Life, as it were…

Tag: Proxmox

  • Alpine Linux for beginners…

    Alpine Linux for beginners…

    Alpine linux, from their website, is a security-oriented, lightweight Linux distribution based on musl libc and busybox. I don’t 100% know what that means, so here’s their site 😄

    about | Alpine Linux
    Alpine Linux
    Alpine Linux

    Alpine Linux

    To kick this off, we are going to install Apline on Proxmox, do some basic configurations, install the Alpine Configuration Framework, install and configure WordPress with lighttpd, mariadb and php, then tie it off with a simple Samba share.

    Install Alpine Linux on Proxmox

    You can deploy with the resources you wish, however, for this I’ll be using 32Gb Disk, 1vCPU, 2Gb RAM.

    Once the VM is booted, you’ll be asked to login. Typically just type root and hit enter. You should be logged in.

    Now you can run the setup process. Run the command:

    setup-alpine

    From that script, you’ll be asked a series of questions. I’d like to eventually develop an answerfile for this as most of my stuff is the same across the board. Here are the answers I used:

    keymap: us ushostname: alpinevminterfaces: eth0networking: dhcproot password: 'somethingstrong'timezone: America/Chicagofqdn: alpinevm.domain.tldproxy: nonerepos: c ruser: nossh: opensshdisk: sdainstall mode: sys

    Once the setup finishes, it’ll ask you to reboot. Since I went with the sys install mode, I’ll remove the ISO from the VM before.

    Get logged back into the VM through Proxmox console.

    For this example only, I’m allowing password login via root on the VM by modifying /etc/ssh/sshd_config.

    AllowRootLogin yes

    At this point you can now SSH to the VM to work with it. It’s a functioning Alpine OS VM with no services at this time.

    Alpine Configuration Framework

    I’m not a linux guru by any stretch of the imagination, so I’ve relied on other tools to help me at least visualize or read data from linux systems in the past to aid in configurations. Many times that was Webmin/Virtualmin. You can run Webmin on Alpine but it’s a bit of a hack and I don’t recomend it. Aline ships with a WebUI of sorts that may help you to get started. That’s called the Alpine Configuration Framework (AFK).

    To install ACF, simply run the command:

    setup-acf

    By default the mini_httpd server runs on port 443, so I’ll update that to run on port 10443. Modify /etc/mini_httpd/mini_httpd.conf to to show port 10443 instead of 443 and restart the mini_httpd service:

    service mini_httpd restart

    Now open a browser to https://<yourvmip>:10443 and login with root.

    WordPress

    WordPress, while being a huge player in the Web CMS game, is also super easy to use and a great starting point for your new website/blog. To deploy WordPress, we will install lighttpd, mariadb, php, and more to get it all up and running.

    Install lighttpd and php packages:

    apk add lighttpd php82 fcgi php82-cgi php82-mysqli php82-session php82-mbstring php82-gettext

    Configure Lighttpd

    Edit /etc/lighttpd/lighttpd.conf and uncomment the line:

    include "mod_fastcgi.conf"

    Edit /etc/lighttpd/mod_fastcgi.conf, find and change /usr/bin/php-cgi to /usr/bin/php-cgi82 so it looks like the line below:

    "bin-path" => "/usr/bin/php-cgi82" # php-cgi

    Start lighttpd service and add it to default runlevel:

    rc-service lighttpd start rc-update add lighttpd default

    Install extra packages:

    apk add wget mariadb mariadb-client php82-mysqli

    Restart Lighttpd:

    rc-service lighttpd restart

    WordPress

    Download and deploy the latest version of WordPress:

    mkdir -p /var/www/wordpress
    cd /var/wwwwget https://wordpress.org/latest.tar.gztar -xzvf latest.tar.gzrm latest.tar.gz

    Set folder permissions and create a symlink for easy navigation:

    chown -R lighttpd /var/www/wordpressln -s /var/www/wordpress/ /var/www/localhost/htdocs/wordpress

    Config and start MySql

    /etc/inid.d/mariadb setuprc-service mariadb start && rc-update add mariadb default/usr/bin/mariadb-admin -u root password 'somethingstrong'

    Create the WordPress database

    mysql -u root -p
    CREATE DATABASE wordpress;GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'anotherstrongpassword';FLUSH PRIVILEGES;EXIT

    Install WordPress

    Browse to http://ipaddress/wordpress/.

    From here you simply answer the questions. Mine ended up like:

    database: wordpressdb user: wordpressdb pass: 'anotherstrongpassword'db server: localhost

    Click next and you have a page of more questions, mine were:

    Site Title: my awesome websiteUsername: myemailaddressPassword: 'strongpassword'E-Mail: myemailaddress

    Click Install and you have a functioning installation of WordPress.

    Samba (SMB Share)

    In keeping with the example here, we’ll create a data folder as our Samba/SMB Share.

    Install Samba

    apk add samba

    Now you could create a directory for your share.

    mkdir /var/samba/datachmod 0777 /var/samba/data

    Alpine already gives you a smb.conf so we can run the command to move it out the way for now:

    mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

    Now you can create your own smb.conf with the following contents:

    [global]workgroup = WORKGROUPserver string = ALPINE LINUX ALPINEVMserver role = standalone serverhosts allow = 192.168.254.0/24log file = /var/log/samba/%m.logmax log size = 50[data]path = /var/samba/datacomment = Default Data Sharefollow symlinks = yeswide links = yeswriteable = yes

    Now let’s create some usernames (create the same user/pass 2x) with the following:

    adduser usernamesmbpasswd -a username

    Finish by starting samba and setting it up to start at boot:

    # rc-update add samba# rc-service samba start

    All done. Now you can navigate to \ipaddress\data to access your share with the user/pass you created. Possibly bad advice: create the same user/pass combo your workstation is using to access the samba share (i.e. usernamexyz/passwordabc on Windows 10 and usernamexyz/passwordabc on Alpine/Samba).

  • a simple homelab

    a simple homelab

    I’ve tried writing this post a dozen times now and I think I’ll go with the most simplistic route of just giving a high level overview. You can ask questions or Google your heart out to find the missing pieces. The purpose of this document is to inspire you to build a homelab, not a full step-by-step so here we go….

    Proxmox is a free, enterprise grade, open-source virtualization platform that allows you to run multiple virtual machines on a single host machine. This is a great way to experiment with different operating systems and software without having to dedicate a physical machine to each one. Docker is a containerization platform that allows you to package an application with all of its dependencies into a self-contained unit. This makes it easy to deploy and run applications consistently across different environments. OpenMediaVault is a network-attached storage (NAS) solution that allows you to create a centralized storage pool for your data.

    By combining these three technologies, you can create a powerful and versatile homelab that can be used for a variety of purposes. For example, you could use Proxmox to run a virtual machine for your Ghost blog, a virtual machine for a web server, and a virtual machine for a media server like Plex. You could then use Docker to deploy containers for additional services, such as a database or a development environment. Finally, you could use OpenMediaVault to create a centralized storage pool for your data with NFS or SMB, such as your blog posts, media files, and backups.

    Links

    Proxmox Server Solutions
    Proxmox develops powerful and efficient open-source server solutions like the Proxmox VE platform, Proxmox Backup Server, and Proxmox Mail Gateway.
    Proxmox

    Proxmox – Virtualization

    Docker: Accelerated Container Application Development
    Docker is a platform designed to help developers build, share, and run container applications. We handle the tedious setup, so you can focus on the code.
    DockerSimeon Ratliff

    Docker – Containerization

    Kubernetes and Docker Container Management Software
    Portainer is your container management software to deploy, troubleshoot, and secure applications across cloud, datacenter, and Industrial IoT use cases.
    logo2 min read

    Portainer – Kubernetes and Docker Management

    Proxmox VE Helper-Scripts
    A Front-end for the Proxmox VE Helper-Scripts (Community) Repository. Featuring over 200+ scripts to help you manage your Proxmox VE environment.
    Proxmox VE Helper-ScriptsBram Suurd

    Proxmox Helper Scripts to Launch Servers Quickly

    openmediavault – The open network attached storage solution
    openmediavault is the next generation network attached storage (NAS) solution based on Debian Linux. It contains services like SSH, (S)FTP, SMB/CIFS, AFS, UPnP media server, DAAP media server, RSync, BitTorrent client and many more.
    openmediavault

    OpenMediaVault – Network Attached Storage

    Ghost: The best open source blog & newsletter platform
    Beautiful, modern publishing with email newsletters and paid subscriptions built-in. Used by Platformer, 404Media, Lever News, Tangle, The Browser, and thousands more.
    Ghost – The Professional Publishing Platform

    Ghost – Content Management

    Get Started

    I am building this on a 12 year old Dell Optiplex 7010 with an i7 CPU, 12 Gb RAM, and a 240Gb SSD. It’s not much, but it’ll more than get the job done and get you on your way to building a new homelab or expanding your current one.

    We will start off easy, but also be fully functional by the time this is done. On top of Docker we will run 3 service VM’s. Nginx Proxy Manager, Ghost CMS and Watchtower. Ghost is the server we will present to the world. Nginx Proxy Manager will handle SSL offload and some security fundementals. Watchtower will keep the Docker containers updated. Docker will be managed via Portainer giving a very well polished and extensable Web UI for building your homelab. Essentially, this is what we are building:

    Bottom Up – Hardware –> Proxmox –> Hypervisor –> OS’ –> Docker

    Proxmox

    Here’s a tl;dr without the actual long read:

    Here’s a starting point for IP’s and resource allocation.

    hostname ip/url cpu ram disk1 disk2
    pm1 https://192.168.254.5:8006 8 Cores 12Gb 240Gb
    ovm1 https://192.168.254.6 2vCPU 2048Gb 32Gb 50Gb
    docker1 https://192.168.254.7:9443 2vCPU 4096Gb 16Gb

    Download and Install Proxmox on your hardware. Use the information presented in this post to answer as many questions as you can. This has been done a thousand times over and well documented on the internet. Proxmox’s wiki is a great reference.

    1. Download ISO – https://enterprise.proxmox.com/iso/proxmox-ve_8.3-1.iso
    2. Use Etcher to copy that ISO to a USB drive – https://pve.proxmox.com/wiki/Prepare_Installation_Media & https://etcher.io/
    3. Use the USB drive to install Proxmox on your hardware – https://pve.proxmox.com/wiki/Installation#chapter_installation

    Once you have Proxmox installed, login via the browser to the IP you set the server to. In the example here https://192.168.254.5:8006.

    OpenMediaVault

    Download the ISO for OpenMediaVault to your computer and upload that ISO to “local” storage on Proxmox. Use the information above as a reference. From there we install OVM via Proxmox’s UI. In the example here we create a VM with the OVM ISO using mostly defaults with 2vCPU Cores, 2Gb RAM and a single 32Gb Disk. You can create the 2nd 50Gb Disk for NFS here as well. Then we login to OVM’s UI, do updates, change any settings we need to (timezone, password, IP, etc.). Then we provision the 2nd disk as an ext4 filesystem, create a /docker shared folder and finally expose that shared folder via NFS.

    1. Download OVM ISO – https://sourceforge.net/projects/openmediavault/files/iso/7.0-32/openmediavault_7.0-32-amd64.iso
    2. Upload the OVM ISO to Proxmox via the Proxmox UI
    3. Create a new VM via the Proxmox UI with the following: 2vCPU Cores, 2Gb RAM, 2 Disks (1st a 32Gb for the OS and a 2nd 50Gb for NFS)
    4. Login to the OVM UI and make your settings changes, run updates and do a final reboot before starting the rest.
    5. Create an ext4 filesystem on the 50Gb disk.
    6. Create a /docker shared folder
    7. Expose the /docker shared folder via NFS with the following: client – 192.168.254.0/24, permission – read/write, extra options – subtree_check,insecure,no_root_squash. Click Save, then Apply.

    Ubuntu 24.04 LXC w/ Docker

    For this step, we’ll be using Proxmox VE Helper-Scripts to install an Ubuntu 24.04 LTS LXC (linux container) that installs Docker and Portainer for us. There’s a few modifications we need make in addition to deploying the LXC like modifying the LXC conf file on the Proxmox Host, permissions related settings on the LXC guest, and then the NFS client setup. After that we’ll be able to deploy some Docker containers and start having fun.

    1. From your computer go to https://community-scripts.github.io/ProxmoxVE/scripts?id=docker and copy the .sh script URL to your clipboard and paste it into the Proxmox Console (I recommend opening a new console or using SSH on the Proxmox host) and paste the .sh script URL. This will kick off an installer script prompt that you’ll need to answer.

    I rarely go with defaults for this for some reason so here’s what I do:

    Select Advanced Then…

    • Container: Priviliged
    • Hostname: docker1
    • Disk size: 8Gb
    • CPU: 2
    • RAM: 2
    • Network: vmbr0
    • IP Address: 192.168.254.6/24 #make this your IP
    • Gateway: 192.168.254.254 #make this your default GW
    • Disable IPv6: yes
    • DNS Search Domain: blank
    • DNS Server IP: 1.1.1.1 #or whatever you use
    • VLAN: blank
    • Root SSH: yes
    • Verbose Mode: no
    1. After your LXC Container is deployed, use the Proxmox UI to shut it down. Take note of the ID Number of the LXC Container you crated. Then from the Proxmox shell you’ll need to add a line to that container’s config file with this command:
      echo -e "lxc.apparmor.profile = unconfined" >> /etc/pve/lxc/103.conf #the 103 needs to be replaced with your ID Number of the LXC you created.
    2. Now under that LXC in the Proxmox UI, you’ll want to go to Options –> Features and check NFS, Fuse and ensure Nesting is also checked. Save and start the CT.
    3. Login to the Docker server with SSH
    4. Create a new user with useradd dockeradmin
    5. Set the password with passwd dockeradmin
    6. Add that user to the /etc/sudoers file with the following syntax:
    visudo /etc/sudoersdockeradmin ALL=(ALL) ALLcontrol XYEnter
    1. Run the following commands:
    apt update && apt upgrade -yapt install curl gpg nfs-common -ymkdir -p /opt/docker
    1. Modify the /etc/fstab to permanently mount the newly minted NFS share from OMV with the following:
    echo -e "192.168.254.5:/docker /opt/docker nfs vers=4.2,rw,hard,intr 0 0" >> /etc/fstab
    1. Reboot the Docker server, log back in via ssh and run the command:
    mount | grep nfs

    If you see the mount, you are good to go onto the Portainer step.

    Portainer

    Portainer was installed during the LXC script process (or should have been). It’s pretty easy to install if you missed that step. In Portainer, I like to use “Stacks” as it helps me keep track of the docker compose elements I run as well as modify later without the feeling of starting from scratch…or doing everything from VI/CLI.

    Let’s deploy our 3 stacks. Below will be 3 already modified compose.yml files that you’ll copy into Portainer’s Web Config under Stacks. Modify the particulars if you know what your doing. You’ll notice the volumes use the previously created /opt/docker directory that is NFS mounted to OMV.

    services:  app:    image: 'jc21/nginx-proxy-manager:latest'    restart: unless-stopped    ports:      - '80:80' # Public HTTP Port      - '443:443' # Public HTTPS Port      - '81:81' # Admin Web Port    environment:      DB_SQLITE_FILE: "/data/database.sqlite"      DISABLE_IPV6: 'true'      INITIAL_ADMIN_EMAIL: [email protected]      INITIAL_ADMIN_PASSWORD: reallySTRONGpassword    volumes:      - /opt/docker/npm/data:/data      - /opt/docker/npm/letsencrypt:/etc/letsencrypt

    Nginx Proxy Manager Docker Compose

    services:  ghost:    image: ghost:5-alpine    restart: always    ports:      - 2368:2368    environment:      database__client: mysql      database__connection__host: db      database__connection__user: root      database__connection__password: REALLYstrongPASSWORD      database__connection__database: ghost      url: https://fqdn.publicsite.tld #UPDATE THIS WITH YOUR HOST.DOMAIN.TLD    volumes:      - /opt/docker/ghost/content:/var/lib/ghost/content  db:    image: mysql:8.0    restart: always    environment:      MYSQL_ROOT_PASSWORD: REALLYstrongPASSWORD    volumes:      - /opt/docker/ghost/db:/var/lib/mysqlvolumes:  ghost:  db:

    Ghost w/ MariaDB Docker Compose

    services:  watchtower:    image: containrrr/watchtower    volumes:      - /var/run/docker.sock:/var/run/docker.sock    command: --interval 300 # Check for updates every 5 minutes    restart: always

    Watchtower Docker Compose