Hey Christian! First of all great channel, and thanks for such great videos! I am a Proxmox user for more than 8 years now, and most of the things you summarized in this video are really a must do. One thing I would recommend is setting up a VM in Proxmox, and connect primers to the Proxmox server and pass them through, if your VM is Linux for example, you can share those printers using CUPS and you will have the printers easily available for any device within your network without the need to even install them or configure it. I have done it, and I am able to print from Linux desktop, Windows desktop, Mac desktop, iPhones and iPads by simply using network printer, no driver hassle or ant other shannanigans! I hope this helps and also you can use this idea for your environment. Cheers!
Nice to have all those tips, I instantly added some of those to my proxmox environment. One addition: I've read, that you should select the CPU type "host" instead of the default selected "x86-64-v2-AES" when creating a VM. It simply performs better.
I don’t think that’s true anymore, and using the v2-AES does solve a few problems when doing live migration to other nodes that might have a different CPU model. More testing to come… :)
@@christianlempa It still performs better depending on the application. However, your point about live migrations is true. If you are not on a cluster, host is usually the best option - along with backups of course :)
Awesome video! Quick tip to keep things organized for VMs and CTs is make use of resource pools. I have few pools but most common are Production, non-production and testing. I use them to create different backup jobs so it don't waste alot of time backing up CTs/VMs when it only needs to be backed up few times a week or weekly. Plus when you create new CTs/VMs you can specify which pool to put it under.
I haven't used ESXi myself a lot, so I can't talk about it, really. But I'm planning to do more "best-practices" videos about different tools and programs, I think that's gonna be a great series :)
@@christianlempa If you don't mind a suggestion, I'd love for there to be some actual documentation for people wanting to get RoCE or iWARP working with common stuff like iSCSI or SMB. Currently the only 'easy' way to get RDMA for a homelabber is Windows with SMB Direct or by using BTRFS, but nothing for TrueNAS or Proxmox. Would be a super big leap forward to have a big creator talking about the benefits RDMA offers, especially in a virtualization environment.
A great video as always. Speaking about backup options i have always been struggling on finding a good description on how to backup the host itself and not just the VMs. Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario.
Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario. - The first and easiest step to perform is to add a boot partition mirror. It is easy process, when you have proxmox running on ZFS.
Consider adding automatic VM-, CT-snapshot to your setup. It is especially useful for big VMs (like virtual backup servers), where backup is not feasible. I had cases of the not graceful shutdowns with disk corruption (despite having VHDs in a write-through mode). The roll-back to a snap-shot was enough to salvage the VMs. The roll-back is much faster to restore a screwed VM too.
What I always do, just a small thing, I disable 'Use tablet for pointer' on each VM. I just like to disable things I don't need. For the certificate section, I created my own self signed certificate valid for 10 years. Since I'm only using it in my local network environment and it's not exposed to the internet. Downside is that I need to install the root certificate on each device I access the web portal from. But it has to be done once only of course 😉 Great video Christian!
@@damiendye6623 Most of my VM's are Linux (Ubuntu) servers without a GUI. Recently I tried Ubuntu 24 desktop (so with a GUI). The option is turned off but I have no problem whatsoever with the mouse cursor when connected to the console in Proxmox.
@@damiendye6623this needs further study - I've seen the advice to disable the tablet thing in a few other videos, but there is was to avoid certain issues iirc
@@damiendye6623 I remember I replied to this yesterday but TH-cam probably deleted my comment. Let's try again. Most of my servers are Ubuntu LTS without a GUI. I have 1 Ubuntu Desktop VM with this feature turned off and I have no problem using the cursor.
Curious, are you just running the self signed certificate to have an extra layer of security on your internal lan cause I guess it would still encrypt it based on the keys? As I understand it self-signed really is only for testing since MITM attacks would be simple still since if they breached your network they can overcome your encryption since there is no 3rd party validation to gain access to your traffic. With no external access I just wonder if the juice is worth the squeeze? Cause it doesn't get rid of your warning screen on the browser does it?
Thank you! thank you! thank you! I had heard of twingate, but being stubborn I just kept me VPN as it is setup and "works". But now that you bring it up, I should at least try twingate and maybe move away from my VPN. To me the point of a homelab is to explore, try new things and most importantly learn new things. Thanks again for your video.
Our main virtualization expert at work gave a REALLY great explination of CPU provisioning. One thing to keep in mind is that the numbrer of VCPU's assigned to a vm the CPU needs to have free and not already allocated to another vm in the QUE. For example if you assign 8 cores to a VM it would need 8 cores not already que'd to another VM. Even if the task the VM needs to run is a small task and doesn't require all 8 cores at that time it still needs to have the number of CPU cores available and not already allocated to another VM in the que. This means that a lot of times VM's that are over provisioned will actually run worse and lowering the number of CPU cores can actually increase performance. I am not sure how to see que times in Proxmox but this was an issue we were seeing at work with some of our VMware servers but the concept is still the same.
Just came across your channel for the first time and now I'm mad I never found you before! Subscribed, looks like you have some really helpful videos!!
Hey Christian, thanks for the insane amount of learning videos, I already learnt a lot! I am very new and just built my first Homeserver.. Elitedesk 800 G3 Tower with i5-7600T, 32GB DDR4 & 2x 4TB WD Red Pro + 1x 240GB SSD just in case. Nextcloud / NAS ; Home assistant (small environment) ; PiHole / Adguard ; MediaServer (Plex, Jellyfin, Kodi) ; Paperless NGX Am trying to be as efficient and low power consumption as possible, currently Idle at 20.5W (might change to an i7-7700 due to same price and most likely same Watts usage?!) I just setup my first Proxmox and used ZFS as Filesystem as it was recommended but I saw in 13:05 you're using LVM. I couldnt find any explanation on your channel as of why you chose it.
Thank you for the great feedback! I've not looked at ZFS because of the memory usage in Proxmox, I think when I upgrade to a cluster, I'd look into Ceph, but for now I'm happy with just LVM and regular backups to my virtual NAS :)
Hi Chris, great video as always! The only co meant is that (me) being an “older” IT guy need a little bit of a slower pace 😂. I would like for you to do an updated version on how to create and use valid certificates to avoid the annoying messages . Keep up the good work, love your content!
Thanks for the video! This made me go back and visit my email notification settings that I had set up in a sort of hacky way since VE 7 something. Thought I'd give the notifications configuration via gui another shot based off this video and it worked so thanks! I'd much rather have the settings configured in the GUI than some manually hand-jammed postfix configs. Makes it much easier to remember what I did and how things are configured this way!
Only bad if your proxmox host crashes and all your vm's are down. I have 2 pbs as vm on different proxmox hosts for my daily vm backups (with sync jobs from each other every night) and I have one bare metal pbs with sync jobs for my 2 vm-pbs (once a week). So if one proxmox host crashes, I have one pbs on another host and if both crash, I have a separate one on bare metall.
This was very nice to ramp up my knowledge. In general I would be very interested in seeing how a nice storing setup in proxmox would look like. Do I have a storage for different data separated to control the access ? So all in all what type of storage I choose depending on the type of data.
@09:22 instructions missing for creating api token. Do we need read access or write / edit access on all resources or what type of resource could only be added for the certificate handling business. The crucial steps were jupmed from that to straight up add your email and token here.
Good timing. I have a Minisforum MS-01 sitting next to my desk that will be my first ever Proxmox host, but the RAM doesn't arrive til Monday I think, and the WD N700 2TB SSDs I ordered were on back order, so they're not supposed to get here til Wednesday. The first thing I want to do with it is stand up a Debian VM to serve as my Docker host, and move all my Docker containers off my Synology NAS onto there. I am however a tad leery about the virtualized storage, as I just don't know if I like the stuff being wrapped up in virtual disks with snapshots backed up to the NAS, as opposed to backing up the actual files themselves to the NAS, then backing them up offsite to Backblaze B2 or something. Can you speak to this? Like... if I have snapshot backups and Proxmox gets hosed, if I setup Proxmox again will restoring those snapshots work?
9. Proxmox Backup Server - Set up a PBS vm with HA, and point it at your NAS. PBS gives you deduplication and verification of backups. Save space and check your backup files.
Hi Christian, for backup your vm's you should use 1 pbs (as vm) on every proxmox host with daily replication to each other. If your host 1crashes, you have no more access to your backups, because your nas is down, too. In my case, you have 1 pbs with backups of every vm on both proxmox hosts.
That's an interesting use-case. Haven't thought about this before :D My plan is to build a new storage server in the next months and use this as a central storage for backups and vm disks, maybe that helps :)
9:23 - creating api token - cloudflare offers templates when creating the API token - is there a specific template that needs to be used or some fuller guide that you've done in the past for setting the permissions required ?
I just used Christian Lempa's method and it worked. I had a cloudflare token already created from previous attemps for which I had saved the details. I chose the custom template option with the following: Token name: DDNS Permissions: I added three permissions: Zone, Zone Serttings, Read Zone, Zone, Read Zone,DNS,Edit Zone Resources: Include, All zones from an account, [my account was selected here] Client IP Address Filtering: I didn't have anything set here.
Christian, as always great video, a question that I can't seem to find a answer to is how Proxmox handles SSD drives and the "Trim" command to reclaim the stale blocks. Many mini PCs are NVME-SSD and by default Proxmox will partition the NVME for the OS and then make a "thin" partition for the VM's and LXC's. In my case I have a small NVME's in my Mini PC with a SATA SSD for the containers and their disks. This is partitioned as ZFS to allow for HA support of VM's and LXC's. Reading though the documentation there are ways to configure Trim in ZFS but there is also some blogs that talk about having the VM guest OS also issue trim. In the case of LXC's I have no clue on what would need to be done. Maybe you can do a video on storage options and best configuration options for various types of storage based on the VM/LXC?
Was ist ein tolles Video. Deine it skills sind wirklich bewundernswert. Und in diesem Video hast du auch mal nicht so schnell gesprochen so dass ich dem sogar folgen kann mit meinem schlechten Englisch. Und meinen geringen proxmox Erfahrung. Wirklich sehenswert und weiter so. Der IT Rentner mit 55😊.
this is one of those videos that are game-changing. Anyone who wants to setup a proxmox server, a proxmox cluster even, will be able to have a solid configuration base for that. congratulation for making such a rich and useful video, and thank you :)
Thx for the Great Video. Can you pls tell me what addon or Terminal you use for Mac in the Trusted TLS Part. maybe you have an Video about it in your Channel?
edit: my comment is wrong, sorry about that. I mixed up the general recommendation for Debian-based distros to use either "apt full-upgrade" or "apt dist-upgrade" instead of "apt upgrade" (not specific to Proxmox) with "apt full-upgrade" vs "apt dist-upgrade". And that mix-up kinda stuck in my head for the longest time lol. please please please please please stop using apt dist-upgrade. Always use apt full-upgrade, which is also recommended by Proxmox
'apt full-upgrade' is just 'apt dist-upgrade' with the package cache being cleared when done. Proxmox discourages 'apt upgrade' because it will not install additional packages if required when updating installed packages.
@@cheebadigga4092lol why the fuck would proxmox then use “apt-get dist-upgrade” every time you update through GUI. Given your advice that we should “NEVER” use it, it sure looks strange that Proxmox guys didnt fix their own shit yet.
Do you have a source for your claim? A simple Google search shoes that they both do the same, one is just the old name from apt-get, the other from the new apt (which bundles the separate commands into one)
Hi Christian, in the Certificate section you mentioned you used a load balancing object to determine which node is active. What did you use to achieve that? Keepalived perhaps? Btw, keep up the good work and awesome videos 😊
19:17 One thing against using a VM as your storage server is if you are backing up your VM(s) to that VM. If that server gpes down, you can't access the backup.
That's right. But I think the situation would be either a VM has a problem, which I can restore from that backup. Or when the backup VM has a problem, then the other VMs would be still running, so I have enough time to repair it. If everything fails, well, you're screwed anyway :D
Just a heads up that Proxmox backup server is far better than NFS for backing up proxmox vms and cts as it deduplicates chunks, which makes backups there in effect "incremental"
I see one flaw in your setup. You are having backups on the nas-prod-1, and the boot drive of the nas-prod-1 (truenas) is lvm drive on physical prx-prod-2. You can backup the nas-prod-1 also without any problem, but then you have all the backups on the physical drives of the virtual machine. If everything dies, you'll have hard times to reconstruct the truenas machine itself. Having similar setup I'm backing up the backup machine (proxmox-backup system in my setup) system itself to the external drive.
nice list but seriously speaking using Proxmox Backup Server is way better than "just backup" - PBS gives more options for restoring i.e. selective restoring etc. It is very easy: just one more VM and storage for it from NAS
Thanks Christian, love to get the information with a high density. I do have a Proxmox 7.4-18 installation, which is the latest on Release 7. How to switch to Release 8?
For Let's Encrypt certificates, I prefer managing them on a reverse proxy, I'm using nginx-proxy-manager docker image in a docker virtual machine. Also I just make a wildcard certificate for everything in my domain so I don';t have to enter every VM hostname in the request to Let's Encrypt
For the certificate option I have something completely different. I have installed cloudflared on the proxmox host itself. Now i have a Cloudflare tunnels tunnel to have access to the host on the internet at all times using the public hostname with SSL encryption. Then I restricted the access to that tunnel using my Authentication provider EntraID (Azure Active Directory formerly) to authenticate. Now with a bit of that juicy conditional access on top of that API I can only authenticate from 3 trusted Ip addresses.
Interesting! I usually try to avoid installing anything on the main hyperV OS, because it doesn't feel "right" :D But sure, technically that would be an option! Just keep in mind if you're taking a backup of the config, or restore a system, it's hard to do whenever you made customizations to the OS you can't really see in the main UI.
One thing that is a problem.. or I'm prepared for a problem.. Microsoft and Google both have said they will stop allowing for SMTP TLS, as starting this fall they ill require MFA on send. I'm -really- interested in any sort of plan there is in the works for notifications after we cross that with Google and Microsoft.
Virtualizing your NAS is fine... until you try to upgrade and reboot the node with the virtualized NAS, at which point expect all your VMs that rely on that NAS to start to fail. This means functionally you now have a single point of failure on that one node. For me this means that node hardly ever gets updated. Unless of course I migrate it to another node, but that's not possible since the drives are only part of the one node, meaning there is no possibility of migration. I had someone talk me into virtualizing my NAS but they neglected to mention any of this. If you have a single-node cluster then you're fine. Otherwise a dedicated NAS is absolutely the way to go. Not enough people address this real-world problem of virtualizing a NAS in Proxmox.
How would you recommend configuring full disk encryption for either your full Proxmox install (and all derivative Guests / provisioned Disks) or on a Guest-by-Guest basis? I'm moving toward a more "paranoid" security model to protect my sensitive data in case of a theft or whatnot. I've been far too lazy about that, and I'd like to be prepared for the unexpected.
Thank you Christian for great vid I've already updated my checklist for new deployemnts according to this :) By the way would you recommend using your existing Let's Encrypt certificate from Traefik and importing it to each node, or would it be better to perform the DNS challenge from Proxmox for the same domain?
You basically just connect a 10G to your Proxmox and then your VMs can use 10G :) I've made some videos about my VLANs and Home Network, maybe that's helping you
What about UPS battery backup that shuts everything down gracefully if the power goes out? Possible to use WinNut or is there functions built in for this?
Hey, why are you not doing a Backup of the nas system? You could exclude the Data harddrives. Big Advantage is you can Always import the truenas volumes and Safe quick Access to the data
Hey Christian! First of all great channel, and thanks for such great videos! I am a Proxmox user for more than 8 years now, and most of the things you summarized in this video are really a must do. One thing I would recommend is setting up a VM in Proxmox, and connect primers to the Proxmox server and pass them through, if your VM is Linux for example, you can share those printers using CUPS and you will have the printers easily available for any device within your network without the need to even install them or configure it. I have done it, and I am able to print from Linux desktop, Windows desktop, Mac desktop, iPhones and iPads by simply using network printer, no driver hassle or ant other shannanigans! I hope this helps and also you can use this idea for your environment. Cheers!
Nice to have all those tips, I instantly added some of those to my proxmox environment.
One addition: I've read, that you should select the CPU type "host" instead of the default selected "x86-64-v2-AES" when creating a VM. It simply performs better.
I don’t think that’s true anymore, and using the v2-AES does solve a few problems when doing live migration to other nodes that might have a different CPU model. More testing to come… :)
@@christianlempa It still performs better depending on the application. However, your point about live migrations is true. If you are not on a cluster, host is usually the best option - along with backups of course :)
I saw the benchmarks with host and they were better
Host is also required If you want to use cuda or something similar. Otherwise you will get Errors due to unsupported CPU
Awesome video! Quick tip to keep things organized for VMs and CTs is make use of resource pools. I have few pools but most common are Production, non-production and testing. I use them to create different backup jobs so it don't waste alot of time backing up CTs/VMs when it only needs to be backed up few times a week or weekly. Plus when you create new CTs/VMs you can specify which pool to put it under.
Thanks! That's a topic I might have to take a closer look at ;)
So... the very first tip solved the problem I have been facing for the last 2 months, since I jumped on the Proxmox bandwagon. Thank you. :)
Oh really? Glad it was helpful! 😊👏
@@christianlempa Shockingly, yes. Searching online, I was searching the wrong thing, clearly lol.
Please keep doing these videos! When I eventually switch from ESXi to Proxmox, these will be INVALUABLE!
I haven't used ESXi myself a lot, so I can't talk about it, really. But I'm planning to do more "best-practices" videos about different tools and programs, I think that's gonna be a great series :)
Great to see more Proxmox videos. Ever since VMWare did VMware things Proxmox is now the obvious answer.
Thanks! Hope to create more content about Proxmox in the future :)
Ever since Broadcom did VMware things Proxmox is now the obvious answer.
Fixed.
@@christianlempa If you don't mind a suggestion, I'd love for there to be some actual documentation for people wanting to get RoCE or iWARP working with common stuff like iSCSI or SMB.
Currently the only 'easy' way to get RDMA for a homelabber is Windows with SMB Direct or by using BTRFS, but nothing for TrueNAS or Proxmox.
Would be a super big leap forward to have a big creator talking about the benefits RDMA offers, especially in a virtualization environment.
I prefer XCP-ng but to each their own
@UltralifeTech i hear you. Can you share just 1 or 2 points on why? I'm just curious.
Easily the best home server educator on the web. Keep up the great work, Love your Channel.
Thank you so much :)
A great video as always. Speaking about backup options i have always been struggling on finding a good description on how to backup the host itself and not just the VMs. Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario.
Glad it was helpful!
You answer is Proxmox Backup Client (CLI).
Proxmox Backup Server is only for VMs and CTs.
Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario.
- The first and easiest step to perform is to add a boot partition mirror. It is easy process, when you have proxmox running on ZFS.
Hey Christian, Thanks for your videos, the thing that I like most in the video was your terminal, always on top command prompt
Thank you so much! :)
Consider adding automatic VM-, CT-snapshot to your setup. It is especially useful for big VMs (like virtual backup servers), where backup is not feasible. I had cases of the not graceful shutdowns with disk corruption (despite having VHDs in a write-through mode). The roll-back to a snap-shot was enough to salvage the VMs. The roll-back is much faster to restore a screwed VM too.
What I always do, just a small thing, I disable 'Use tablet for pointer' on each VM. I just like to disable things I don't need.
For the certificate section, I created my own self signed certificate valid for 10 years. Since I'm only using it in my local network environment and it's not exposed to the internet.
Downside is that I need to install the root certificate on each device I access the web portal from. But it has to be done once only of course 😉
Great video Christian!
So you crumple the console mouse then as tablet mode allows absolute positioning based on the screen
@@damiendye6623 Most of my VM's are Linux (Ubuntu) servers without a GUI. Recently I tried Ubuntu 24 desktop (so with a GUI). The option is turned off but I have no problem whatsoever with the mouse cursor when connected to the console in Proxmox.
@@damiendye6623this needs further study - I've seen the advice to disable the tablet thing in a few other videos, but there is was to avoid certain issues iirc
@@damiendye6623 I remember I replied to this yesterday but TH-cam probably deleted my comment. Let's try again. Most of my servers are Ubuntu LTS without a GUI. I have 1 Ubuntu Desktop VM with this feature turned off and I have no problem using the cursor.
Curious, are you just running the self signed certificate to have an extra layer of security on your internal lan cause I guess it would still encrypt it based on the keys? As I understand it self-signed really is only for testing since MITM attacks would be simple still since if they breached your network they can overcome your encryption since there is no 3rd party validation to gain access to your traffic. With no external access I just wonder if the juice is worth the squeeze? Cause it doesn't get rid of your warning screen on the browser does it?
Thank you!
thank you!
thank you!
I had heard of twingate, but being stubborn I just kept me VPN as it is setup and "works". But now that you bring it up, I should at least try twingate and maybe move away from my VPN. To me the point of a homelab is to explore, try new things and most importantly learn new things. Thanks again for your video.
You're welcome! New video about twingate is also in the works ;)
Our main virtualization expert at work gave a REALLY great explination of CPU provisioning. One thing to keep in mind is that the numbrer of VCPU's assigned to a vm the CPU needs to have free and not already allocated to another vm in the QUE. For example if you assign 8 cores to a VM it would need 8 cores not already que'd to another VM. Even if the task the VM needs to run is a small task and doesn't require all 8 cores at that time it still needs to have the number of CPU cores available and not already allocated to another VM in the que. This means that a lot of times VM's that are over provisioned will actually run worse and lowering the number of CPU cores can actually increase performance. I am not sure how to see que times in Proxmox but this was an issue we were seeing at work with some of our VMware servers but the concept is still the same.
How ? Create graphs with context switches. Is 1 way to do it.
I'll very likely watch all of your Proxmox videos this was higher quality content than I expected since I use them for many years
Just came across your channel for the first time and now I'm mad I never found you before! Subscribed, looks like you have some really helpful videos!!
Thank you so much 😊 welcome here
Hey Christian, thanks for the insane amount of learning videos, I already learnt a lot!
I am very new and just built my first Homeserver.. Elitedesk 800 G3 Tower with i5-7600T, 32GB DDR4 & 2x 4TB WD Red Pro + 1x 240GB SSD just in case.
Nextcloud / NAS ; Home assistant (small environment) ; PiHole / Adguard ; MediaServer (Plex, Jellyfin, Kodi) ; Paperless NGX
Am trying to be as efficient and low power consumption as possible, currently Idle at 20.5W (might change to an i7-7700 due to same price and most likely same Watts usage?!)
I just setup my first Proxmox and used ZFS as Filesystem as it was recommended but I saw in 13:05 you're using LVM. I couldnt find any explanation on your channel as of why you chose it.
Thank you for the great feedback! I've not looked at ZFS because of the memory usage in Proxmox, I think when I upgrade to a cluster, I'd look into Ceph, but for now I'm happy with just LVM and regular backups to my virtual NAS :)
Hi Chris, great video as always! The only co meant is that (me) being an “older” IT guy need a little bit of a slower pace 😂. I would like for you to do an updated version on how to create and use valid certificates to avoid the annoying messages . Keep up the good work, love your content!
Thank you so much! :) :) I will try to slow down a bit! Agreed :D
Thanks for the video! This made me go back and visit my email notification settings that I had set up in a sort of hacky way since VE 7 something. Thought I'd give the notifications configuration via gui another shot based off this video and it worked so thanks! I'd much rather have the settings configured in the GUI than some manually hand-jammed postfix configs. Makes it much easier to remember what I did and how things are configured this way!
Nice! Thank you :)
For backups i think having a PBS server virtualized is much more better. Deduplication is key!
Only bad if your proxmox host crashes and all your vm's are down. I have 2 pbs as vm on different proxmox hosts for my daily vm backups (with sync jobs from each other every night) and I have one bare metal pbs with sync jobs for my 2 vm-pbs (once a week). So if one proxmox host crashes, I have one pbs on another host and if both crash, I have a separate one on bare metall.
Maybe that's a good idea for a future video. But I'm not a big friend of deduplication tbh :P
@@christianlempa Why?! :O
Finally fixed my broken notifications for my backups. Thank you.
You're welcome! :D
That was an awesome video and you are an excellent communicator. I am new to Proxmox but your approach really simplified things for me. Many thanks!
Thank you so much! :)
I installed twingate and it works great. Better than the cloudflare option
why is it better ?
Nice to hear! :)
@@basdfgwe Cloudflare (according to some reddit threads) seems to disallow anything that is multimedia. So no plex/jellyfin.
Thanks for this nice video! I never knew that someone that sounds like Stefan Raab would help me with proxmox ;)
Saved video to my Homelab Resources playlist. Good stuff.
Awesome, thank you!
This was very nice to ramp up my knowledge. In general I would be very interested in seeing how a nice storing setup in proxmox would look like. Do I have a storage for different data separated to control the access ? So all in all what type of storage I choose depending on the type of data.
Good point! I still have Ceph on my list to review, but that's not gonna happen until mid next-year, as I have to buy 2 new servers for this project 🙈
There goes my Saturday. I need to set up those ACME cloud flare plugins. That’s very cool.
@09:22 instructions missing for creating api token. Do we need read access or write / edit access on all resources or what type of resource could only be added for the certificate handling business. The crucial steps were jupmed from that to straight up add your email and token here.
Good timing. I have a Minisforum MS-01 sitting next to my desk that will be my first ever Proxmox host, but the RAM doesn't arrive til Monday I think, and the WD N700 2TB SSDs I ordered were on back order, so they're not supposed to get here til Wednesday.
The first thing I want to do with it is stand up a Debian VM to serve as my Docker host, and move all my Docker containers off my Synology NAS onto there. I am however a tad leery about the virtualized storage, as I just don't know if I like the stuff being wrapped up in virtual disks with snapshots backed up to the NAS, as opposed to backing up the actual files themselves to the NAS, then backing them up offsite to Backblaze B2 or something. Can you speak to this? Like... if I have snapshot backups and Proxmox gets hosed, if I setup Proxmox again will restoring those snapshots work?
9. Proxmox Backup Server - Set up a PBS vm with HA, and point it at your NAS.
PBS gives you deduplication and verification of backups. Save space and check your backup files.
Hi Christian, for backup your vm's you should use 1 pbs (as vm) on every proxmox host with daily replication to each other. If your host 1crashes, you have no more access to your backups, because your nas is down, too. In my case, you have 1 pbs with backups of every vm on both proxmox hosts.
That's an interesting use-case. Haven't thought about this before :D My plan is to build a new storage server in the next months and use this as a central storage for backups and vm disks, maybe that helps :)
I do the Same. Best Case!
Also the Chance to verifiy Backups and also reverify has incredible value!
I'm a newbie and this was very helpful, thanks!
Thank you! Glad it helped :)
9:23 - creating api token - cloudflare offers templates when creating the API token - is there a specific template that needs to be used or some fuller guide that you've done in the past for setting the permissions required ?
would be good to know. I could not get rid of the not secure despite successfully downloading the certs in proxmox
I just used Christian Lempa's method and it worked. I had a cloudflare token already created from previous attemps for which I had saved the details. I chose the custom template option with the following:
Token name: DDNS
Permissions: I added three permissions:
Zone, Zone Serttings, Read
Zone, Zone, Read
Zone,DNS,Edit
Zone Resources:
Include, All zones from an account, [my account was selected here]
Client IP Address Filtering: I didn't have anything set here.
@@MrDhukin thanks for the heads up. Useful info.
MOAR Proxmox videos please!
The part of configuring the DNS Zone in Clouflare is missing completely.
Christian, as always great video, a question that I can't seem to find a answer to is how Proxmox handles SSD drives and the "Trim" command to reclaim the stale blocks. Many mini PCs are NVME-SSD and by default Proxmox will partition the NVME for the OS and then make a "thin" partition for the VM's and LXC's. In my case I have a small NVME's in my Mini PC with a SATA SSD for the containers and their disks. This is partitioned as ZFS to allow for HA support of VM's and LXC's. Reading though the documentation there are ways to configure Trim in ZFS but there is also some blogs that talk about having the VM guest OS also issue trim. In the case of LXC's I have no clue on what would need to be done. Maybe you can do a video on storage options and best configuration options for various types of storage based on the VM/LXC?
Was ist ein tolles Video. Deine it skills sind wirklich bewundernswert. Und in diesem Video hast du auch mal nicht so schnell gesprochen so dass ich dem sogar folgen kann mit meinem schlechten Englisch. Und meinen geringen proxmox Erfahrung. Wirklich sehenswert und weiter so. Der IT Rentner mit 55😊.
Vielen Dank! :) Freut mich, dass es dir gefallen hat
I'm guessing you've heard of Proxmox Backup Server, I run it as a VM and backup to my NAS which is a separate machine on the network.
Great timing for the release of this video....I needed this checklist very much. Thank you!
Glad it was helpful!
love your content, christian! thanks for another helpful video.
Thank you so much :D
Thank you, you help me to solve my problem with pro mod and terraform with your videos
Great info Christian. You've got a new subscriber. Thanks for the video!
this is one of those videos that are game-changing. Anyone who wants to setup a proxmox server, a proxmox cluster even, will be able to have a solid configuration base for that.
congratulation for making such a rich and useful video, and thank you :)
Thank you so much! :D
Thx for the Great Video. Can you pls tell me what addon or Terminal you use for Mac in the Trusted TLS Part. maybe you have an Video about it in your Channel?
Do you have any plans on implementing/using IPv6 in your Home Lab ?
Ah that's one of these topics I wish I had more time for...
edit: my comment is wrong, sorry about that. I mixed up the general recommendation for Debian-based distros to use either "apt full-upgrade" or "apt dist-upgrade" instead of "apt upgrade" (not specific to Proxmox) with "apt full-upgrade" vs "apt dist-upgrade". And that mix-up kinda stuck in my head for the longest time lol.
please please please please please stop using apt dist-upgrade. Always use apt full-upgrade, which is also recommended by Proxmox
'apt full-upgrade' is just 'apt dist-upgrade' with the package cache being cleared when done. Proxmox discourages 'apt upgrade' because it will not install additional packages if required when updating installed packages.
@@RobertLaneTech lol you just answered why nobody should never use dist-upgrade
@@cheebadigga4092lol why the fuck would proxmox then use “apt-get dist-upgrade” every time you update through GUI. Given your advice that we should “NEVER” use it, it sure looks strange that Proxmox guys didnt fix their own shit yet.
I just see Nala I'm sure it'll be fine🎉
Do you have a source for your claim? A simple Google search shoes that they both do the same, one is just the old name from apt-get, the other from the new apt (which bundles the separate commands into one)
Hi Christian, in the Certificate section you mentioned you used a load balancing object to determine which node is active. What did you use to achieve that? Keepalived perhaps?
Btw, keep up the good work and awesome videos 😊
19:17 One thing against using a VM as your storage server is if you are backing up your VM(s) to that VM. If that server gpes down, you can't access the backup.
That's right. But I think the situation would be either a VM has a problem, which I can restore from that backup. Or when the backup VM has a problem, then the other VMs would be still running, so I have enough time to repair it. If everything fails, well, you're screwed anyway :D
@@christianlempa So your backups aren't on your NAS? Are they stored somewhere else, another NAS?
Awesome video! I know what Im doing when I get home today.
Thanks! Have fun :D
Would u make a video talking about attaching a storage, pool, or single disk shared over all the virtual machines?
I'm planning to make a video just on storage in Proxmox, but I need much more time for testing to be confident what I'm talking about ;)
Excellent as always. Didn't think certificates would be so easy 👍
Thank you! :)
great video, didnt know gotify was in the list for the notification
thx
Great video! Didn't know proxmox has its own mechanism for acme dns challenges..
Thanks! :) Glad it was helpful
Thanks Christian. Learned a couple tips I'll be implementing.
Thank you so much! :) Great it helped you
Christian, thanks a lot, as always, extreamly interesting!!!
Thank you so much 🙏
Thanks man! Hugs from Brazil!
Thank you :)
Just a heads up that Proxmox backup server is far better than NFS for backing up proxmox vms and cts as it deduplicates chunks, which makes backups there in effect "incremental"
Single node cluster 😂
You made my day.
:D
Thanks for the great video! Its always good to have solid standard practices for systems
Thank you! :) Glad you think so
I see one flaw in your setup. You are having backups on the nas-prod-1, and the boot drive of the nas-prod-1 (truenas) is lvm drive on physical prx-prod-2. You can backup the nas-prod-1 also without any problem, but then you have all the backups on the physical drives of the virtual machine. If everything dies, you'll have hard times to reconstruct the truenas machine itself. Having similar setup I'm backing up the backup machine (proxmox-backup system in my setup) system itself to the external drive.
Lots of good stuff in this video
Thank you mate
Many thanks for this video, very useful!
Thanks for the demo and info, have a great day
Thanks, you too!
Thanks a lot. I really appreciate your videos. You are excellent at explaining the topics you cover.
nice list but seriously speaking using Proxmox Backup Server is way better than "just backup" - PBS gives more options for restoring i.e. selective restoring etc. It is very easy: just one more VM and storage for it from NAS
Well, we need some topics for future videos as well right? :D
@@christianlempa buhahhaha ;-)
...and it has a great deduplication which saves us much storage. I've just wanted also to mention PBS after watching.
Thanks Christian , great essential content.
Awesome, thank you!
Great Video again. Thanks for that great one. Some of these settings was new to me and look really beneficial :)
Glad you enjoyed it!
Thank you for your video and great information on Proxmox. How do you backup your Proxmox Server?
Very helpful Video. Thank you very much.
Thanks glad u liked it
Great video Christian and nice intro! thank you for all the tips.
12:59 LVM and not ZFS?! Nah… 😉 Great video though 👍👍👍
Hi Christian...thanks very much for this. Do you use a Proxmox backup server in your environment or do you just backup with PVE?
Thanks! :) No, I just store the backups on my NAS
Thanks for the video, very instructive.
Glad it was helpful!
I mean for backups it is better to use Proxmox Backup Server instead of NFS
Great video my friend, I've learned some thing today ;)
That is amazing! Thank you :)
I both love this video and your other videos while also cannot get over my wwii obsessed childhood and keep expecting angry German yelling 😅
Thanks Christian, love to get the information with a high density. I do have a Proxmox 7.4-18 installation, which is the latest on Release 7. How to switch to Release 8?
There's a pretty nice guide on their website: pve.proxmox.com/wiki/Upgrade_from_7_to_8
what would you exclude or recommend if you need to use proxmox at work in a corporate environment or office?
great content!, how did you manage to have bullet colors for the VM? (purple, violet, green....)
Thanks! That’s when you add tags and change the style of the view
@@christianlempa Thank you!!!!!
very useful information Christian....vielen dank
Danke für's zuschauen! :D
Great video. Thanks for sharing with us
Glad you like it :D
For Let's Encrypt certificates, I prefer managing them on a reverse proxy, I'm using nginx-proxy-manager docker image in a docker virtual machine. Also I just make a wildcard certificate for everything in my domain so I don';t have to enter every VM hostname in the request to Let's Encrypt
Did I hear you correctly when you said that you have your truenas vm on your proxmox machine?
Yes
For the certificate option I have something completely different. I have installed cloudflared on the proxmox host itself. Now i have a Cloudflare tunnels tunnel to have access to the host on the internet at all times using the public hostname with SSL encryption. Then I restricted the access to that tunnel using my Authentication provider EntraID (Azure Active Directory formerly) to authenticate. Now with a bit of that juicy conditional access on top of that API I can only authenticate from 3 trusted Ip addresses.
Interesting! I usually try to avoid installing anything on the main hyperV OS, because it doesn't feel "right" :D But sure, technically that would be an option! Just keep in mind if you're taking a backup of the config, or restore a system, it's hard to do whenever you made customizations to the OS you can't really see in the main UI.
Hey Christian, when adding cloudflare api token which template should I use?
Edit Zone DNS
Again a verry usefull video !
Glad to hear that!
Great video and great tips! thx!
Glad it was helpful!
Hey Chris, given the choice, would you run esxi w/ vsphere or proxmox?
One thing that is a problem.. or I'm prepared for a problem.. Microsoft and Google both have said they will stop allowing for SMTP TLS, as starting this fall they ill require MFA on send. I'm -really- interested in any sort of plan there is in the works for notifications after we cross that with Google and Microsoft.
smtp2go or run your own smtp relay that can talk to M365. Proxmox has an email server.
love the videos
Virtualizing your NAS is fine... until you try to upgrade and reboot the node with the virtualized NAS, at which point expect all your VMs that rely on that NAS to start to fail. This means functionally you now have a single point of failure on that one node. For me this means that node hardly ever gets updated. Unless of course I migrate it to another node, but that's not possible since the drives are only part of the one node, meaning there is no possibility of migration.
I had someone talk me into virtualizing my NAS but they neglected to mention any of this. If you have a single-node cluster then you're fine. Otherwise a dedicated NAS is absolutely the way to go. Not enough people address this real-world problem of virtualizing a NAS in Proxmox.
Hi, Christian.
I realy love you video, for real
Thank you! :) There's a video: th-cam.com/video/IhEE_QlI1MU/w-d-xo.html
@@christianlempa I mean the pre url that you use that get load balanced between prx-01 and prx-02. Inside Traefik, how does it look like ? Thank you !
@@jer42688 Ah, got it! I'm using my Sophos XG Firewall with a simple IP list.
@@christianlempa Ahhh, thank you sir !! :D BTW very nice mandalorian t-shirt you got !
@ np :) thanks!
How would you recommend configuring full disk encryption for either your full Proxmox install (and all derivative Guests / provisioned Disks) or on a Guest-by-Guest basis? I'm moving toward a more "paranoid" security model to protect my sensitive data in case of a theft or whatnot. I've been far too lazy about that, and I'd like to be prepared for the unexpected.
Thank you Christian for great vid I've already updated my checklist for new deployemnts according to this :)
By the way would you recommend using your existing Let's Encrypt certificate from Traefik and importing it to each node, or would it be better to perform the DNS challenge from Proxmox for the same domain?
Awesome thank you! :) I would issue the certs on Proxmox instead of importing, because you also get auto-renewals from ACME on Proxmox.
Thank you for your time
Thank YOU!
thanks, these are great!
Could you also explain on how to set up VM´s using a 10gbit network ?
You basically just connect a 10G to your Proxmox and then your VMs can use 10G :) I've made some videos about my VLANs and Home Network, maybe that's helping you
Could you make a video about tailscale, twingate, ... pls
Thanks Christian.
Thank YOU :)
What about UPS battery backup that shuts everything down gracefully if the power goes out?
Possible to use WinNut or is there functions built in for this?
Hey, why are you not doing a Backup of the nas system? You could exclude the Data harddrives. Big Advantage is you can Always import the truenas volumes and Safe quick Access to the data
Hmmm actually a fair point I haven't thought about, :D Maybe I need to reconsider that, thanks for sharing!
@@christianlempa my pleasure! I have the Same Setup, as the sata Controller ist passed through is perfectly fine to Backup. Cheers from Vienna 👍