Build
One way to use Tailscale on Proxmox servers for remote access is to use a Proxmox CT (LXC) and it will be unprivileged for security reasons. Using one LXC we can reach all our devices on the remote site securely. Tailscale makes WireGuard mesh networking easy.
Tools
Attach a USB SSD or just a memory stick to a privileged LXC container on Proxmox, then install Samba in the container, and share the contents over the network. A network storage and more for SMB users. A fine place for ISOs and Cloud Images or family pictures or other media stuff.
Networking
Running Tailscale is really easy and you can use their Control Center. But, how about total autonomy and self-host the Tailscale Control Center on your own server or a VPS. It is possible, and this post is about setting it all up using Headscale.
Markdown is a text-to-HTML conversion tool for web writers. It allows you to write using an easy-to-read, easy-to-write plain text format, then convert it to structurally valid XHTML (or HTML). — John Gruber
Networking
Anyone who do remote work will have the need to start a remote machine at some point in their career. I'm using UpSnap in my Tailscale VM in Docker to perform WoL of some of the Servers. This VM is on an always on server and runs: Portainer, Tailscale and UpSnap.
Ricing
If you want to show Copyright and other warning or display system information in the Login or Banner Page, you definitely can do it.
Build
Upgraded your server, but you need your old ZFS pools. How to import your olde files. Sometimes it's better to reinstall the Proxmox rather than trying to fix a broken system.
Networking
No open ports. Global access to your Proxmox and other nodes. Secure VPN communication using Tailscale. Tailscale makes WireGuard mesh networking easy. You can use Tailscale's cloud based Control Center or self-host one - Headscale.
Build
Adding users to the sudo/doas/wheel group is a straightforward way to grant root-like access, especially in a multi-user environment where multiple users need administrative privileges. Is it wise – no, is it needed – sometimes. See also the Fail2ban section.
If you set up an Ubuntu server with the default US keyboard, you might like to change to your local keyboard. This is a quick note on how to do it.
This post will show the use of the Docker Socket Proxy with Portainer. It allows controlled and secure automation while still maintaining security. It's a reverse proxy that allows you to control what Docker API endpoints can be accessed by Docker clients such as Portainer, DIUN and Watchtower.
How do you make "Copy and Paste" work in your VM.
Container orchestration the easy way. Swarm mode is an advanced feature for container orchestration. Use Swarm mode if you intend to use Swarm as a production runtime environment. Docker Swarm mode is built into the Docker Engine. Docker Swarm mode is similar to K3s or even K8s, but it's lighter.
Sometimes it's a better to have an easy-to-use system rather than one with everything. We need a secure VM and that's why we run Proton OS. Using the recommendations of the KSPP (Kernel Self-Protection Project), the Photon OS Linux Kernel is secure from the start.
My new favorite. A Modern Docker Management GUI with a clean, intuitive design. The GUI includes: real-time monitoring, container management, image management, network configuration, volume management and resource visualization and the list goes on ...
One of the supporting pillars of virtualization is the use of Cloud-Init and Cloud Images. Setting up VMs is easy and fast. The process is easy to automate and adapt to CI/CD.
SmokePing is a deluxe latency measurement tool. It can measure, store and display latency, latency distribution and packet loss. SmokePing uses the RRDtool to maintain a long term data-store. It draws informative graphs of the state of each network connection to express up-to-the-minute information.
TrueCommand is a ZFS-aware solution, allowing you to set custom alerts on statistics like ARC usage or pool capacity, ensuring storage uptime and future planning. TrueCommand also identifies and pinpoints errors on drives or vdevs, saving valuable time when troubleshooting and resolving issues.
Running services on a PVE node is a perfect place to simulate networking. For the basic setup, we are to use SDN and OPNsense. Setting up a virtual or dedicated NIC as WAN and set up an SDN network for our VM/CT to use.
Proxmox Backup Server is flexible and can be installed on any device running Debian, a VM or a LXC. Here I show my Proxmox LXC setup. Having PBS on the PVE is making use of the large and fast SSD ZFS RAID 10 storage.
Before re-using any old disk, I do like to wipe them of data. Before removing the disk from the node, we wipe it clean. Now they are ready to store for later use or passed to a new owner with an old server.
