Some key points based on community feedback: 1. 7:20 we are specifying the maximum available resources to be used when needed. It does not mean all these resources are blocked. 2. 12:15 Never port-foward or expose SSH port to the internet. 3. 13:00 Its obvious but I should have mentioned, SSH with key is the best way to maximize security. Password is not.

I have a small thing you should consider in the future when running multiple commands in sequence. When you separate the commands with a semi-colon as in "apt update ; apt upgrade", if something went wrong with the update, it will still try to upgrade. If you look away after pressing enter, you will not notice the error from update, and might think that everything went as planned. Instead, consider using double ampersand as in "apt update && apt upgrade". Then, if the first command fails, it will not run the second, and when you look at the screen, the error message from the first is still visible.

@AnandsLab

Ай бұрын

This is a great point. I started out wrong and it became a habit that is hard to break. Thanks for nudge and sharing your point of view.

Many thanks for this detailed setup video and the guides, really appreciate

@AnandsLab

Ай бұрын

Glad you enjoyed it!

12:16 With tools like nmap, it takes an attacker less than one minute to figure out your SSH port, no matter to what you change it to. Just disable passwords and use ssh-keys for login.

@AnandsLab

Ай бұрын

This is the way to go. But majority of the hits I get on my server are on Port 22.

@casperghst42

Ай бұрын

I'd rather say; do not expose ssh to the internet - use VPN.

@AnandsLab

Ай бұрын

@@casperghst42 of course. Not sure if I mentioned it. To me it’s obvious but I should be more explicit about it.

@Thiccalus

Ай бұрын

do you know of a decent tutorial to go over implementing ssh keys?

@sybren-srb

Ай бұрын

who the hell allows port scanning on his firewall anyway?

Good video but you kept interrupting the screen with your fullscreen video, unneeded disruption when you've already got a webcam on screen

@AnandsLab

Ай бұрын

Thanks! Already being addressed in the newer videos :-)

@avertry9529

12 күн бұрын

That's why I hate Tiktok, you don't need to see the person talking and hand talking videos, are the worst. Rant over, I finally got it out.

Brilliant!! Bravo for your decision to start from scratch the old way!! To follow!!

@AnandsLab

Ай бұрын

Thanks!. Quick question. By "start from scratch the old way", what do you mean exactly?

@reyastaroth

Ай бұрын

@@AnandsLab I mean build the stack manually and not the automated Trafik script. Trafik auto is good, I tried version 2.0 but it had some errors and I left it. I prefer to have control of the containers and know why things happen. In fact, I recently installed Truenas (barmetal) on HP Microserver and I want to mount the plex, sonarr, jacket stack on proxmox (mini pc). Downloads on a synology DS218+. Your tutorial fits me like a glove. Thank you!!!

Many thanks Anand I'm pretty new to all this and up til now ive had docker running via a casaOS VM. I will be ditching that now and going forward with a Docker LXC for the future :)

@AnandsLab

8 күн бұрын

Great. CasaOS is great. But building from scratch and learning is the fun part.

very good guide, ty

Anand, thank you for your time in providing this tutorial. I have successfully initiated the docker engine in a container with all of the steps shown in your video. Do I have to create a new container for each docker application that I want to run in Proxmox?

@AnandsLab

25 күн бұрын

No. One lxc with docker can run as many containers as you want. In fact my home server lxc runs about 50 docker containers

@fourex59

25 күн бұрын

@@AnandsLab I think you may have misunderstood my question. I was asking if I am limited into running a single docker service or application per container?

@RaduRadonys

24 күн бұрын

@@fourex59 What do you mean by "container"? The LXC container or the docker containers inside the LXC container? Your setup should be like this: 1 single LXC container in Proxmox, then install docker in this LXC container, and then install all your docker application on that docker instance.

@fourex59

24 күн бұрын

@@RaduRadonys Ok thanks that answers my question. Should I start off with Portainer as my first application?

@RaduRadonys

24 күн бұрын

@@fourex59 Yes you could definitely do that, that's what I'm doing too. And then you could use Portainer to install all remaining apps that you want.

One Question on Debian 12.5: - I install the Debian 12 Minimal install - I then install docker - I created two nginx container, with ports 8080 and 8081 respectively. - I then make sure that I can access each container site, plus ping the Debian host. - Now I install UFW, allow port 2052/tcp, then enable it. - I can still ping the Debian host & also access the two nginx site { WHY ??? } My question: How can I block everything and only allow access to ports that I need, like 2052, 8080, 8081/tcp?

@AnandsLab

Ай бұрын

This is a docker problem and one reason why some prefer podman. Docker by default adds firewall rules to allow traffic to all containers. Take a look at ufw-docker on GitHub.

How does including LXD alongside LXC change things? I am still having difficulty understanding LXD.

@zparihar

Ай бұрын

Proxmox is not using LXD. I would ignore it in this case

I’m planning my first Proxmox install and plan on using Docker. Tteck has a number of helper scripts, including a direct install of a Docker LXC without loading Ubuntu first. If I’m only going to use the LXC for Docker, is there any reason to have it nested in Ubuntu first? Thanks!

@AnandsLab

8 күн бұрын

Although i am familiar with Tteck's scripts, I am not familiar with his/her Docker LXC. I assume it also use Ubuntu/Debian as a base inside the LXC anyway and is nested. I try to run it and do a quick check.

I would not do this, I ran docker in proxmox lxc containers and then a kernel update came out and wiped out all my dockers inside those lxc containers. Its written all over the forums not to run docker in lxc containers yet theres so many new videos on how to do it. 🤦

@AnandsLab

24 күн бұрын

This hasn't been my experience. I have been using this setup since Proxmox 6 with no issues. I do not recommend anything in my videos that I haven't be using myself. Can you share specifics. The only issue I have heard is very recently (proxmo 8.2???) and this video came out before that. So please elaborate.

7:20 you are not allocating cpu cores or memory. You are just giving the limitation. This is advantage of LXC. If im wrong correct me.

@AnandsLab

Ай бұрын

Yes, good point. Thanks for clarifying. It is the upper limit. This does not mean all the allocated resources are used.

16:00 Why you dont use Proxmox firewall instead?

@AnandsLab

2 ай бұрын

That is definitely an option and offers a firewall outside the system. I tried to showcase something that could work not only for Proxmox LXC but also barebones Ubuntu.

I also have it in lxc Containers with zfs in proxmox. It works but Backups are not restorable

@AnandsLab

Ай бұрын

What??? I just recently switched to zfs. I have to check the backups then.

@firefox7530

Ай бұрын

Well, I cannot even take backups anymore of my docker LXC. The proxmox guys clearly do NOT advise to install docker on proxmox. They are strongly against it as mentioned several time in the proxmox forums on people who have problems with docker on proxmox.

@ggoessler

Ай бұрын

@@AnandsLab have you also some issues?

@Jarek.

12 күн бұрын

What does it mean "not restorable"? I've restored a VM last week, Proxmox 8.2.2 on ZFS.

Try docker swarm. I gave up trying lxc. You may run into issues running HA when clustered.

@AnandsLab

Ай бұрын

Unfortunatley, this is not something I have to tried. My homelabs are simple and have not had the need to have HA until now. May be one day. I will keep this in mind.

@ruukes4770

Ай бұрын

What is HA

@RaduRadonys

24 күн бұрын

@@ruukes4770 High Availability.

@bouboul3597

24 күн бұрын

@@ruukes4770 high availability. It is an architecture to ensure uptime of a service.

@iuhere

16 күн бұрын

​@@ruukes4770my guess would be home assistant. it is a way to aggregate different smart devices to one place .

Becareful, ufw does not work with docker containers! You will have all container ports opened to internet.

@AnandsLab

Ай бұрын

Yes, this is correct and something to watch out for. Its why UFW-Docker is nice to implement so you can continue to leverage the networking capabilities built into docker while also respective the firewall rules.

@fbifido2

Ай бұрын

@@AnandsLab I tried UFW-Docker, in 2024 it does not work. to protect my containers, i just install UFW in the docker container itself.

@fourex59

26 күн бұрын

@@AnandsLab So does this mean that we should or should not apply the three lines of instruction to create the firewall? I do not want it to be accessible over the Internet. Thanks

At kzread.info/dash/bejne/X46Hs8aDZpXYXbQ.html Im not receiving these Get statements. All of mine are "Ign" instead of "Get"

@AnandsLab

Ай бұрын

Sorry, I do not understand your comment. Can you explain?

@harbinjar

Ай бұрын

Nevermind I think my static ip was invalid.

We are learning of you and you are supposed to be showing us what you are teaching us, please after introduction I think it will be better to leave your face at the corner of the video and leave what you are teaching more on the screen so that we can follow better otherwise I am fighting more to pause to see what you want to show and teach between your face. Just a humble opinion, thank you.

@AnandsLab

Ай бұрын

Feedback noted🙂