, Mac desktop, iPhones and iPads by simply using network printer, no driver hassle or ant other shannanigans! I hope this helps and also you can use this idea for your environment. Cheers!
I haven't used ESXi myself a lot, so I can't talk about it, really. But I'm planning to do more "best-practices" videos about different tools and programs, I think that's gonna be a great series :)
@@christianlempa If you don't mind a suggestion, I'd love for there to be some actual documentation for people wanting to get RoCE or iWARP working with common stuff like iSCSI or SMB. Currently the only 'easy' way to get RDMA for a homelabber is Windows with SMB Direct or by using BTRFS, but nothing for TrueNAS or Proxmox. Would be a super big leap forward to have a big creator talking about the benefits RDMA offers, especially in a virtualization environment.
Awesome video! Quick tip to keep things organized for VMs and CTs is make use of resource pools. I have few pools but most common are Production, non-production and testing. I use them to create different backup jobs so it don't waste alot of time backing up CTs/VMs when it only needs to be backed up few times a week or weekly. Plus when you create new CTs/VMs you can specify which pool to put it under.
@09:22 instructions missing for creating api token. Do we need read access or write / edit access on all resources or what type of resource could only be added for the certificate handling business. The crucial steps were jupmed from that to straight up add your email and token here.
Nice to have all those tips, I instantly added some of those to my proxmox environment. One addition: I've read, that you should select the CPU type "host" instead of the default selected "x86-64-v2-AES" when creating a VM. It simply performs better.
I don’t think that’s true anymore, and using the v2-AES does solve a few problems when doing live migration to other nodes that might have a different CPU model. More testing to come… :)
@@christianlempa It still performs better depending on the application. However, your point about live migrations is true. If you are not on a cluster, host is usually the best option - along with backups of course :)
Just came across your channel for the first time and now I'm mad I never found you before! Subscribed, looks like you have some really helpful videos!!
A great video as always. Speaking about backup options i have always been struggling on finding a good description on how to backup the host itself and not just the VMs. Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario.
Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario. - The first and easiest step to perform is to add a boot partition mirror. It is easy process, when you have proxmox running on ZFS.
9:23 - creating api token - cloudflare offers templates when creating the API token - is there a specific template that needs to be used or some fuller guide that you've done in the past for setting the permissions required ?
I just used Christian Lempa's method and it worked. I had a cloudflare token already created from previous attemps for which I had saved the details. I chose the custom template option with the following: Token name: DDNS Permissions: I added three permissions: Zone, Zone Serttings, Read Zone, Zone, Read Zone,DNS,Edit Zone Resources: Include, All zones from an account, [my account was selected here] Client IP Address Filtering: I didn't have anything set here.
Consider adding automatic VM-, CT-snapshot to your setup. It is especially useful for big VMs (like virtual backup servers), where backup is not feasible. I had cases of the not graceful shutdowns with disk corruption (despite having VHDs in a write-through mode). The roll-back to a snap-shot was enough to salvage the VMs. The roll-back is much faster to restore a screwed VM too.
Hi Chris, great video as always! The only co meant is that (me) being an “older” IT guy need a little bit of a slower pace 😂. I would like for you to do an updated version on how to create and use valid certificates to avoid the annoying messages . Keep up the good work, love your content!
Thanks for the video! This made me go back and visit my email notification settings that I had set up in a sort of hacky way since VE 7 something. Thought I'd give the notifications configuration via gui another shot based off this video and it worked so thanks! I'd much rather have the settings configured in the GUI than some manually hand-jammed postfix configs. Makes it much easier to remember what I did and how things are configured this way!
What I always do, just a small thing, I disable 'Use tablet for pointer' on each VM. I just like to disable things I don't need. For the certificate section, I created my own self signed certificate valid for 10 years. Since I'm only using it in my local network environment and it's not exposed to the internet. Downside is that I need to install the root certificate on each device I access the web portal from. But it has to be done once only of course 😉 Great video Christian!
@@damiendye6623 Most of my VM's are Linux (Ubuntu) servers without a GUI. Recently I tried Ubuntu 24 desktop (so with a GUI). The option is turned off but I have no problem whatsoever with the mouse cursor when connected to the console in Proxmox.
@@damiendye6623this needs further study - I've seen the advice to disable the tablet thing in a few other videos, but there is was to avoid certain issues iirc
@@damiendye6623 I remember I replied to this yesterday but TH-cam probably deleted my comment. Let's try again. Most of my servers are Ubuntu LTS without a GUI. I have 1 Ubuntu Desktop VM with this feature turned off and I have no problem using the cursor.
Curious, are you just running the self signed certificate to have an extra layer of security on your internal lan cause I guess it would still encrypt it based on the keys? As I understand it self-signed really is only for testing since MITM attacks would be simple still since if they breached your network they can overcome your encryption since there is no 3rd party validation to gain access to your traffic. With no external access I just wonder if the juice is worth the squeeze? Cause it doesn't get rid of your warning screen on the browser does it?
Just a heads up that Proxmox backup server is far better than NFS for backing up proxmox vms and cts as it deduplicates chunks, which makes backups there in effect "incremental"
Good timing. I have a Minisforum MS-01 sitting next to my desk that will be my first ever Proxmox host, but the RAM doesn't arrive til Monday I think, and the WD N700 2TB SSDs I ordered were on back order, so they're not supposed to get here til Wednesday. The first thing I want to do with it is stand up a Debian VM to serve as my Docker host, and move all my Docker containers off my Synology NAS onto there. I am however a tad leery about the virtualized storage, as I just don't know if I like the stuff being wrapped up in virtual disks with snapshots backed up to the NAS, as opposed to backing up the actual files themselves to the NAS, then backing them up offsite to Backblaze B2 or something. Can you speak to this? Like... if I have snapshot backups and Proxmox gets hosed, if I setup Proxmox again will restoring those snapshots work?
For the certificate option I have something completely different. I have installed cloudflared on the proxmox host itself. Now i have a Cloudflare tunnels tunnel to have access to the host on the internet at all times using the public hostname with SSL encryption. Then I restricted the access to that tunnel using my Authentication provider EntraID (Azure Active Directory formerly) to authenticate. Now with a bit of that juicy conditional access on top of that API I can only authenticate from 3 trusted Ip addresses.
Interesting! I usually try to avoid installing anything on the main hyperV OS, because it doesn't feel "right" :D But sure, technically that would be an option! Just keep in mind if you're taking a backup of the config, or restore a system, it's hard to do whenever you made customizations to the OS you can't really see in the main UI.
Hey Christian, thanks for the insane amount of learning videos, I already learnt a lot! I am very new and just built my first Homeserver.. Elitedesk 800 G3 Tower with i5-7600T, 32GB DDR4 & 2x 4TB WD Red Pro + 1x 240GB SSD just in case. Nextcloud / NAS ; Home assistant (small environment) ; PiHole / Adguard ; MediaServer (Plex, Jellyfin, Kodi) ; Paperless NGX Am trying to be as efficient and low power consumption as possible, currently Idle at 20.5W (might change to an i7-7700 due to same price and most likely same Watts usage?!) I just setup my first Proxmox and used ZFS as Filesystem as it was recommended but I saw in 13:05 you're using LVM. I couldnt find any explanation on your channel as of why you chose it.
Thank you for the great feedback! I've not looked at ZFS because of the memory usage in Proxmox, I think when I upgrade to a cluster, I'd look into Ceph, but for now I'm happy with just LVM and regular backups to my virtual NAS :)
Thank you! thank you! thank you! I had heard of twingate, but being stubborn I just kept me VPN as it is setup and "works". But now that you bring it up, I should at least try twingate and maybe move away from my VPN. To me the point of a homelab is to explore, try new things and most importantly learn new things. Thanks again for your video.
this is one of those videos that are game-changing. Anyone who wants to setup a proxmox server, a proxmox cluster even, will be able to have a solid configuration base for that. congratulation for making such a rich and useful video, and thank you :)
Hi Christian, for backup your vm's you should use 1 pbs (as vm) on every proxmox host with daily replication to each other. If your host 1crashes, you have no more access to your backups, because your nas is down, too. In my case, you have 1 pbs with backups of every vm on both proxmox hosts.
That's an interesting use-case. Haven't thought about this before :D My plan is to build a new storage server in the next months and use this as a central storage for backups and vm disks, maybe that helps :)
For best practice, I'd recommend using RAW if your backup software supports it. It’s straightforward and usually works well for restoring. VMDK is also good, but it's a bit more complex. Hope that helps!
What about UPS battery backup that shuts everything down gracefully if the power goes out? Possible to use WinNut or is there functions built in for this?
16:06 That may be very obvious, but why doesn't Christian backup his nas-prod-1 vm? Wouldn't he lose all the configurations he made in case of an accident? Or how would one back up the very vm that manages the drives.
9. Proxmox Backup Server - Set up a PBS vm with HA, and point it at your NAS. PBS gives you deduplication and verification of backups. Save space and check your backup files.
Thanks for the video. Setting up Proxmox notifications is another big thing, otherwise, how else will we know that the backups are failing, for example.
This was very nice to ramp up my knowledge. In general I would be very interested in seeing how a nice storing setup in proxmox would look like. Do I have a storage for different data separated to control the access ? So all in all what type of storage I choose depending on the type of data.
One thing that is a problem.. or I'm prepared for a problem.. Microsoft and Google both have said they will stop allowing for SMTP TLS, as starting this fall they ill require MFA on send. I'm -really- interested in any sort of plan there is in the works for notifications after we cross that with Google and Microsoft.
Was ist ein tolles Video. Deine it skills sind wirklich bewundernswert. Und in diesem Video hast du auch mal nicht so schnell gesprochen so dass ich dem sogar folgen kann mit meinem schlechten Englisch. Und meinen geringen proxmox Erfahrung. Wirklich sehenswert und weiter so. Der IT Rentner mit 55😊.
How would you recommend configuring full disk encryption for either your full Proxmox install (and all derivative Guests / provisioned Disks) or on a Guest-by-Guest basis? I'm moving toward a more "paranoid" security model to protect my sensitive data in case of a theft or whatnot. I've been far too lazy about that, and I'd like to be prepared for the unexpected.
What settings do I use on CloudFlare for creating the API token? What rights?? When I did that for HomeAssistant, I was told to use Zone:Read, DNS:Edit
Thx for the Great Video. Can you pls tell me what addon or Terminal you use for Mac in the Trusted TLS Part. maybe you have an Video about it in your Channel?
Thanks Christian, love to get the information with a high density. I do have a Proxmox 7.4-18 installation, which is the latest on Release 7. How to switch to Release 8?
@@christianlempa Actually, I thought it was Excalidraw, but when I checked, there was no presentation mode. It turns out that feature is in Excalidraw+. Thanks
Christian, as always great video, a question that I can't seem to find a answer to is how Proxmox handles SSD drives and the "Trim" command to reclaim the stale blocks. Many mini PCs are NVME-SSD and by default Proxmox will partition the NVME for the OS and then make a "thin" partition for the VM's and LXC's. In my case I have a small NVME's in my Mini PC with a SATA SSD for the containers and their disks. This is partitioned as ZFS to allow for HA support of VM's and LXC's. Reading though the documentation there are ways to configure Trim in ZFS but there is also some blogs that talk about having the VM guest OS also issue trim. In the case of LXC's I have no clue on what would need to be done. Maybe you can do a video on storage options and best configuration options for various types of storage based on the VM/LXC?
Only bad if your proxmox host crashes and all your vm's are down. I have 2 pbs as vm on different proxmox hosts for my daily vm backups (with sync jobs from each other every night) and I have one bare metal pbs with sync jobs for my 2 vm-pbs (once a week). So if one proxmox host crashes, I have one pbs on another host and if both crash, I have a separate one on bare metall.
@ Christian Lempa, with windows VMs did you not encounter issues with the nic as virtio when using VPNs inside the VM? I had dropouts until I changed to intel NIC, yes 1000 mbps limit, but no issues otherwise.
Christian you say you order a certificate and then the certificate warning disappears in the browser. But do these certificates autorenew yearly? Are they permanent certificates different from SSL certificates in being TLS certificates? I have a blockchain running inside a docker image and it needs a loop to restart the blockchain and rewrite a private key because the ssl certificate has to regularly be renewed, so that when it is renewed the blockchain is restarted to prevent dodgy handshake messages even though the blockchain ports ae secure, are you saying that I can use a TLS certificate once off, rather? So that I don't have to put my blockchain on a loop to restart so that I regenerate a new private key related to the SSL certificate. I' m not sure how it's different, the tls certificate from the ssl.
That's one of the advantages of the ACME protocol, which allows a simple and easy way to issue, and renew certs. Letsencrypt certs usually expire after 90 days, if that happens the daily update daemon in Proxmox will automatically try to renew them.
@@christianlempa I see. The NXT blockchain clone has a privkey that should be auto-updated if the cert is renewed, and the blockchain restarted. I wonder if I will still need to use a loop in docker to fix this problem because the blockchain keystore is a copy of the privkey from the cert and the blockchain needs to be restarted if it is changed for it to take effect. Hopefully I will figure it out sometime, but I see the problem is still there. There is a bash command I insert in the dockerfile to renew the blockchain's key and restart the blockchain container. But this solution will be great for the DNS resolution for nodes, the command will rely on seeing if the date of the cert has changed to 'refresh the blockchain' image / restart. I have not had time to work on it for a year, my memory is bad now. Great videos...|! I hope I can get back into admin fun!
I'm still unclear on the TLS Certificate instructions. Especially the local DNS and the cloudflare DNS and the comment that there are two ways to do it. do I even need cloudflare ( I have it with domains there but do not run local DNS other than a .lan internal )
There are 3 things you need: 1. a public domain, 2. a dns resolver at home, and 3. dns provider that is in that list of the ACME DNS Challenge plugin of proxmox :) Join our Discord if you have specific questions and need help!
@@christianlempa Thanks. I just joined and will follow up there to hopefully clear up any questions mostly about the DNS resolver requirement. Will give more detail on your discord. 🙏
@@christianlempa was kinda hoping to see something like "cron is lame for such task, i use and its realy awesome" :D , anyway great video, keep up good work!
Nein brauchst du nicht, PBS ist nur eine weitere Möglichkeit. Du kannst Backups wie gezeigt einfach auf einem Storage ablegen, was den entsprechenden Content-Typ (VZDump backup file) akzeptiert.
Hey, why are you not doing a Backup of the nas system? You could exclude the Data harddrives. Big Advantage is you can Always import the truenas volumes and Safe quick Access to the data
i tried the prefab installer scripts - just running them failed.. but choosing advanced... and enter some settings.. it runs and installs all kind of nice apps.. network control.. administrative consoles..
Hi Christian, in the Certificate section you mentioned you used a load balancing object to determine which node is active. What did you use to achieve that? Keepalived perhaps? Btw, keep up the good work and awesome videos 😊
19:17 One thing against using a VM as your storage server is if you are backing up your VM(s) to that VM. If that server gpes down, you can't access the backup.
That's right. But I think the situation would be either a VM has a problem, which I can restore from that backup. Or when the backup VM has a problem, then the other VMs would be still running, so I have enough time to repair it. If everything fails, well, you're screwed anyway :D
despite firing the dmesg command and terminal showing the IOMMU enabled message I am still unable to use pci passthrough proxmox shows iommu not available at the time of creating a bypass. It hink there needs to have some more additional checks apart from that command. I checked on other resources I think harware wise in bios there are two separate settings one is vtd and other is vtx , to have iommu compatible HW you need both but in older generation like my setup there is only one of these available( for intel ) for amd there was something simnilar like amd virtualization or some other naem liek that. Why can industry not have standards . any way i digressed. So I think iommu is more advanced feature for which that single command to check is not enough as well as it needs bios settings to be changed / enabled for ti to work with comparatively newer hardware. If anyone was at the same step stuck then this message might help them. Good luck,
![Kubernetes Crash Course for Absolute Beginners [NEW]](http://i.ytimg.com/vi/s_o8dwzRlu4/mqdefault.jpg)
![Kubernetes Crash Course for Absolute Beginners [NEW]](/img/tr.png)
Hey Christian! First of all great channel, and thanks for such great videos! I am a Proxmox user for more than 8 years now, and most of the things you summarized in this video are really a must do. One thing I would recommend is setting up a VM in Proxmox, and connect primers to the Proxmox server and pass them through, if your VM is Linux for example, you can share those printers using CUPS and you will have the printers easily available for any device within your network without the need to even install them or configure it. I have done it, and I am able to print from Linux desktop, Windows desktop, Mac desktop, iPhones and iPads by simply using network printer, no driver hassle or ant other shannanigans! I hope this helps and also you can use this idea for your environment. Cheers!
Please keep doing these videos! When I eventually switch from ESXi to Proxmox, these will be INVALUABLE!
I haven't used ESXi myself a lot, so I can't talk about it, really. But I'm planning to do more "best-practices" videos about different tools and programs, I think that's gonna be a great series :)
Easily the best home server educator on the web. Keep up the great work, Love your Channel.
Thank you so much :)
Great to see more Proxmox videos. Ever since VMWare did VMware things Proxmox is now the obvious answer.
Thanks! Hope to create more content about Proxmox in the future :)
Ever since Broadcom did VMware things Proxmox is now the obvious answer.
Fixed.
@@christianlempa If you don't mind a suggestion, I'd love for there to be some actual documentation for people wanting to get RoCE or iWARP working with common stuff like iSCSI or SMB.
Currently the only 'easy' way to get RDMA for a homelabber is Windows with SMB Direct or by using BTRFS, but nothing for TrueNAS or Proxmox.
Would be a super big leap forward to have a big creator talking about the benefits RDMA offers, especially in a virtualization environment.
I prefer XCP-ng but to each their own
@UltralifeTech i hear you. Can you share just 1 or 2 points on why? I'm just curious.
Awesome video! Quick tip to keep things organized for VMs and CTs is make use of resource pools. I have few pools but most common are Production, non-production and testing. I use them to create different backup jobs so it don't waste alot of time backing up CTs/VMs when it only needs to be backed up few times a week or weekly. Plus when you create new CTs/VMs you can specify which pool to put it under.
Thanks! That's a topic I might have to take a closer look at ;)
@09:22 instructions missing for creating api token. Do we need read access or write / edit access on all resources or what type of resource could only be added for the certificate handling business. The crucial steps were jupmed from that to straight up add your email and token here.
Nice to have all those tips, I instantly added some of those to my proxmox environment.
One addition: I've read, that you should select the CPU type "host" instead of the default selected "x86-64-v2-AES" when creating a VM. It simply performs better.
I don’t think that’s true anymore, and using the v2-AES does solve a few problems when doing live migration to other nodes that might have a different CPU model. More testing to come… :)
@@christianlempa It still performs better depending on the application. However, your point about live migrations is true. If you are not on a cluster, host is usually the best option - along with backups of course :)
I saw the benchmarks with host and they were better
Host is also required If you want to use cuda or something similar. Otherwise you will get Errors due to unsupported CPU
@@paul3151 false
So... the very first tip solved the problem I have been facing for the last 2 months, since I jumped on the Proxmox bandwagon. Thank you. :)
Oh really? Glad it was helpful! 😊👏
@@christianlempa Shockingly, yes. Searching online, I was searching the wrong thing, clearly lol.
I'll very likely watch all of your Proxmox videos this was higher quality content than I expected since I use them for many years
Just came across your channel for the first time and now I'm mad I never found you before! Subscribed, looks like you have some really helpful videos!!
Thank you so much 😊 welcome here
A great video as always. Speaking about backup options i have always been struggling on finding a good description on how to backup the host itself and not just the VMs. Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario.
Glad it was helpful!
You answer is Proxmox Backup Client (CLI).
Proxmox Backup Server is only for VMs and CTs.
Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario.
- The first and easiest step to perform is to add a boot partition mirror. It is easy process, when you have proxmox running on ZFS.
9:23 - creating api token - cloudflare offers templates when creating the API token - is there a specific template that needs to be used or some fuller guide that you've done in the past for setting the permissions required ?
would be good to know. I could not get rid of the not secure despite successfully downloading the certs in proxmox
I just used Christian Lempa's method and it worked. I had a cloudflare token already created from previous attemps for which I had saved the details. I chose the custom template option with the following:
Token name: DDNS
Permissions: I added three permissions:
Zone, Zone Serttings, Read
Zone, Zone, Read
Zone,DNS,Edit
Zone Resources:
Include, All zones from an account, [my account was selected here]
Client IP Address Filtering: I didn't have anything set here.
@@MrDhukin thanks for the heads up. Useful info.
Hey Christian, Thanks for your videos, the thing that I like most in the video was your terminal, always on top command prompt
Thank you so much! :)
Consider adding automatic VM-, CT-snapshot to your setup. It is especially useful for big VMs (like virtual backup servers), where backup is not feasible. I had cases of the not graceful shutdowns with disk corruption (despite having VHDs in a write-through mode). The roll-back to a snap-shot was enough to salvage the VMs. The roll-back is much faster to restore a screwed VM too.
The part of configuring the DNS Zone in Clouflare is missing completely.
Saved video to my Homelab Resources playlist. Good stuff.
Awesome, thank you!
New to Proxmox - Thank you for these instructions.
You're welcome!
Hi Chris, great video as always! The only co meant is that (me) being an “older” IT guy need a little bit of a slower pace 😂. I would like for you to do an updated version on how to create and use valid certificates to avoid the annoying messages . Keep up the good work, love your content!
Thank you so much! :) :) I will try to slow down a bit! Agreed :D
Finally fixed my broken notifications for my backups. Thank you.
You're welcome! :D
Thanks for the video! This made me go back and visit my email notification settings that I had set up in a sort of hacky way since VE 7 something. Thought I'd give the notifications configuration via gui another shot based off this video and it worked so thanks! I'd much rather have the settings configured in the GUI than some manually hand-jammed postfix configs. Makes it much easier to remember what I did and how things are configured this way!
Nice! Thank you :)
What I always do, just a small thing, I disable 'Use tablet for pointer' on each VM. I just like to disable things I don't need.
For the certificate section, I created my own self signed certificate valid for 10 years. Since I'm only using it in my local network environment and it's not exposed to the internet.
Downside is that I need to install the root certificate on each device I access the web portal from. But it has to be done once only of course 😉
Great video Christian!
So you crumple the console mouse then as tablet mode allows absolute positioning based on the screen
@@damiendye6623 Most of my VM's are Linux (Ubuntu) servers without a GUI. Recently I tried Ubuntu 24 desktop (so with a GUI). The option is turned off but I have no problem whatsoever with the mouse cursor when connected to the console in Proxmox.
@@damiendye6623this needs further study - I've seen the advice to disable the tablet thing in a few other videos, but there is was to avoid certain issues iirc
@@damiendye6623 I remember I replied to this yesterday but TH-cam probably deleted my comment. Let's try again. Most of my servers are Ubuntu LTS without a GUI. I have 1 Ubuntu Desktop VM with this feature turned off and I have no problem using the cursor.
Curious, are you just running the self signed certificate to have an extra layer of security on your internal lan cause I guess it would still encrypt it based on the keys? As I understand it self-signed really is only for testing since MITM attacks would be simple still since if they breached your network they can overcome your encryption since there is no 3rd party validation to gain access to your traffic. With no external access I just wonder if the juice is worth the squeeze? Cause it doesn't get rid of your warning screen on the browser does it?
Thanks for this nice video! I never knew that someone that sounds like Stefan Raab would help me with proxmox ;)
That was an awesome video and you are an excellent communicator. I am new to Proxmox but your approach really simplified things for me. Many thanks!
Thank you so much! :)
love your content, christian! thanks for another helpful video.
Thank you so much :D
Just a heads up that Proxmox backup server is far better than NFS for backing up proxmox vms and cts as it deduplicates chunks, which makes backups there in effect "incremental"
Good timing. I have a Minisforum MS-01 sitting next to my desk that will be my first ever Proxmox host, but the RAM doesn't arrive til Monday I think, and the WD N700 2TB SSDs I ordered were on back order, so they're not supposed to get here til Wednesday.
The first thing I want to do with it is stand up a Debian VM to serve as my Docker host, and move all my Docker containers off my Synology NAS onto there. I am however a tad leery about the virtualized storage, as I just don't know if I like the stuff being wrapped up in virtual disks with snapshots backed up to the NAS, as opposed to backing up the actual files themselves to the NAS, then backing them up offsite to Backblaze B2 or something. Can you speak to this? Like... if I have snapshot backups and Proxmox gets hosed, if I setup Proxmox again will restoring those snapshots work?
For the certificate option I have something completely different. I have installed cloudflared on the proxmox host itself. Now i have a Cloudflare tunnels tunnel to have access to the host on the internet at all times using the public hostname with SSL encryption. Then I restricted the access to that tunnel using my Authentication provider EntraID (Azure Active Directory formerly) to authenticate. Now with a bit of that juicy conditional access on top of that API I can only authenticate from 3 trusted Ip addresses.
Interesting! I usually try to avoid installing anything on the main hyperV OS, because it doesn't feel "right" :D But sure, technically that would be an option! Just keep in mind if you're taking a backup of the config, or restore a system, it's hard to do whenever you made customizations to the OS you can't really see in the main UI.
I'm a newbie and this was very helpful, thanks!
Thank you! Glad it helped :)
Hey Christian, thanks for the insane amount of learning videos, I already learnt a lot!
I am very new and just built my first Homeserver.. Elitedesk 800 G3 Tower with i5-7600T, 32GB DDR4 & 2x 4TB WD Red Pro + 1x 240GB SSD just in case.
Nextcloud / NAS ; Home assistant (small environment) ; PiHole / Adguard ; MediaServer (Plex, Jellyfin, Kodi) ; Paperless NGX
Am trying to be as efficient and low power consumption as possible, currently Idle at 20.5W (might change to an i7-7700 due to same price and most likely same Watts usage?!)
I just setup my first Proxmox and used ZFS as Filesystem as it was recommended but I saw in 13:05 you're using LVM. I couldnt find any explanation on your channel as of why you chose it.
Thank you for the great feedback! I've not looked at ZFS because of the memory usage in Proxmox, I think when I upgrade to a cluster, I'd look into Ceph, but for now I'm happy with just LVM and regular backups to my virtual NAS :)
Thank you!
thank you!
thank you!
I had heard of twingate, but being stubborn I just kept me VPN as it is setup and "works". But now that you bring it up, I should at least try twingate and maybe move away from my VPN. To me the point of a homelab is to explore, try new things and most importantly learn new things. Thanks again for your video.
You're welcome! New video about twingate is also in the works ;)
In the TLS section i see that you are able to access the proxmox webui without specifying the port number 8006. How are you able to do this?
I'm using an external load-balancer, that forwards the web requests to the two proxmox servers on port 8006
this is one of those videos that are game-changing. Anyone who wants to setup a proxmox server, a proxmox cluster even, will be able to have a solid configuration base for that.
congratulation for making such a rich and useful video, and thank you :)
Thank you so much! :D
Thanks for the great video! Its always good to have solid standard practices for systems
Thank you! :) Glad you think so
Great info Christian. You've got a new subscriber. Thanks for the video!
There goes my Saturday. I need to set up those ACME cloud flare plugins. That’s very cool.
Excellent as always. Didn't think certificates would be so easy 👍
Thank you! :)
Do you have any plans on implementing/using IPv6 in your Home Lab ?
Ah that's one of these topics I wish I had more time for...
I installed twingate and it works great. Better than the cloudflare option
why is it better ?
Nice to hear! :)
@@basdfgwe Cloudflare (according to some reddit threads) seems to disallow anything that is multimedia. So no plex/jellyfin.
Hi Christian, for backup your vm's you should use 1 pbs (as vm) on every proxmox host with daily replication to each other. If your host 1crashes, you have no more access to your backups, because your nas is down, too. In my case, you have 1 pbs with backups of every vm on both proxmox hosts.
That's an interesting use-case. Haven't thought about this before :D My plan is to build a new storage server in the next months and use this as a central storage for backups and vm disks, maybe that helps :)
I do the Same. Best Case!
Also the Chance to verifiy Backups and also reverify has incredible value!
Hello! What about best practice for a Windows disk format? RAW, QEMU, or VMDK? Our backup software can only export snapshots with RAW or VMDK.
For best practice, I'd recommend using RAW if your backup software supports it. It’s straightforward and usually works well for restoring. VMDK is also good, but it's a bit more complex. Hope that helps!
How do you get all those colors in Proxmox indicating the 'type' of VM? Both in the SEARCH view and in the left-hand column.
what would you exclude or recommend if you need to use proxmox at work in a corporate environment or office?
Did I hear you correctly when you said that you have your truenas vm on your proxmox machine?
Yes
Great video Christian and nice intro! thank you for all the tips.
What about UPS battery backup that shuts everything down gracefully if the power goes out?
Possible to use WinNut or is there functions built in for this?
Thanks a lot. I really appreciate your videos. You are excellent at explaining the topics you cover.
Awesome video! I know what Im doing when I get home today.
Thanks! Have fun :D
Thank you, you help me to solve my problem with pro mod and terraform with your videos
Christian, thanks a lot, as always, extreamly interesting!!!
Thank you so much 🙏
MOAR Proxmox videos please!
Great Video again. Thanks for that great one. Some of these settings was new to me and look really beneficial :)
Glad you enjoyed it!
16:06
That may be very obvious, but why doesn't Christian backup his nas-prod-1 vm? Wouldn't he lose all the configurations he made in case of an accident? Or how would one back up the very vm that manages the drives.
Good question, it might be a good idea to add it to my backup :D
Thanks man! Hugs from Brazil!
Thank you :)
9. Proxmox Backup Server - Set up a PBS vm with HA, and point it at your NAS.
PBS gives you deduplication and verification of backups. Save space and check your backup files.
Thanks for the video. Setting up Proxmox notifications is another big thing, otherwise, how else will we know that the backups are failing, for example.
Thanks! Yep thats right
i keep getting Failed to connect to server no vnc when i try to lunch a wm on proxmox. Any help ?
Hey Christian, when adding cloudflare api token which template should I use?
Edit Zone DNS
This was very nice to ramp up my knowledge. In general I would be very interested in seeing how a nice storing setup in proxmox would look like. Do I have a storage for different data separated to control the access ? So all in all what type of storage I choose depending on the type of data.
Good point! I still have Ceph on my list to review, but that's not gonna happen until mid next-year, as I have to buy 2 new servers for this project 🙈
One thing that is a problem.. or I'm prepared for a problem.. Microsoft and Google both have said they will stop allowing for SMTP TLS, as starting this fall they ill require MFA on send. I'm -really- interested in any sort of plan there is in the works for notifications after we cross that with Google and Microsoft.
smtp2go or run your own smtp relay that can talk to M365. Proxmox has an email server.
Was ist ein tolles Video. Deine it skills sind wirklich bewundernswert. Und in diesem Video hast du auch mal nicht so schnell gesprochen so dass ich dem sogar folgen kann mit meinem schlechten Englisch. Und meinen geringen proxmox Erfahrung. Wirklich sehenswert und weiter so. Der IT Rentner mit 55😊.
Vielen Dank! :) Freut mich, dass es dir gefallen hat
Are there any downsides when im PCIe Passtrough with Mashinetype i440fx? My virtual TrueNAS is running fine thou.
I don't know of any issues with it, every time I used pass-through it worked fine
How do you add encryption at rest to the proxmox system installation itself?
Honestly, never tried it
Would u make a video talking about attaching a storage, pool, or single disk shared over all the virtual machines?
I'm planning to make a video just on storage in Proxmox, but I need much more time for testing to be confident what I'm talking about ;)
How would you recommend configuring full disk encryption for either your full Proxmox install (and all derivative Guests / provisioned Disks) or on a Guest-by-Guest basis? I'm moving toward a more "paranoid" security model to protect my sensitive data in case of a theft or whatnot. I've been far too lazy about that, and I'd like to be prepared for the unexpected.
What settings do I use on CloudFlare for creating the API token? What rights?? When I did that for HomeAssistant, I was told to use Zone:Read, DNS:Edit
great video, didnt know gotify was in the list for the notification
thx
Thx for the Great Video. Can you pls tell me what addon or Terminal you use for Mac in the Trusted TLS Part. maybe you have an Video about it in your Channel?
Thanks Christian. Learned a couple tips I'll be implementing.
Thank you so much! :) Great it helped you
Hi need help, I want to build a vps machine in a bare metal .
It's a production server what ate the things needed apart from a baremetal server
Thanks Christian, love to get the information with a high density. I do have a Proxmox 7.4-18 installation, which is the latest on Release 7. How to switch to Release 8?
There's a pretty nice guide on their website: pve.proxmox.com/wiki/Upgrade_from_7_to_8
what app is he using at 07:00 for note or presentation?
Excalidraw
@@christianlempa Actually, I thought it was Excalidraw, but when I checked, there was no presentation mode. It turns out that feature is in Excalidraw+. Thanks
I'm guessing you've heard of Proxmox Backup Server, I run it as a VM and backup to my NAS which is a separate machine on the network.
Thanks for the demo and info, have a great day
Thanks, you too!
Christian, as always great video, a question that I can't seem to find a answer to is how Proxmox handles SSD drives and the "Trim" command to reclaim the stale blocks. Many mini PCs are NVME-SSD and by default Proxmox will partition the NVME for the OS and then make a "thin" partition for the VM's and LXC's. In my case I have a small NVME's in my Mini PC with a SATA SSD for the containers and their disks. This is partitioned as ZFS to allow for HA support of VM's and LXC's. Reading though the documentation there are ways to configure Trim in ZFS but there is also some blogs that talk about having the VM guest OS also issue trim. In the case of LXC's I have no clue on what would need to be done. Maybe you can do a video on storage options and best configuration options for various types of storage based on the VM/LXC?
Thanks Christian , great essential content.
Awesome, thank you!
For backups i think having a PBS server virtualized is much more better. Deduplication is key!
Only bad if your proxmox host crashes and all your vm's are down. I have 2 pbs as vm on different proxmox hosts for my daily vm backups (with sync jobs from each other every night) and I have one bare metal pbs with sync jobs for my 2 vm-pbs (once a week). So if one proxmox host crashes, I have one pbs on another host and if both crash, I have a separate one on bare metall.
Maybe that's a good idea for a future video. But I'm not a big friend of deduplication tbh :P
@@christianlempa Why?! :O
@ Christian Lempa, with windows VMs did you not encounter issues with the nic as virtio when using VPNs inside the VM? I had dropouts until I changed to intel NIC, yes 1000 mbps limit, but no issues otherwise.
Christian you say you order a certificate and then the certificate warning disappears in the browser. But do these certificates autorenew yearly? Are they permanent certificates different from SSL certificates in being TLS certificates? I have a blockchain running inside a docker image and it needs a loop to restart the blockchain and rewrite a private key because the ssl certificate has to regularly be renewed, so that when it is renewed the blockchain is restarted to prevent dodgy handshake messages even though the blockchain ports ae secure, are you saying that I can use a TLS certificate once off, rather? So that I don't have to put my blockchain on a loop to restart so that I regenerate a new private key related to the SSL certificate. I' m not sure how it's different, the tls certificate from the ssl.
That's one of the advantages of the ACME protocol, which allows a simple and easy way to issue, and renew certs. Letsencrypt certs usually expire after 90 days, if that happens the daily update daemon in Proxmox will automatically try to renew them.
@@christianlempa I see. The NXT blockchain clone has a privkey that should be auto-updated if the cert is renewed, and the blockchain restarted. I wonder if I will still need to use a loop in docker to fix this problem because the blockchain keystore is a copy of the privkey from the cert and the blockchain needs to be restarted if it is changed for it to take effect. Hopefully I will figure it out sometime, but I see the problem is still there. There is a bash command I insert in the dockerfile to renew the blockchain's key and restart the blockchain container. But this solution will be great for the DNS resolution for nodes, the command will rely on seeing if the date of the cert has changed to 'refresh the blockchain' image / restart. I have not had time to work on it for a year, my memory is bad now. Great videos...|! I hope I can get back into admin fun!
Many thanks for this video, very useful!
great content!, how did you manage to have bullet colors for the VM? (purple, violet, green....)
Thanks! That’s when you add tags and change the style of the view
@@christianlempa Thank you!!!!!
How do you get those colour dots by the VMs
I'm using tags for the VMs, in the proxmox UI settings you can change it to display tags as these small dots.
Single node cluster 😂
You made my day.
:D
Very helpful Video. Thank you very much.
Thanks glad u liked it
I'm still unclear on the TLS Certificate instructions. Especially the local DNS and the cloudflare DNS and the comment that there are two ways to do it. do I even need cloudflare ( I have it with domains there but do not run local DNS other than a .lan internal )
There are 3 things you need: 1. a public domain, 2. a dns resolver at home, and 3. dns provider that is in that list of the ACME DNS Challenge plugin of proxmox :) Join our Discord if you have specific questions and need help!
@@christianlempa Thanks. I just joined and will follow up there to hopefully clear up any questions mostly about the DNS resolver requirement. Will give more detail on your discord. 🙏
5:05 how about cron to automate updates and reboots?
I don't like doing that, I still do updates manually
@@christianlempa was kinda hoping to see something like "cron is lame for such task, i use and its realy awesome" :D , anyway great video, keep up good work!
Also benötige ich nicht zwingend den PBS für das sichern meiner VMs?
Nein brauchst du nicht, PBS ist nur eine weitere Möglichkeit. Du kannst Backups wie gezeigt einfach auf einem Storage ablegen, was den entsprechenden Content-Typ (VZDump backup file) akzeptiert.
But I think PBS is better way to do backups because of deduplication, veryfying, file level recovery etc.
But whats the way to backup proxmox config without proxmox backup server.
I need to ask. Why you are using that font in terminal windows?
You mean the "hack nerd font"? it looks cool and it got icons :D
@@christianlempa 🖖
Hey, why are you not doing a Backup of the nas system? You could exclude the Data harddrives. Big Advantage is you can Always import the truenas volumes and Safe quick Access to the data
Hmmm actually a fair point I haven't thought about, :D Maybe I need to reconsider that, thanks for sharing!
@@christianlempa my pleasure! I have the Same Setup, as the sata Controller ist passed through is perfectly fine to Backup. Cheers from Vienna 👍
Lots of good stuff in this video
Thank you mate
what about cpu. host cpu setting usually give more performance if you use similar cpus in cluster
Someone help me, my proxmox web gui blank pages, but all vms online and working.
No mention of CEPH or is is that just implied ?
i tried the prefab installer scripts - just running them failed.. but choosing advanced... and enter some settings.. it runs and installs all kind of nice apps.. network control.. administrative consoles..
How do you add certificates to hosts
How different is twingate from tailscale?
There's a Twingate tutorial on my channel that goes into detail, and there's more content around that coming out soon :D
Great video! Didn't know proxmox has its own mechanism for acme dns challenges..
Thanks! :) Glad it was helpful
Hi Christian, in the Certificate section you mentioned you used a load balancing object to determine which node is active. What did you use to achieve that? Keepalived perhaps?
Btw, keep up the good work and awesome videos 😊
19:17 One thing against using a VM as your storage server is if you are backing up your VM(s) to that VM. If that server gpes down, you can't access the backup.
That's right. But I think the situation would be either a VM has a problem, which I can restore from that backup. Or when the backup VM has a problem, then the other VMs would be still running, so I have enough time to repair it. If everything fails, well, you're screwed anyway :D
@@christianlempa So your backups aren't on your NAS? Are they stored somewhere else, another NAS?
despite firing the dmesg command and terminal showing the IOMMU enabled message I am still unable to use pci passthrough proxmox shows iommu not available at the time of creating a bypass. It hink there needs to have some more additional checks apart from that command. I checked on other resources I think harware wise in bios there are two separate settings one is vtd and other is vtx , to have iommu compatible HW you need both but in older generation like my setup there is only one of these available( for intel ) for amd there was something simnilar like amd virtualization or some other naem liek that. Why can industry not have standards . any way i digressed. So I think iommu is more advanced feature for which that single command to check is not enough as well as it needs bios settings to be changed / enabled for ti to work with comparatively newer hardware. If anyone was at the same step stuck then this message might help them. Good luck,