Don’t run Proxmox without these settings!
Vložit
- čas přidán 31. 05. 2024
- Check out Twingate, start making your network more secure and safe: twingate.com
In this video, I will share my essential best practices and configuration settings for Proxmox, a powerful hypervisor platform. I'll walk you through crucial settings for any new Proxmox installation and tips for setting up new virtual machines, aiming to enhance the robustness, security, and performance of your setups. Join me as we delve into keeping your Proxmox server updated, configuring storage, and managing backups.
References
- Proxmox Cluster: • More POWER for my Home...
- Twingate Video: • STOP using VPN, embrac...
- Proxmox Templates with Packer: • Create VMs on Proxmox ...
- Proxmox VM automation with Terraform: • Proxmox virtual machin...
________________
💜 Support me and become a Fan!
→ christianlempa.de/patreon
💬 Join our Community!
→ christianlempa.de/discord
👉 Follow me everywhere
→ christianlempa.de
________________
Read my Tech Documentation
christianlempa.de/docs
My Gear and Equipment
christianlempa.de/kit
________________
Timestamps:
00:00 Introduction
02:25 Configure Updates
05:19 Notifications
06:36 Trusted TLS Certificates
12:19 Storage Options
14:39 Setup Backup Jobs
17:37 Enable PCI Passthrough
19:34 VM best-practices
23:46 VM templates
________________
Links can include affiliate links. - Věda a technologie
Great to see more Proxmox videos. Ever since VMWare did VMware things Proxmox is now the obvious answer.
Thanks! Hope to create more content about Proxmox in the future :)
Ever since Broadcom did VMware things Proxmox is now the obvious answer.
Fixed.
@@christianlempa If you don't mind a suggestion, I'd love for there to be some actual documentation for people wanting to get RoCE or iWARP working with common stuff like iSCSI or SMB.
Currently the only 'easy' way to get RDMA for a homelabber is Windows with SMB Direct or by using BTRFS, but nothing for TrueNAS or Proxmox.
Would be a super big leap forward to have a big creator talking about the benefits RDMA offers, especially in a virtualization environment.
I prefer XCP-ng but to each their own
@UltralifeTech i hear you. Can you share just 1 or 2 points on why? I'm just curious.
Hey Christian! First of all great channel, and thanks for such great videos! I am a Proxmox user for more than 8 years now, and most of the things you summarized in this video are really a must do. One thing I would recommend is setting up a VM in Proxmox, and connect primers to the Proxmox server and pass them through, if your VM is Linux for example, you can share those printers using CUPS and you will have the printers easily available for any device within your network without the need to even install them or configure it. I have done it, and I am able to print from Linux desktop, Windows desktop, Mac desktop, iPhones and iPads by simply using network printer, no driver hassle or ant other shannanigans! I hope this helps and also you can use this idea for your environment. Cheers!
Please keep doing these videos! When I eventually switch from ESXi to Proxmox, these will be INVALUABLE!
I haven't used ESXi myself a lot, so I can't talk about it, really. But I'm planning to do more "best-practices" videos about different tools and programs, I think that's gonna be a great series :)
Awesome video! Quick tip to keep things organized for VMs and CTs is make use of resource pools. I have few pools but most common are Production, non-production and testing. I use them to create different backup jobs so it don't waste alot of time backing up CTs/VMs when it only needs to be backed up few times a week or weekly. Plus when you create new CTs/VMs you can specify which pool to put it under.
Thanks! That's a topic I might have to take a closer look at ;)
Nice to have all those tips, I instantly added some of those to my proxmox environment.
One addition: I've read, that you should select the CPU type "host" instead of the default selected "x86-64-v2-AES" when creating a VM. It simply performs better.
I don’t think that’s true anymore, and using the v2-AES does solve a few problems when doing live migration to other nodes that might have a different CPU model. More testing to come… :)
@@christianlempa It still performs better depending on the application. However, your point about live migrations is true. If you are not on a cluster, host is usually the best option - along with backups of course :)
I saw the benchmarks with host and they were better
Host is also required If you want to use cuda or something similar. Otherwise you will get Errors due to unsupported CPU
Great timing for the release of this video....I needed this checklist very much. Thank you!
Glad it was helpful!
Thanks for the video! This made me go back and visit my email notification settings that I had set up in a sort of hacky way since VE 7 something. Thought I'd give the notifications configuration via gui another shot based off this video and it worked so thanks! I'd much rather have the settings configured in the GUI than some manually hand-jammed postfix configs. Makes it much easier to remember what I did and how things are configured this way!
Nice! Thank you :)
A great video as always. Speaking about backup options i have always been struggling on finding a good description on how to backup the host itself and not just the VMs. Pretty regularly some minor tweaks are required to be made in the host which is usually an effort that should be re-done on system drive failure scenario.
Glad it was helpful!
You answer is Proxmox Backup Client (CLI).
Proxmox Backup Server is only for VMs and CTs.
Thanks a lot. I really appreciate your videos. You are excellent at explaining the topics you cover.
love your content, christian! thanks for another helpful video.
Thank you so much :D
Thanks for the great video! Its always good to have solid standard practices for systems
Thank you! :) Glad you think so
Great video Christian and nice intro! thank you for all the tips.
Finally fixed my broken notifications for my backups. Thank you.
You're welcome! :D
Thank you!
thank you!
thank you!
I had heard of twingate, but being stubborn I just kept me VPN as it is setup and "works". But now that you bring it up, I should at least try twingate and maybe move away from my VPN. To me the point of a homelab is to explore, try new things and most importantly learn new things. Thanks again for your video.
You're welcome! New video about twingate is also in the works ;)
Excellent as always. Didn't think certificates would be so easy 👍
Thank you! :)
What I always do, just a small thing, I disable 'Use tablet for pointer' on each VM. I just like to disable things I don't need.
For the certificate section, I created my own self signed certificate valid for 10 years. Since I'm only using it in my local network environment and it's not exposed to the internet.
Downside is that I need to install the root certificate on each device I access the web portal from. But it has to be done once only of course 😉
Great video Christian!
So you crumple the console mouse then as tablet mode allows absolute positioning based on the screen
@@damiendye6623 Most of my VM's are Linux (Ubuntu) servers without a GUI. Recently I tried Ubuntu 24 desktop (so with a GUI). The option is turned off but I have no problem whatsoever with the mouse cursor when connected to the console in Proxmox.
@@damiendye6623this needs further study - I've seen the advice to disable the tablet thing in a few other videos, but there is was to avoid certain issues iirc
@@damiendye6623 I remember I replied to this yesterday but CZcams probably deleted my comment. Let's try again. Most of my servers are Ubuntu LTS without a GUI. I have 1 Ubuntu Desktop VM with this feature turned off and I have no problem using the cursor.
Saved video to my Homelab Resources playlist. Good stuff.
Awesome, thank you!
Great Video again. Thanks for that great one. Some of these settings was new to me and look really beneficial :)
Glad you enjoyed it!
Thank you, you help me to solve my problem with pro mod and terraform with your videos
Thanks Christian. Learned a couple tips I'll be implementing.
Thank you so much! :) Great it helped you
I installed twingate and it works great. Better than the cloudflare option
why is it better ?
Nice to hear! :)
Thanks for the video, very instructive.
Glad it was helpful!
Good timing. I have a Minisforum MS-01 sitting next to my desk that will be my first ever Proxmox host, but the RAM doesn't arrive til Monday I think, and the WD N700 2TB SSDs I ordered were on back order, so they're not supposed to get here til Wednesday.
The first thing I want to do with it is stand up a Debian VM to serve as my Docker host, and move all my Docker containers off my Synology NAS onto there. I am however a tad leery about the virtualized storage, as I just don't know if I like the stuff being wrapped up in virtual disks with snapshots backed up to the NAS, as opposed to backing up the actual files themselves to the NAS, then backing them up offsite to Backblaze B2 or something. Can you speak to this? Like... if I have snapshot backups and Proxmox gets hosed, if I setup Proxmox again will restoring those snapshots work?
Thanks Christian , great essential content.
Awesome, thank you!
Thanks man! Hugs from Brazil!
Thank you :)
what would you exclude or recommend if you need to use proxmox at work in a corporate environment or office?
Thanks for the demo and info, have a great day
Thanks, you too!
@ Christian Lempa, with windows VMs did you not encounter issues with the nic as virtio when using VPNs inside the VM? I had dropouts until I changed to intel NIC, yes 1000 mbps limit, but no issues otherwise.
Our main virtualization expert at work gave a REALLY great explination of CPU provisioning. One thing to keep in mind is that the numbrer of VCPU's assigned to a vm the CPU needs to have free and not already allocated to another vm in the QUE. For example if you assign 8 cores to a VM it would need 8 cores not already que'd to another VM. Even if the task the VM needs to run is a small task and doesn't require all 8 cores at that time it still needs to have the number of CPU cores available and not already allocated to another VM in the que. This means that a lot of times VM's that are over provisioned will actually run worse and lowering the number of CPU cores can actually increase performance. I am not sure how to see que times in Proxmox but this was an issue we were seeing at work with some of our VMware servers but the concept is still the same.
How ? Create graphs with context switches. Is 1 way to do it.
12:59 LVM and not ZFS?! Nah… 😉 Great video though 👍👍👍
Great video. Thanks for sharing with us
Glad you like it :D
Great video my friend, I've learned some thing today ;)
That is amazing! Thank you :)
very useful information Christian....vielen dank
Danke für's zuschauen! :D
thanks, these are great!
Awesome video! I know what Im doing when I get home today.
Thanks! Have fun :D
Great video and great tips! thx!
Glad it was helpful!
Just a heads up that Proxmox backup server is far better than NFS for backing up proxmox vms and cts as it deduplicates chunks, which makes backups there in effect "incremental"
Lots of good stuff in this video
Thank you mate
Again a verry usefull video !
Glad to hear that!
Thank you Christian for great vid I've already updated my checklist for new deployemnts according to this :)
By the way would you recommend using your existing Let's Encrypt certificate from Traefik and importing it to each node, or would it be better to perform the DNS challenge from Proxmox for the same domain?
Awesome thank you! :) I would issue the certs on Proxmox instead of importing, because you also get auto-renewals from ACME on Proxmox.
Thank you for your time
Thank YOU!
Great video! Didn't know proxmox has its own mechanism for acme dns challenges..
Thanks! :) Glad it was helpful
Guter Tag Christian, Thanks a lot for the video, it helps a lot, I got a very strange behaviour, in my Proxmox environment, I have truenas running with a pool for shared information. So far good, but if I check the size of the truenasvm each day is increasing its size by 500mb per day, and I cannot figured out why, have you ever have a scenario as mine?, do you have any idea?
MOAR Proxmox videos please!
Thank you for your video and great information on Proxmox. How do you backup your Proxmox Server?
For backups i think having a PBS server virtualized is much more better. Deduplication is key!
Only bad if your proxmox host crashes and all your vm's are down. I have 2 pbs as vm on different proxmox hosts for my daily vm backups (with sync jobs from each other every night) and I have one bare metal pbs with sync jobs for my 2 vm-pbs (once a week). So if one proxmox host crashes, I have one pbs on another host and if both crash, I have a separate one on bare metall.
Maybe that's a good idea for a future video. But I'm not a big friend of deduplication tbh :P
nice list but seriously speaking using Proxmox Backup Server is way better than "just backup" - PBS gives more options for restoring i.e. selective restoring etc. It is very easy: just one more VM and storage for it from NAS
Well, we need some topics for future videos as well right? :D
@@christianlempa buhahhaha ;-)
Single node cluster 😂
You made my day.
:D
Do you have any plans on implementing/using IPv6 in your Home Lab ?
Ah that's one of these topics I wish I had more time for...
What is the max FPS, resolution, and ghz I can get from gaming with proxmox? Are there any limitations?
Hi need help, I want to build a vps machine in a bare metal .
It's a production server what ate the things needed apart from a baremetal server
love the videos
Christian you say you order a certificate and then the certificate warning disappears in the browser. But do these certificates autorenew yearly? Are they permanent certificates different from SSL certificates in being TLS certificates? I have a blockchain running inside a docker image and it needs a loop to restart the blockchain and rewrite a private key because the ssl certificate has to regularly be renewed, so that when it is renewed the blockchain is restarted to prevent dodgy handshake messages even though the blockchain ports ae secure, are you saying that I can use a TLS certificate once off, rather? So that I don't have to put my blockchain on a loop to restart so that I regenerate a new private key related to the SSL certificate. I' m not sure how it's different, the tls certificate from the ssl.
That's one of the advantages of the ACME protocol, which allows a simple and easy way to issue, and renew certs. Letsencrypt certs usually expire after 90 days, if that happens the daily update daemon in Proxmox will automatically try to renew them.
@@christianlempa I see. The NXT blockchain clone has a privkey that should be auto-updated if the cert is renewed, and the blockchain restarted. I wonder if I will still need to use a loop in docker to fix this problem because the blockchain keystore is a copy of the privkey from the cert and the blockchain needs to be restarted if it is changed for it to take effect. Hopefully I will figure it out sometime, but I see the problem is still there. There is a bash command I insert in the dockerfile to renew the blockchain's key and restart the blockchain container. But this solution will be great for the DNS resolution for nodes, the command will rely on seeing if the date of the cert has changed to 'refresh the blockchain' image / restart. I have not had time to work on it for a year, my memory is bad now. Great videos...|! I hope I can get back into admin fun!
Thanks Christian, love to get the information with a high density. I do have a Proxmox 7.4-18 installation, which is the latest on Release 7. How to switch to Release 8?
There's a pretty nice guide on their website: pve.proxmox.com/wiki/Upgrade_from_7_to_8
Thanks for the video BUT what do you think about ttek Proxmox VE Tools ? there's like 14!
Haven't looked into this tbh
Do you think it is a good practice to hypervize Truenas? Also, what do you think about Cockpit for that purpose?
There's no reason I could think of why you should or could not run a storage server in a VM. But it comes with a few caveats, in terms of organization and flexibility. maybe worth another video ;)
@@christianlempa If Proxmox fails for some reason, the storage would also go down, that's why I think some people suggesting bare metal. Thank you for your efforts!
3 node cluster connected via 10Gbps with local storage: ZFS or Ceph?
Good question, I will do some experiments with Ceph at some point :)
Did I hear you correctly when you said that you have your truenas vm on your proxmox machine?
Yes
How does raw passthrough without iommu compare to using iommu?
what about cpu. host cpu setting usually give more performance if you use similar cpus in cluster
i keep getting Failed to connect to server no vnc when i try to lunch a wm on proxmox. Any help ?
The part of configuring the DNS Zone in Clouflare is missing completely.
Would u make a video talking about attaching a storage, pool, or single disk shared over all the virtual machines?
I'm planning to make a video just on storage in Proxmox, but I need much more time for testing to be confident what I'm talking about ;)
Hi Christian, for backup your vm's you should use 1 pbs (as vm) on every proxmox host with daily replication to each other. If your host 1crashes, you have no more access to your backups, because your nas is down, too. In my case, you have 1 pbs with backups of every vm on both proxmox hosts.
That's an interesting use-case. Haven't thought about this before :D My plan is to build a new storage server in the next months and use this as a central storage for backups and vm disks, maybe that helps :)
I do the Same. Best Case!
Also the Chance to verifiy Backups and also reverify has incredible value!
I have problem with packer template and cloud ini
Hey, why are you not doing a Backup of the nas system? You could exclude the Data harddrives. Big Advantage is you can Always import the truenas volumes and Safe quick Access to the data
Hmmm actually a fair point I haven't thought about, :D Maybe I need to reconsider that, thanks for sharing!
@@christianlempa my pleasure! I have the Same Setup, as the sata Controller ist passed through is perfectly fine to Backup. Cheers from Vienna 👍
Thanks Christian.
Thank YOU :)
what do you think about proxmox helper scripts? have you made a video about it before?
No idea which helper you're referring to
One thing that is a problem.. or I'm prepared for a problem.. Microsoft and Google both have said they will stop allowing for SMTP TLS, as starting this fall they ill require MFA on send. I'm -really- interested in any sort of plan there is in the works for notifications after we cross that with Google and Microsoft.
smtp2go or run your own smtp relay that can talk to M365. Proxmox has an email server.
Thanks.
You're welcome :)
Could you also explain on how to set up VM´s using a 10gbit network ?
You basically just connect a 10G to your Proxmox and then your VMs can use 10G :) I've made some videos about my VLANs and Home Network, maybe that's helping you
What do you recommend to use as SMTP server?
You can use any email provider like gmail, of365, or self-hosted mail servers. SMTP is standardized and works with most providers
But whats the way to backup proxmox config without proxmox backup server.
19:17 One thing against using a VM as your storage server is if you are backing up your VM(s) to that VM. If that server gpes down, you can't access the backup.
That's right. But I think the situation would be either a VM has a problem, which I can restore from that backup. Or when the backup VM has a problem, then the other VMs would be still running, so I have enough time to repair it. If everything fails, well, you're screwed anyway :D
@@christianlempa So your backups aren't on your NAS? Are they stored somewhere else, another NAS?
9. Proxmox Backup Server - Set up a PBS vm with HA, and point it at your NAS.
PBS gives you deduplication and verification of backups. Save space and check your backup files.
Could you explain why your not using containers?
I'm running Docker inside my VMs, but I'm not running LXC.
How different is twingate from tailscale?
There's a Twingate tutorial on my channel that goes into detail, and there's more content around that coming out soon :D
please please please please please stop using apt dist-upgrade. Always use apt full-upgrade, which is also recommended by Proxmox
'apt full-upgrade' is just 'apt dist-upgrade' with the package cache being cleared when done. Proxmox discourages 'apt upgrade' because it will not install additional packages if required when updating installed packages.
@@RobertLaneTech lol you just answered why nobody should never use dist-upgrade
@@cheebadigga4092lol why the fuck would proxmox then use “apt-get dist-upgrade” every time you update through GUI. Given your advice that we should “NEVER” use it, it sure looks strange that Proxmox guys didnt fix their own shit yet.
Could you make a video about tailscale, twingate, ... pls
Was that a 1password pop-up for the ssh creds???
Does anyone have a tutorial on that?
Not yet, but hopefully at some day I have some time for it :D
@christianlempa Well i did not even know that was possible. So I look forward to that video!
5:05 how about cron to automate updates and reboots?
I don't like doing that, I still do updates manually
@@christianlempa was kinda hoping to see something like "cron is lame for such task, i use and its realy awesome" :D , anyway great video, keep up good work!
this is one of those videos that are game-changing. Anyone who wants to setup a proxmox server, a proxmox cluster even, will be able to have a solid configuration base for that.
congratulation for making such a rich and useful video, and thank you :)
Thank you so much! :D
@22:11 - what is virGL-GPU for ??
That gave me better performance when running Windows, but systems without a graphical interface don't need it.
I actually tried adding my local ip to cloudflare dns and it didn’t work. Do you know why?
No idea, maybe check out our Discord :)
Make sure you select DNS only, and not Proxied.
I'm still unclear on the TLS Certificate instructions. Especially the local DNS and the cloudflare DNS and the comment that there are two ways to do it. do I even need cloudflare ( I have it with domains there but do not run local DNS other than a .lan internal )
There are 3 things you need: 1. a public domain, 2. a dns resolver at home, and 3. dns provider that is in that list of the ACME DNS Challenge plugin of proxmox :) Join our Discord if you have specific questions and need help!
@@christianlempa Thanks. I just joined and will follow up there to hopefully clear up any questions mostly about the DNS resolver requirement. Will give more detail on your discord. 🙏
Another Christian's must have video.
thank you.👍
Awesome! THanks!
I place a .forward in the home directory for root so that mail to root goes where I want it to.
I'm actually forwarding root in /etc/aliases to my normal user account now.
I thought there was an issue with running updates from the CLI like that. I recall doing that and then borking up the boot process.
Edit: I recall, I did the update commands incorrectly out of habit. No problem with the way it’s done here.
Thanks for the update! ;)
After dinner movie
Enjoy both :D
Best! Please tell about nfs & Unprivileged LXC containers, аnd about share folder in proxmox lxs.
I haven't done much with LXC and I'm not planning to do, so I don't know if that will happen :/
@@christianlempa sad( But why you not use LXC??
Using Disk VirtIO Block on Bus/Device also speeds up disk speed.
Note, that this is not recommended anymore, as on the Proxmox website it says virtio block might get deprecated in the future: pve.proxmox.com/wiki/Paravirtualized_Block_Drivers_for_Windows
@@christianlempa I would like to know why, because disk speed increases a lot when using it. Perhaps I should go and ask on the irc channel :)
Don't tell Christian, but I haven't enabled Notifications because it's not available in the control panel at all and I've been too lazy to figure out certs. Even though there are excellent tutorials on how to get them setup..
Haha, I've caught you in the comments :D
Do you really think it is a good idea to have your pmox server available over WAN?
If it's protected using a strong authentication service, why not?
@@christianlempa Because it introduces an unnesseccary vulnerability at the root of your stack. Personally I would only access it using wireguard, etc. when outside of my network.
@@gabscar1 yeah sure, but that’s what I’m doing. So I’m not exposing it directly, that’s why I said you need a secure auth
i run a truenas server its ok I have tried to spin up proxmox a few times and I did not do a good job lol :) but one thing about running a home server man oh man is space I need to get more space for my server or a better server but lol when your low income sometimes saveing up for life HDD I find are just getting high in price I bet in some way proxmox mite of did a better job but I only have plex in the server I don't no just asking is there a page in Canada that are a bit cheaper in price second hand to get new servers I am only running about 22tb but have like 3 to 4 tb left but need to either find a new server new home that you for all the teaching you do
I mean for backups it is better to use Proxmox Backup Server instead of NFS
dang. You didnt show how to setup the token correct in cloudflair.. i am at a loss, there is a bunch of options..
Just choose Custom token, then select from Zone just DNS : Read and Write and that's it.
Great video ! How do I setup the smtp server for notifications?
You can use an email provider, such as GMail, O365, or any free SMTP account. Or self-host it. I just connected my O365 account, works fine :)
@@christianlempathank you ! I used sendgrid which was easy to setup
AmazonSES works great, has a freetier and it is very useful.
i wish i could use any of these... i really wanted to use the cert. i guess its because i am not using HA idk im still new at this..
Schlag mich nicht, aber ich hätte gerne Proxmox auf einem "alten" MacBook Air (2019) zum Laufen gebracht. Vor allem wegen der Energiesparsamkeit. Den Akku hätte man ja vorab noch abklemmen können, damit durch's ständige Laden keine Gefahr besteht. Für die paar Anwendungen die ich dafür habe, wäre die Kiste völlig ausreichend. Und man könnte die Kiste sogar auf Reisen bequem mitnehmen. Aber leider bin ich an den Apple Treibern gescheitert. Apple selbst hat keine public und die die es gibt, taugen nicht viel. Wenn jemand eine Lösung kennt, lasst es mich wissen. Sollte man die Kiste vielleicht einfach verkaufen? Und dafür ein dedizierten Proxmox Server kaufen? Wenn ja, welche Hardware? Bin überfordert. Hauptsache flott, leise, und sparsam.
Haha :D Also was ich sagen kann, dass ich super gute Ergebnisse mit dem Minisforum ITX board BD770i gemacht habe, video dazu auf meinem Kanal. Deshalb würde ich mal bei Minixforum schauen, die haben auch einige coole Mini PCs, da findest du bestimmt etwas das schnell genug und sparsam ist :)
Better yet for the updates using the scripts by tteck it will disable the no subscription notification
I'm not a friend of workarounds like this, but sure, you can do that