Proxmox based Home Lab beginners guide (use Proxmox as your home server!)

1. Introduction: Hi, everyone, and welcome to this Proxmox based home lab training. My name is Marko Bukowski, and in this tutorial, I will show you what an amazing tool Proxmox is. It will let you run entire home server, including various operating systems to fiddle with. We will also see how to turn it into home media platform by deploying so called R apps, and we will also have some fun by running, for example, entire Windows operating system in a Docker container. Generally, we will go through many examples of how you can utilize it at home and how you can widen your knowledge by using Proxm. You have no idea what Proxmox is and you have never touched anything Pxmox related, that's great because we will do everything from scratch here. As a project, you will build your own virtual machine on top of Proxmox with specific parameters provided, and if you also want to learn more, not only about Proxmox but about Linux or programming or Cloud, then I also encourage you to have a look at our automation Avenue platform where you can find hours and hours very good IT related learning materials. Let's waste no time then. In next video, you will see what Proximox is and also how to install it. 2. What is Proxmox and Proxmox installation process: In this video, I want to present how to install Proxmox virtual environment. If you're not sure what Proxmox is, the Proxmox is Type one hypervisor, or in simple words, it's a Debian, so it's a Linux distribution based operating system that lets you easily run other operating systems. What I mean, once you have Proxmox installed, you can then also install various like Windows, Linux, and other operating systems on top of that Proxmox hypervisor. You can run all those operating systems at the same time. The role of Proxmox is to distribute the resources like CPU or memory. It will distribute it dynamically to each of those operating systems. You can also run something called lexi containers or Linux containers on Proxmox. But don't worry about it too much because I know they are weird names and at this stage, you should just be aware that you will be able to run all those operating systems and all those Alexy containers at the same time when you have that Proxmox installed. They can all run simultaneously. How to install that Proxmox then? Got a very cheap sell around 5,100 based four core minipC that I bought for, I think, around 60 pounds or something like that, which is around $70, I guess. Well, I had to add some SSD and the memory because it didn't have any when it arrived. I will show you today the installation process on that minipC. But in fact, you can install Proxmox on nearly anything. You can install it on old laptop, old PC, or even on some network attached storage devices. To first install Proxmox on that mini PC, you first need to download Proxmox VE ISO from Proxmox website. Also need USB drive. I've got a 16 gig sound disc SSD drive here, but I think even 4 gigabytes is more than enough because the ISO image is 1.5 gig, but you have to be careful because we will erase all data from this USB drive in the process. So make sure you don't have anything important on it, or you simply copy it somewhere else. So we need to insert it to laptop or PC, any other device, and then we just Google Proxmox download. That's it. First link at the top and see not only Proxmox VE, but you will also see Proxmox backup server and Mail gateway. But we are interested in the first one, the top one, Proxmox VE, 8.4, and we click that Download button. The fact that it's Proxmox 8.4 doesn't really matter because the installation process didn't change for years. You will see the process is very similar even if you run different version of Proxmox. We just wait for the download to complete. And next, we need a program like Rufus, ballena etcher or other that is able to create bootable USB drives. As you can see, I use ballena Etcher for that. Already have my USB inserted. I just start BalanaEcher. I will pick the image we just downloaded, and then I will choose the Sam disk QSB drive as my destination. Then Blenaecher will do the rest. At the end of this process, you will see a lot of rubbish thrown by Windows, but don't worry about it. This is because Windows does not recognize that drive and partitions anymore, but that's what's expected. You can close all of that and just eject the USB. The process is now completed. We have Bable drive now. Now let's go back to my mini PC then. I have that Ram and SSD installed now. Next part is to check some bios settings. From my experience, most of the devices should have already bias configured correctly for what we need to do here. But to keep this guide complete, let's just have a look at the bios option because maybe in your case, you will need to change some settings here. I connected the power cable and Ethernet cable to connect it to my home network. But at this stage, we also need a keyboard, mouse, and an HDMI cable connected to my monitor for those bios checks and for Proxmox installation process. But once that Proxmox is installed, you can disconnect the keyboard, mouse and HDMI cable because Proxmox can be controlled remotely over our home network. You will see what I mean. You can see, I didn't insert the USB drive yet, but it shouldn't really matter if you do it now or later. To get into my bios on this minipC, I have to start my minipC and then I keep pressing the delete key on my keyboard. But depending on the bios, it might be a different key like F two or F 12, for example. So you have to figure out which key you have to use to get into the bios on your machine. We're in bios, we are interested in advanced options in CPU configuration, I have to make sure I have virtualization enabled. I have Intel processor, so it's called VMX. But if you have AMD processor, you should be looking for something like AMD V or something similar and simply make sure that option is enabled. This is interesting because security, you can see secure boot. I heard in many tutorials that you have to disable that to install Px Mx, but that's interesting because I've never done that. It's been always enabled here, and it's been working fine. But I don't know, maybe simply it doesn't matter. What we need, though, is the boot sequence, and you can see boot order priorities, and we need to have our USB device as the first option. I mean, at least, it has to be before our hard drive boots up. But I don't have to change anything here because it's already set to USB device as a first boot option. So now I insert the USB drive But if you've already done that, that's fine. It doesn't really matter. But at this stage, you have to have it inserted and I go to save changes and reset, this might look confusing, but reset really means just reboot. I will not reset any settings. I will just save the changes and I will reboot the mini PC and it should boot from the USB drive now. That's me in the background, hello and here I need to choose the first option, which is highlighted by default, install Proximo V graphical. You will be presented with license agreement, super exciting lecture that everybody reads, I guess, you simply have to click that I agree in the bottom right corner. Now we have target hard disk options. In my case, it's very easy because I only have one drive, the SSD drive that I've just installed. But it might not be the case for you. Maybe you have multiple drives. Maybe you have machine I don't know, ten hard drives and four SSD drives. I don't know. What I want you to be aware if we click on those options, by default, the EXT four file system is chosen, and I'm okay with that. But if we click on that drop down Wu, you will see that the XFS is available, but also ZFS and better FS. The ZFS is really interesting one and you can see it has many rate configurations, which can be used for either speed or redundancy reasons. But at this stage, I only want you to be aware of that. If this is your first Pxmox installation, then picking the ZFS option or ZFS, I should say, might not be the best option because there are some bits and bobs that you have to know about to make sure that FS is really what you need. And we will talk about ZFS a little bit later. So for now, let's just leave that EXT four file system, but just be aware that you can change that setting here by clicking that Options button if you want to have different file system for your boot system drive, okay? So let's just click next in the bottom right corner. And here we have to choose the country, and the time zone and keyboard layer should be chosen automatically, so just click next. And here you pick the password for your root user. So you have to type in the password, and then you have to type in again just to confirm. Regarding the email, it's up to you if you want to use your email, but any email will do, even the fake one. There's nothing wrong providing your email here because you might have some notifications from Brock Mx when something goes wrong. Yes. Now we have management network configuration tab. If I click on those interfaces, you can see I've got four available, but only one with green light. But maybe you've spotted already that I have a network interface card with four ports, but only one cable connected, so it's chosen automatically. Second option, host name is if you wanted to use it instead of IP addresses if you need a fully qualified domain name, that's something you put here. You can change it, but I will leave it as it is. But next thing is the IP address, the gateway, and the DNS server. And what's that IP address, first of all, where the Proxmox took it from? This Proxmox configured this IP address as 196-168-1115 because that's the information it got from my DHCP server, and everybody has a DHCP server at home. It doesn't matter if you are aware of that or not. The DHCP server or dynamic host configuration protocol server, in most households will run on the router or in one device, let's say, that you received from your Internet service provider. All your home devices will get the IP address from that DHCP server or service. Proxmox will work perfectly fine if you just accept what's here. You can right now click Next. But well for your laptop or phone or whatever device or TV, it doesn't matter what IP address it has. For Proxmo you are much better off to have a so called static IP address. And I will try to quickly show you how to assign static IP address without making it like, DHCP training video. So basically, what I have to do I have to log on to my router, the device that I got from my ISP provider. You will find the credentials, how to log onto it. You will find the credentials on a little sticker on the device itself. It will say like a management IP or something like that, and the credentials will be there. For me, I know the address is 192 1681 dot. Username is Admin and the password, I have to read it from that sticker and that's it. I can configure now this device, this router. What I'm interested in is the N portion. I have it here in the bottom right corner. You can see it's the same IP address that I just typed in my browser, 192168 dot one. It's this device itself, and then below is the IP address range. When I see range, that means it's something DHCP related. You can even see DHCP is enabled on the next line down. If we just go to the tab, can see again on the left is the IP address of the device itself. Below is something called a subnet mask, and on the right, you have the beginning IP address and the ending IP address. And the ending IP address will usually be set to.254 or something like that. But I change that number to 200. Why do I change it to 200? Because I'm narrowing down the scope for the IP addresses that DHCP server can assign to other devices. All my home devices, if they get the IP address from this DHCP server, they will only get IP addresses from the range 19216813 up to 192168 1200. And that remaining range, which is from.201 to.54 is available now for me, and I can assign those IP addresses statically for any devices I want to configure statically. What I usually do I'm not saying that you should do the same, exactly the same, but I just want to tell you how it works in my network. I usually assign 192.168 1201 to the Proxmox itself. This is the first available static IP address. And what I do next, once we start creating virtual machines and ELAxy containers, et cetera, they will have so called IDs, like VMID or container ID, and everything I run on my Proxmox, I will also set static IP addresses for those devices. I create virtual machine with ID of two oh two, then I will statically assign IP address of 192.168.1.202. If I create container with ID, let's say, 210, then I will assign statically IP address 192.168.1.210. It makes life so much easier. I know it's more difficult at the very beginning, but it's so much easier later on to work with all those virtual machines and containers in the Proxmx environment. If we go back, so you can see the gateway, that's the default gateway I meant. And the DNS server can also be left as it is. But the IP address for the Proxmx itself, I will change it to 201, and I can be sure this IP address is available because none of the devices in my home network will be able to get IP address from range of two oh 12254. I know it's complicated. Don't worry about it. It's very difficult to explain everything about DHCP in 2 minutes. Here, it looks like a summary, but it's pretty important button at the bottom. Automatically reboot after successful installation. And that's actually something I want to untick and only then I want to click Install. The installation process will start and we just have to wait. But, you know, that tick, I don't know why it's there by default because by unticking it, it's easier to remove USB drive in right time. If after installation, this device rebooted, it would still try to boot from that USB drive. So we have to remove it first. Otherwise, we will have a vicious circle, you know. Our mini PC wouldn't want to boot from the hard drive, from the SSD drive. I would want to boot from the USB drive, which we don't want because this process installs the Proxmx on the SSD right now. You get the message that installation was successful and look at the next steps. It says reboot and point your web browser to the selected IP address on port 8006. You can write it down because that's how you will access your Proxmo server. As you can see, the IP address is exactly what I assigned statically, 192-16-8120 we need port 8006 to access Proxmox user interface. I will remove the USB drive now and I will click that reboot. Now my minipC will reboot, but now it will boot from the SSD drive and this video looks terrible. Sorry about that. But it doesn't really matter because that's not how we're going to use our proximo. Basically, now, you can simply turn it off. We know everything works as expected. We can disconnect the keyboard, the mouse, the HDMI cable. You can hide that mini PC wherever you want, and from now on, you can use other laptop or PC or whatever device you you can access your Proxmx remotely by just using your browser. So it's 192-16-8121 on port 8006. The username is root and the password is the one that you created during the installation process, and that's it. First thing you will see is no valid subscription. You do not have valid subscription for the server, but don't worry about it. Nothing wrong about it. This is simply true. I don't have valid subscription, but it doesn't really matter. We can just click Okay or close it simply because we will fix this and some other things by running just one command. But let's first have a look what's here. In that data center summary, you can see the status is green. The bottom, it will show again that information about no subscription, but don't worry about it. Then if you go to storage, you will see local and you will see that the content is for backups, ISO images, and container templates. This is the default location where all those items will go, you will see it later on. Below is the Local LVM, and this is the default storage for disk images and the containers. But this is something you can reconfigure if you have more disks. You can point it to different locations, and this is the place where you can even reconfigure. Maybe your backups will be completely somewhere else. I saw images again somewhere else. You are free to reconfigure it the way you want. But I will leave it as it is. I have only one SSD drive anyways. If we click that PVE and the discs, you have again that LVM and that LVM, as you can see, it's red. But it doesn't mean there's something wrong with it. They simply it's simply assigned space to LVS rather than used. Might be a bit confusing. Never mind. No worry about it. Especially if you have one drive only, that I think always will be red. And the LVM thin, you can also have the information about that. But then you have the ZFS again. For me, it says, No discs unused because I only have one disk and it is used by the proximox itself. But if you had some spare discs, you can keep attaching them to that mini PC, and then you can create ZFS pool, and you can create raid configurations, but you can see compression, A shifts, et cetera. This is like that's why I kind of omitted this topic because if you are just starting with Proxm is something you can hear about. But at this stage, I would just leave it as it is. Then if we go to that subscription, you can see we have no subscription key. Yes, because I didn't pay for subscription. You can pay for enterprise grade support, but for my home usage and for everybody at home, it will not be needed, probably. I am fine having no subscription key. And it's not that it's not legal or something. Here in Data Center in support, it will also say no valid subscription. Again, that's fine because I want to use Proxmox for free, and they let me use it for free. And we could fix that stuff manually directly there in Proxmox, but there is much easier way. If we Google Proxmox community scripts. And if we go to that first link, ProxmoxVE Helper Scripts. Really nice page. It was started and maintained by TTEch. It was very well known YouTuber that I really loved watching. Unfortunately, TTEch passed away, but these community scripts are now maintained well, by community. So there will be more than one guy now maintaining this rep very, very useful for running loads of stuff using just one command, which you will see shortly. Let's click that view script. You will see all the scripts available. There are different categories, and the one that we are interested in is Proxmox and virtualization. And here we should see somewhere it's over there, Proxmox VE, post install. So it's the script that you are supposed to run when you complete Proxmox installation. And instead of manually changing million things, this one script will do everything for you. You can see that you have to run that command in Proxmox VE shell only. That means I will copy this command here on the right. You can copy it because it's pretty long, and it even tells you, be careful when copying scripts from the Internet. Always remember to check the source. And the source script is also available, so you are free to check that, but I know that it's okay, so I just copy it and we go back to Proxmox to the PVE, to the shell. That's where they ask us to run it, and I just paste it. I just press Enter and it asks me a series of questions. Do you want to run that post install script? Do you want to correct the V sources? This is the packages are available for my Proxmax server, and I say, yes, and now the repository. Currently, what is configured and why I get those errors, I have Proxmox configured to PVE repository, and it's only available to users who have purchased the Proxmox subscription. But I didn't purchase the subscription, so it asks me, do you want to disable PVE Enterprise repository? Yes, that's what I want to do. I just click Enter. And it asks me if I want to switch to a repository called PVE No subscription, which is for users with no subscription. Yes, that's exactly what I need. So I just click Enter again. Now, the safe package repositories. I'm not going to use SefRD but I just click the PVE test repository you can give advanced users access to new features, blah, blah. Well, it's up to you. I will click yes, but really, I'm not saying that you should click, yes. It's up to you if you want to do that or not. But I don't mind, and now I just click Okay. Now it asks, if you plan to utilize a single node instead of a clustered environment, that's exactly what I want to do. My setup is very simple, single node, no HA, so I can disable high availability. The Px Max will use less resources. It will write less stuff to the disk. I'd say yes and even says, you enable it later on if you want to. You're not losing something permanently. It's fine. Coral sings the stuff that might write a lot of things to your disk. I believe that's the main reason why it asks if you want to disable it. Again, you can explore if you need it or not, but I definitely don't want it, and I want to preserve my disc for longer. I want to disable it. Update Proxmk should be pretty up to date, I guess, but yes, especially now when it's new install and nothing is running on it. It asks if it should reboot the proxmox. And after bigger changes, yeah, it's usually a good option, especially now when, as I said, there is nothing running, so we definitely want to reboot it. So it might take a while. You can see connection closed, but it will only be there for a while and the proxmox will be up and running in a few seconds. Maybe a little bit longer. I heard a little beep, so it's now reboot. I go to PVE summary, I can see the spike on my CPU. That was the reboot. You can see the processor for core Celeron and 5100. Now the proximaxV updates are green and the repository is not green. It's like a little warning saying non production ready repository enabled. With no subscription, that's all we can do, so it's fine. If you click that, it says the no subscription repository is not recommended for production use, which is fine. My home is not a production environment, but I get updates for ProximxV. You are wondering the subscription, it will still say there is no subscription key. That hasn't changed, because I still haven't got subscription. So this is also expected. But basically, the process is now completed. You can now start creating virtual machines in the top right corner, for example, create VM. So you can create virtual Windows machine or Linux machine or whatever you want. And you can see the VMID. That's what I mentioned. If I use two oh two as my virtual machine ID, I will also 192.168.1.202 static IP address. It's so much easier. You just check the virtual machine ID and you already know the IP address. You don't have to look it up. You can also create LLC containers. Also can change ID and match the static IP, the last digit of the static IP to match the container. E. The installation and preparation of your Proxmx server is now completed. In the following videos, you will see what virtual machines or containers you can run, how to turn your Proxmox into home media streaming platform using so called R STAC or how to bind some storage between different virtual machines. I hope to see you there. Thank you. 3. Five things to do after Proxmox installation: In this video, I want to share with you five things that should always be done after installing Proxmox. And if you are not sure what Proxmox is or how to install it, we have dedicated video covering that, so please watch that one first. But I'm assuming you've now installed Proxmox and you just wonder what to do next. And the fact is, regardless of what you plan to run on your Proxmox server, there are five essential steps I always follow for every setup unless that setup is for testing or experimenting, I mean. Because these steps are either necessary for Proxmox to function properly or they are designed to make your life easier simply. Let's get started. This is fresh install of my Proxmox V and the first step is pretty obvious one. That's because if you just log on to your server, you can already see what I might have been talking about. It says no valid subscription. You do not have valid subscription for this server, and you know what? It's fine. Yes, I don't have subscription, but every new build, every new server, you can figure by default, we'll use so called enterprise subscription. Yes, of course, you can purchase enterprise subscription, but I don't think a home user, that's what you really want to do. For us, home users, the first things we should do is to go to that repositories. I mean, on the left, here we've got data center, yes, and under the data center, you've got so called nodes. By default, the node is called PV. I didn't change that name, and selecting that node, you can now go to those repositories, and this is where you can change them. You can see we've got Enterprise Proxmox W PVE. Yes. We want to disable it because we don't have a valid key for that. We didn't purchase enterprise support. But what we can do, we can add to click that again, we can add the so called no subscription repository. It says it's for testing and non production use, and it's fine. I've never had any problems with no subscription repository configured. I will add that and now look at the top. It says, you get updates for Proxmox VE, which is cool. We can go now to these updates. I say refresh. Sorry, I try to be too quick. You can see what the problem is. We've got also Sef squid and you might have other repositories that have to be updated as well. If we go back, you can see here we still have enterprise. Trying to be too quick with that. We disable that as well, and you can also add if you want. There are subscriptions for Sef as you can see, Sef squid no subscription, you can add that. We simply have to make sure that there are no enterprise subscriptions enabled. You can see this one is disabled, this one is disabled. Yes, now it should be fine. We go to updates, we do refresh. And now it should work. Let's wait wait for a while and now we can see task ok. That's what we want to see. That's perfect. The last thing to do, I think it's always when we do not have any virtual machines, any LLC containers, I think that's the great point to also run upgrade. This button will run so called a disc upgrade, which will simply pull all the new packages for our Proxmox. I just have to say yes and we just wait. That might take a while, and this will simply make our Proxmox up to date. As you can see, it says, Simu installed kernel update. Please consider rebooting, and when is the best time to reboot it right now is when our Proxmox is just freshly installed and nothing else is running. So I say reboot. We can see disconnecting. We have to wait I shouldn't take long. The Proxmox is rebooting now. Now, it's okay. So if I refresh it. I don't know if you noticed, but we had Proxmox version nine, 03, and now we have version nine, 011.Thise command simply pulled the latest version of everything, including the Proxmox V itself, which is great. That's what we need. That's the first step completed. We've got repositories configured, and we've got Proxmox up to date. Now the second step. You have already seen one thing that might be pretty annoying. Let me log out and log in again. I login, it still says you do not have valid subscription for this server. Well, yes, I use that no subscription repository. Basically, every single time I log on, I will get this message. But I'm using no subscription and I'm okay with that, but I don't want to see it every single time. It's also called NAG message, sometimes. What we can do, we can press this is Opera and I'm on MAC, so it will depend on what device you are on. But for me, it's command option I that will open the developer tools, and this basically will tell you more about what is displayed here. We can see that the source files are the QR code and proxmogslib dot JavaScript. We want to amend this Proxmox slip JavaScript to get rid of this message. I mean, if it's not annoying for you, it's fine. You can leave it as it is. But I always remove that message. I don't want to see it every time I log onto my Proxmox server. You have to find this Proxmox slip. You can use find command, but I can simply show you where it is. I say, Okay, hopefully for the last time, I will not see that message anymore. We go to Shell, still being in the node, selecting node. I go to, I say CD, user, share, JavaScript, Proxmox Widgit toolkit. If I run LSL, this is the file we are interested in Proxmox lib dot JavaScript, JS. But what I would do first, I would copy it. I say copy Proxmox J, Proxmox Lib JS, and I copy, I will call it Proxmox lib dot js dot backup. So if we're on LSL now, we've got backup of this file just in case if something goes wrong, yes. And now I want to change this file a little bit. I say, no, no, Proxmox lib dot gs. I press Enter, here is very long file. But you can see here Control F is where is. It's simply a search option. So I press Control F and now I can search for checked underscore command, and I press Enter. You can see this line that says check command, function underscore CMD. And what I want to do here, after this curly bracket, I press Enter, I press space now until I am at the same level at this Proxmox utils below, and now I say basically that orig CMD. And parenthesis and now semiclum. We simply call this function right now. I don't want to go too deep into it. You don't have to worry about I don't want you to if you don't know about programming anything, you should still be fine. You just press Enter, press space again until you are at the same level and you say return. And also semicolon. What this basically will do, simply, it uses that function, but it calls this function and returns right here. It basically just loops quickly here and it doesn't go any further, which means it doesn't perform any checks, what subscription I might have or might not have because I'm not interested in that. Now, when this file looks like that, I say, Control O, Enter Control X. Now this file is saved. I can even check that like CAT Proxmox ib Js. I say grab, check command. You don't have to do that. It's just to show you something. You can ignore that. And then I say dash after maybe two lines and before two lines. And we can see this is what it should look like. This is correct. Okay, let me clear that and we can also run system CTL restart PVE proxy. I believe the change might work even without it, to be honest. But just to make sure we run this command, then we are sure we restarted PV proxy is basically this. Whatever is displayed here, that's a PV proxy service responsible for displaying this this entire page. Now don't wait here. You just click somewhere else and go back to Shell. You can see this shell. We can use up arrow and I say status. You can see the proxy is running, PV proxy is running. It's running for 40 seconds already. That means, well, let me show you something. If I log out now and log back in, you say, Marx didn't work, did it? Well, it did work. Now it's only the problem with the browser itself because it remembers the old file. So what you can do, you should be able to simply copy it, just close that window, open another window, past again. And if you do that, well, I'm back in. So if I log out, login again, Oh, now there is no NAG message. But if just opening new tab didn't work, you can try to clear entire browser cache, or you can try simply using different browser, or you can even try using incognita mode in your browser because you might be pretty sure you did everything right. It's simply your browser still remembering the old file. Yes. It doesn't pull new file, it still uses the old file, and this information has to be refreshed. That's cool. We don't have any more NAG messages. I know I don't have valid subscription. I use non subscription repository and I'm happy with that, so I don't need this message to remind me about it every time I log on. All right. Next step. The next step is if we go to summary, this is a default information that is displayed. I can see I've got the processor with four cores, but we can make this page to display more information. Specifically, I'm interested in temperatures. I want to see what are the temperatures of my processor and any other temperatures if available. And we can use a website from Milox. I mean, it's his Github repo, and it's called PVE modes. So if you go to that web page, and if we scroll down here, you can see what it does. How look at all those temperatures displayed right here in the summary page. I want to have it too. And the only thing I have to do is to just scroll further and here it is, install instructions to be performed as a root, which is fine. Some of them are commons. They're really just three or four commands. But we can copy it all using these little squares. I copy all this information here and I just go to my Proxmox to the shell and I paste them. They say paste and presenter. The EM sensors package is being installed, and now we've got some questions here. Do you want to scan for the memory controller, CPU, blah, blah, blah. By default, it says yes. And I'm fine with that. So I just press Enter. Now it asks, it has some embedded sensors. Do you want to scan for sensors? Yes, yes. I just basically, I just press Enter because I'm happy with most of those answers. Here is no chosen by default, I just press Enter. Yes. Here we've got yes, by default chosen, so I press Enter, Enter, Enter, Enter, Enter, Enter, Enter. It asks if temperatures for all course or average per CPU, by default is for all course. Yes, that's fine. Press Enter. Temperatures Celsius or Fahrenheit. For me, it's Celsius. But if you want to change to Fahrenheit, you have to do it now and choose F option, like that. But I'm happy with Celsius. So either type C or it's capital letter anyways, which means it's default choice. Press Enter. Enter. And here detecting system information looks like detects two different types, but first one has serial number. Second one doesn't have serial number only says default string. I will choose that first one maybe. Whatever is closer to what you actually have as a hardware. It says restarting PV proxy again, which means again, you shouldn't be waiting here. You just click somewhere else because it will never refresh that page and then go back to Shell. That's cool. If you go now to Summary, you say, again, Marek, nothing changed. That's not true. It changed again, but again, it's my browser still using information. I just copy it. I just close this tab, open another one. And now magically, it changed everything because now I can see the temperatures of my processor. For this mini PC doesn't show much more, but sometimes you get temperatures of your hard drives, SSD drives, and many more. But for this particular model, I'm happy with that. I've got the temperatures of my CPU, which is the most important information for me anyway. That's cool. Yes, that's basically it. Let's go to the next step. The next step, you should always check because you might be wondering why performance of your Proxmox is not really what you would expect. And what sometimes happens is simply your interface, like physical interface that you connect your Proxmox to your network, negotiated wrong speed for your network card. What I mean, if we go to the shell, can run, for example, IP ink Show. These are all interfaces that I have on this device. There is loopback interface. The second one, this ENP is my physical interface. I can see it's up because that's what connects me to my switch. The wireless interface is down because I don't use wireless. Proxmox basically doesn't use wireless. I mean, it can, but you shouldn't really run Proxmox on wireless. The last one is so called Linux bridge. But I want to check what is the speed of my physical interface. It's especially true if you have very fast interface like 2.55 gig or ten gig, then it's even more important. The tool to check it is called ETH tool. I run ETH tool and it should be installed by default. It only says, but command line argument for more information, run ETH H, which we can do. If we do, it shows us all the options. It's too much let me clear that maybe. But what I basically want to run is let me run that IP Link show again. I simply want to run ETH tool for the interface that connects me to my network, which is this one. I copy it, I paste it, and presenter, and that's it. It shows me what are the capabilities of this link. It can run with speed of ten, 100 or 1,000 megabits per second. But the most important bit is here, speed and duplex. You always want duplex full and speed, you want to really have maximum speed that you can achieve on this particular connection. Just have to remember that the fact that your device, running Proxmox has, for example, 10 gigabyte/second port doesn't mean it will run 10 gigabyte/second, if it's connected to the switch or to any other device that is not capable of running with that speed, yes. So this connection has to be negotiated between whatever you run your Proxmox on and the next device you connect to. Hope that makes sense. Alright, but that's basically it. But it's very important because it was more than once, really. It can be bad cable. It can be sometimes once I had to just reboot the switch I connected for the link to come up with correct speed. Always good idea to check that. Okay. And the last but not least, the step that I always perform is adding an external storage, which I mean, like, for example, NFS storage. We go here to the data center, if we go to the storage, here you've got already two items available. This is basically my SSD drive that is inside the mini PC that I run this Proxmox on, but you should always think about some backup that is outside of this box, which will make it very easy to restore everything in case something goes wrong on this box. It's very easy to add. For example, here you've got this ad button and you can add many different you've got dedicated Proxmox backup server. If you have that, if you can run that on something, that is the best choice, I think. But you can connect to ZFS over SCAsiO for example, in my case, I can connect to my NFS. NFS is this is my NAS, simply, this is my U green NAS. If I go to Control Panel to my file service, I've got Samba configured, but I also have NFS service configured. By the way, sometimes people ask, shall I run Samba or NFS? Well, you can run both. It's not a problem. You can test, for example, what works better for you. SMB usually works better with Windows, NFS with any Linux systems. But what I mean, it's possible to run both to the same location. Yes. That's what I have generally here. I've got NFS enabled, so now because this is my IP address of this NAS, one, 225, so I can simply configure it here. I can call it shared or whatever, the IP of the server, 168, one, 225, and then whatever I don't want to talk about NFS in details. But whatever you have configured, you can then use it, for example, for this image, it's chosen by default. But you can add ISO images. You can keep container templates or backups and backups are actually the most important, I would say. You can add more items here to that external storage, which is very handy especially when something goes wrong here. You've got NFS version here as well. You can choose. And if we double check what do I have I can't remember advanced. Okay, I've got Max NFS protocol. I don't have minimum. Yes, we can leave it as a default. That's not a problem. But what I mean, you've got many different options to configure external storage. Don't rely on internal storage. I'm not saying you have to use NFS or Samba. You can use any of those options. Just use them simply. Proxmox backup server being the best one. Okay. That's all I wanted to say today really. I hope that's helpful and thank you for watching. 4. Please follow me :): One last quick reminder. If you found this training helpful, please click that follow button right now. This is the only way to ensure that you never miss future classes or important updates I add to this course. Plus, it lets you easily track your questions and discussions. Thank you and I hope to see you in the next class. 5. Install Ubuntu on Proxmox: Ubunt 24 oh four has been released, and it's not just another release. It's LTS, means longtime support. And so we can expect that it will be around with us for quite a while. So today, I wanted to show you how you can install it as a virtual machine on Proximox 822. So how do we do that? Well, we first have to download the ISO, the image of the Ubuntu itself. So what I will do, I will just go to Google and search for Ubunt 2404. Let's go for that first link at the very top. First thing I noticed is much larger in size than the previous one, 22 oh four LTS. It's over six gig, as you can see, but never mind, let's download it. That might take a while. Now when it's done, I can go back to Proxmax and upload that ISO image. I've got the previous one, EB one to 22. As you can see, it's 3.8 gig. I will choose Upload. We'll find my file in downloads and you can see this one is 6.1 gig, quite a difference here, and then just click Upload. The task was okay. That's what you want to see. Lo and close it now, and we've got that ISO now available within Proxmox. We can click Create VM, and my VMs usually starts from 200. So this will be 205 because I already have two oh two, 23 and two oh four. So this will be next one up. I will name it Ubon two. 20 404. But it doesn't really matter what you put here. It's just for your information. We can click next. Now the OS. What I have to do here is to just click the correct ISO image. And it's the one we've just downloaded. You go to 24 oh four desktop MD 64. We leave everything ers as it is and click Next again. In system section, I only click QIO agent because that will help you with display resolution and some other aspects later on, for example, in remote desktop sessions. So that's the only thing we have to do here, and we can click next. For discs, it chooses 32 gig by default. You can go down to 25, but do not go any lower than that because that's the minimum recommended size for Ubon to 24. It used to be 20 for Ubon to 22, but it's 25 for Ubon to 24. You might also want to click this card, which is basically a trim option for your SSD drive. So with this though, I can click next. Now the CPU. CPU basically, I mean, at home, you should always choose host, which you can do by clicking this dropdown arrow, then scroll to the very bottom and here it is host. That basically means you kind of disable virtualization of the processor. And if you are unsure what it is about, remember that we always have that help button in the down left corner. So if you click that, it will give you the instructions about the current pub you're working on. If we search for the types of CPU, like here CPU type, you can see that QO can emulate a number of different CPUs. But here, in short, if you don't care about live migration, you can set the CPU type to host, which will give you the maximum performance. So maybe your use case is different than mine, and maybe you want to virtualize processor because maybe you care about live migrations. But because I don't always choose host. So I always have maximum performance. Hope that makes sense. So we can go back, so it's host, but I will also give it four cars rather than just one. You might also want to do is click that advanced button. If you scroll down, there is an interesting option. Allow guest OS to use one gig size pages, which might be a good option. I usually turn it on, but I will leave everything girls as it is. But my point is this stage it might be different for me than for you, but these are my settings and I will just click next. Now memory, I have the ballooning device enabled, which means I can set up different maximum amount, and I can then pick minimum memory used. My system can have floating amount of RAM for this VM. If you can't see that ballooning device, it's probably because you don't have that advanced option click. I can click Next to Network, and I don't want to change anything here in Network portion. So I just click next again. This is just overview of your settings, so you can just have a look again and click Finish if you're happy with that. My VM is being built here on the left, 205. So you can either right click on it to start it and to connect to the console, or you can just select it here and do the same using these buttons. So it doesn't really matter. That's exactly the same. I will click start here maybe. And once we can see green play bottom, we can console to that machine. And it will ask us if we want to install Ubuntu, and that's what we want to do. I will click Enter, and now you will just follow standard installation process for Ubuntu 24. We just pick the language next. C skip that. For me, it English okay. I'm on wired connection right now. Click Next, and we need full installation. So I will leave it as it is. Install your Bumpu. By default, interactive installation is picked, and I'm okay with that. Apps, I don't care about any apps really, but never mind. And this is up to you, but I will click them both of these options. And yes, that will erase the disk 25 gig disc that we created in Proxmox. Happy with that. Click next in Aismatic computer, I will call it. I don't know, meaning PC and we choose the password for the system. That's it. Select your region here and just review the options. I'm happy with that, so I will install Ubuntu. This process will take a while, so I will fast forward it. And it took a while over 10 minutes, I think, but it's now completed so we can restart now. You will receive the message saying, please remove the installation medium, but you can ignore that. Press Enter. That's it. I can now log on as user Mark and puzzword that I've just created. You have the welcome message, and that's basically the process completed. There are some additional questions from bontu but no, I don't want to share system data, and I will just finish it. That's it for today and thank you for watching. 6. Install Windows 11 on Proxmox: In this video, we will go through Windows 11 installation process on Proxmox nine. If you are running Proxmox eight, this tutorial can still apply because the process is exactly the same. To install Windows 11 as a virtual machine on Proxmox, the only requirement is that you have your Proxmox server already configured. If you are not sure how to do it, it's not a big deal really because you can follow the video where we went through step by step process of Proxmox installation and configuration. Again, this process is exactly the same for Proxmox eight and for Proxmox nine. Once you have that Proxmox up and running, the first thing we need is the Windows 11 installation disk, the ISO. And conveniently, Microsoft provides official ISO on their website. So all you need to do is to Google Download Windows 11 disc image. You have that multi edition ISO for X 46 devices. That's what we need. Validating your request. English International Confirm. They say 64 bit download. It's 5.4 gig, so that might take a while. Now, once you have it downloaded, you have to upload it back to Proxmox hypervisor. You go back to your Proxmox, you choose that local PVE or wherever you have your ISO images. You click on those ISO images and you click that upload. Then you just select the file you have just downloaded my downloads. It's even 5.8, it says 5.8 gig. I just click that select. Here again, 5.43. Never mind. I just click that upload now. This process shouldn't take long if you have it on the same location. Now we're waiting for Task Okay. I should display, that's what it is. Task okay means the input was successful. We can close it now. In theory, we've got the official ISO here and we could just start to create our VM. But we need one more ISO. We need something called tio win driver package. But I mean, if we Google vert AO or maybe Windows vert IO drivers, web center, you can find them on official Proxmox website. That's the one we need. I click that first link, and it even explains what it is. Virtual drivers are para virtual drivers for KVM Linux. Basically what it means, this is the set of drivers that windows can use when it's running as a virtual machine on Proxmox. What we really need, we have to scroll down a bit, and here you can download either the latest stable or the most recent version of that package. They say normally the drivers are pretty stable, one should try out the most recent release first. Let's do that and see if they work correctly. If you have problems with that most recent one, then you can try the latest stable, but we will go for the most recent one. And the download starts automatically, but this one is smaller, 693 megabytes. And once we have it downloaded, we repeat the same process. We go to Proxmox and we upload that Verto this time. Go to Downloads, Verto select and upload. That's going very quick, and we expect Task o, and we can close this window now. And now we are ready to create our virtual machine, our Windows 11 virtual machine. So you can click this button, create VM. And maybe before we do anything here, note this little help button in the bottom left corner. If you click on that, it will open another tab in your browser, and this is basically an instruction what it is about every single field that you can see here when you create the virtual machine. This is kind of like instruction for each of those steps. Like, it says the node, the physical server on which the VM will run. For me, it's PV because I only have one node, the virtual machine identifier. I will use maybe 138, let's say, the name, you can call it whatever. Let's call it win 11, and that's all we need here. So we can click next. Now we have the OS. If you go back here, you've got that OS settings section. But I want to show you one more thing. Maybe let's close these tabs. Let's open new tab. And there is also another website. You have to Google for Windows 11 guest Best Practices. And this is what I'm talking about. It's directly from Px Mox again, so we click that. And here you can see some further information on specifically for the Windows 11, what you should choose in this you know, for example, in this section OS, which means you can refer to both, this one, which comes from that help button, and also that one, which is from Proxmox Windows 11 Guest Best Practices. Here we can see select Microsoft Windows 11, 2022, 2025. If we go back here, guest OS, Microsoft Windows, and we have version 11, 2022, 2025. It asks us where we have the ISO image. Is the ISO for the Windows 11 itself. So I've got it in local storage. If I use that drop down menu, I can choose that Windows 11 ISO. However, you have another button here. It says, additional drive for Vert IO drivers, and that's what we also need because we downloaded it already. So we took that and now we choose that Vert IO. This way, we can load both ISOs at the same time once we have that configured, we can click next. We can also click that little advanced button. Here it doesn't change anything, but on some of those steps, it might give us additional information. Let's click that next. This is the system setting. We've got graphic card default, machine qu 35. We can refer back again to the documentation. And here it is, machine type. This document says that you can choose between the default Intel 440 FX or the u 35 chipset, which also provides a virtual PCI bus, which might be desired if you want to pass through PCI Express hardware. So I will leave it as it is, u 35. And the bias I will leave also as it is, the EFI storage, you usually choose the same where you keep all other virtual machines, and I have only one. So for me it's that local LVM. But if you have multiple, you'd have to choose the one where all your VMs live. Now, Skazi controller, let's refer to the documentation. And it mentions that it is highly recommended to use VTO Scuzzi or Vertoblock controller for performance reasons and because they are better maintained. Let's go back. Let's see what choices do we have here and I can see that Verto Scuzzy. I will pick this one. Also, QEMO agent. I don't think it's worth for me to read everything for you. So basically, you can refer to the documentation what it is all about. You know where to find it. You just click that little Help button, and that's it. But basically, I want the QEMO agent. TPM storage, what the TPM is, first of all, TPM is Trusted Platform Module and it's a new emulated specialized chip that Windows 11 requires on a computer for enhanced security. So you have to have it chosen and you have to have it configured for Windows 11. It's different from Windows ten. It was not necessary for Windows ten. So we choose the same For me, it's the same storage. But basically, that's what you need. The same storage where your EFI storage is. You should match it here. And version, you have to have version 2.0 for Windows 11 as well, but it's already chosen. And with that config, we can click next. Here what I want to do, maybe I will increase disk size. I think 64 is recommended. So maybe let's just use the 64 or maybe 80, let's say. Regarding cache, if we check the documentation, you can find further information. But basically, for Windows 11, you either choose no case or maybe you want to use write back, but no case is usually the safer option. If that setup is on your SSD drive, you might also want to take the discard, which is trim option for your SSD drive, and I tend to use that SSD emulation. It's just to make sure that system understands. It's based on SSD drive. So I go next. CPU and the Proximox eight and Proxmox nine by default, we choose the one with AES instructions, and that's correct choice for Windows 11, or what I tend to do is I change to host. What host means, all instructions that my CPU has, all those instructions will be available for this virtual machine. But if you run it on Proximox seven, which is pretty old right now, the Proxmox seven had, I believe, KVM 64. You, for example, migrate your virtual machine from Proximo seven, this is bad. If you left that default setting for Proximo seven, your Windows will be painfully slow because Windows added some extra updates. Basically, what I mean, you either need AES version that this encryption system is supportive or maybe you want to choose host. And that's what I do. Number, of course, depends on I would suggest at least two, but the more you can assign the better performance of the Windows Virtual machine, of course. Plus, if you've got some fancy processor like has multiple cars, you might want to read about that Numa option because you might want to have it ticked as well. But for me, it's okay. I don't have to do it. Again, refer to the documentation. The click Next. Memory, the more you can assign the better. Again, let's say 8192, eight gig ballooning device means you can have a dynamic allocation of memory. So I will say maybe 4,096 here. It will be like dynamically allocated. But I can also turn it off and I can say, I don't want that ballooning device. It's up to you. Some of the operating systems do not like this being on. Windows should work fine with that, but if you've got a lot of memory, you don't have to worry much about it. Let's say for me, I will disable it and I will click next. But if you left it enabled, it's not bad setting. Work. Well, if you've got some multiple bridges or multiple villains, that's where you configure it. The model, you should left that virtualized one. If you have different one, just go back to that paravirtualized. This is the best setting for Windows 11, now you just click next, and this is just the overview of all of your settings. I click finish. Now the virtual machine is being created. We can see 138 and already name is shown Windows 11, and now I can just click on it and I can start it. This might take a while. You can see it's up now, so I can double click here on that. You can see, press any key to boot from CD. Yes, that's what I want to do. I press space. And have to be pretty quick with that. If you wait for too long, it will say it will display error. I will want to boot over IPV four. That's not what you need. You want to start your VM. You want to double click on that and press Space or any other button to start from CD DVD. Because this is what you should end up with, for me, indeed, it is English United Kingdom was automatically detected. I click next. Keyboard. Yes, correct. I want to install Windows 11. I agree that everything will be deleted, click next. Product key. This is the stage where you paste your product key. But what you can do, you can also choose that I don't have a product key, but then on the next stage, well, let's wait for it. Here on this stage, you will have to choose a Windows version that you either have key somewhere, maybe you don't have it now, yes, or maybe you want to purchase a Windows key. So make sure at this stage, you choose correct Windows version. For me, I want to install Windows 11 Pro. But if you have a key for home or education, that's why you have to have it right because your key will not work. The easiest way is to just past the key on the previous step, then the Windows version is chosen automatically. But this is the other way that you can use. And now we go next. And this is standard installation process. You read, of course, that very interesting and entertaining document, you accept it. And now you can see it was searching for discs, but couldn't find any, and this is where we need those vert IO drivers. Windows 11 currently cannot read or write to the disc that is allocated to it. Remember, we configured 80 gig disc, but it's not shown. That's where we have to click that load driver, and now we have to browse to that other ISO to this to disk. And you can see a list of various drivers. Let's go to that AMD 64. Let's click on that Windows 11, and I just say, Okay. Driver is chosen, Red heart VertoskazI pass through Controller, so I click on that and I say install. And now, Windows can see this drive. But before we go any further, it's worth to load another driver just in case. I mean, not just in case because you might have a problem if you don't do that. So I say load driver not entirely sure why it shows that screen again, but you accept that and you can browse again to that Verto. If you chose the ballooning device, that's another driver you will have to load. You would have to go to the balloon again, down to Windows 11, MD 64, and you would have to load this one as well. But because I didn't choose that ballooning device, I need only Net KVM. This is for networking. This is basically to be able to connect to the Internet. I choose the driver for Windows 11 again, MD 64. Okay. We click on that again and we install. Now with those two drivers, we can click that next button. Now I say install. This step might take a little bit longer as the actual installation process. It restarts. It says it can actually restart a few more times. Let's see. You just continue with the standard installation process. United Kingdom, yes, that's true for me. The keyboard layout, United Kingdom, that's fine. Second keyboard up to you, I will skip. I have just one. Now we will check for updates. That's where we would need that networking driver. We can see it's connecting, so it's fine. It's working fine. And it says it will restart before we continue. Now I can name your device. I will say win 11, say next. And it restart it again. Installer asks how we would like to use this device? For me, it will be the personal use. So I say next. And now we decided that it's going to download some updates. This took a while, but we can now continue with the installation process. And now it asks you to sign in to the Microsoft Account. And if you haven't got Microsoft account yet, that's where you can create one. I already have one, so I can use it here. The password for Microsoft account is not the email account. We can now sign in. I can create a pin. Say, okay. I say no. If you already use that Microsoft account, that's where you can recover the data. I'll just say continue. It restores from the most recent machine I used on 18th of June 2025. I don't think there was anything interesting there because this is kind of like test account, it shouldn't take long. It says it's getting things ready for me. That means the process is close to an end. It's nearly done, but we will need to do one more thing. I see skip. Skip only say files to thisPC. I don't want any backups yet. No now, I don't want to import anything. It's up to you obviously. Lot and lots loads and loads of bloat stuff that wasn't here before. They keep adding more and more during the installation process, you have to just click million times Skip Skip or whatever. Finally, you can see Windows desktop. Quality is not great because this is just VNC, but you can, for example, use RDP. You can configure RDP. But what I want to show you, there is one more thing that we have to do. If we search for device manager, you will probably have some stuff still here that do not have drivers. I have only one item, but you might have more. But remember that you still have that ISO attached to this Windows 11. Basically what you can do and click that folder, you can open this Verto ISO and if you scroll down, you have an installer here. It's called Verpao win GT X 64. You can simply double click on that, run that installer, and this will take care of all of the missing drivers that we might have here. So instead of manually searching for them, you just run this. I say next, accept the agreement next, next. I mean, sorry, on this field, you have to make sure that they are actually there are no red axes next to them. We want them all available. But by default, they are. So yeah, it should be fine. Next and install. I say, Yes, You might see this portion flicker several times, and now it found the driver because that question mark just disappeared. Now I can say finish, and we've got our windows ready to use. I think it might be worth to manually now restart it again and only then continue working with your Windows 11 on Proxmox nine. That's what I wanted to show you in this video. I hope that helps. Thank you for watching Marek. 7. Install Arch Linux on Proxmox: Today, I will go through Arch Linux installation process. I will install it on my Proxmox server, but you should find this video useful even if you want to install it on any other device, like maybe your laptop, maybe directly on your PC, or maybe even Br metal server you have somewhere. First, we need the Arch Linux ISO image. I will simply Google something like Arch Linux Download and I will choose that first link, Arch Linux downloads. Here is where we can download the ASO images, and you can see that ISO image can be burned to a DVD. I don't think anybody does it anymore, but it can be also mounted as ISO file. That's what we will do in our Proxmox server and can also be directly written to a USB flash drive. That's what you might want to do if you install it on laptop or PC and not on Proxmox server. But anyways, we scroll down, and there are some locations, I mean. So you can pick the location that is quite close to you. We'll be at the bottom, I guess. So for me, maybe I will pick bitemark dot code dot k, let's say, and what you need is that very top link. It's just dot ISO image. You can see it's 1.1 gig, so we just click on that link, and it starts downloading. And now the download is completed. Again, if you want to install that arch Linux on laptop or PC, you can use a program like Balenaecher or any other program that is able to create bootable USB drive from that ISO image, and then just stick that USB to your laptop or PC and boot from that USB image. But because we are installing it on Proxmax server, the process is a little bit different. So we go to Proxmax server. You can see I have some already running CaSOS and ubuntu, but we go to local PVE, and this is where we upload the ISO we've just downloaded. So I just click that upload button and I will select the file that has just been downloaded. I'm sorry, not this one. It's this one. I downloads Arch Linux. I will select it and just click Upload. You can see task Okay. That's what you always want to see ready. So we can close it. And now in that local PVE in ISO images, you can see we have arch Linux available. So we are ready to create a VM. I will just click on that, create VM. I will pick the ID for that VM. Maybe I will change it to two oh five because I've got two oh four already for bunt and CSOs was installed different way. That's why it's so low. But I usually pick numbers above 200. I will name it Arch Linux. And we can go next to the OS. In OS, we just have to pick the image we've just uploaded to the Proxmx. The type can be left as it is, so we just click next. Here, I usually click QM agent, but I haven't figured out if it's useful for Arch Linux yet. Basically, you can also leave it as it is and just click next. Disks I believe two gig is minimum for Arch Linux, but I will give it some extra space. I will give it maybe 20 gig. That should be plenty. I will add discard, which is the trim option for SSD and SSD emulation, leaving everything else as it is. Then I click next. CPU, I always use type host, which is here at the very bottom. So host basically disables emulation. And if you want to read more about it in this help bottom, if you click it, you will see that if you don't care about live migrations, you can set your CPU to host, and it should give you maximum performance. That's why I always choose it. So actually, it's a lot of useful information here. You can read it all, not only head, about the CPU type, but never mind, let's go back to our installation. I will give it markers, maybe two. And what I usually pick here as well, is allow host to use size pages. That's what I usually enable. And believe that's all. That should be fine. So you can click next. Memory, I use ballooning, which means it's like a floating amount of Ram. By the way, if you can't see it, you probably don't have that advanced button clicked. So, maybe minimum, we will set it to 1024 and maximum to 2048. Something like that should be more than enough. Then next, network, I don't really want to change anything. For me, it's good as it is. So I just click next, and this is just confirmation you can go through and see if yeah that's really what I want to configure. So we just click Finish. Our VM will start already here 205, you can see the Arch Linux. What we can do now, you just click on it and either click the right bottom of the mouse and start it here or we can start it there as well. So we start and then we can also console to that instance. You will see this is the installation guide, and it will automatically start in 7 seconds anyway. We can actually check other options, but usually the top one is what you go for. I click Enter and we start the installation process. And it will stop at this stage. So why it stopped here. It actually says above. You can see it will require connection to the Internet. So if you are connected to wireless, for example, if this is your laptop, if you're installing it on your laptop and you use wireless connection, you will have to use that IW CtL utility because you need that device to be connected to Internet. Arch Linux will require that connection for the installation process. So you type something like IWCtL then the dash passphrase. Then here in quotes, I believe, it would be your password. I mean, you shouldn't type your password. You should type actually what your password is for your Wi Fi connection. Hope that makes sense. Then station, usually it's W zero and then connect. And here is where you type your Wi Fi SSID. So whatever it's called, I don't know, maybe my home network or whatever. But because my Proximox server doesn't have even Wi Fi card, it uses wired connection. I can ignore that step entirely because it's only needed when you are on Wi Fi. And remember, even if you have laptop or PC that is currently on Wi Fi, you might still temporarily even connect it with the Iternet cable only for the installation process, so you don't have to play with that IWCtL command at all. So it's up to you. In my case, I can now either just type Arch Install to run installation configuration script, or I can do it old fashioned way and configure every single setting manually. But the arch installation script is much more user friendly. So let's just use that. We type Arch Install and just press Enter. So you get that configuration guide, let's call it, where we can choose all the settings that we are interested in. Art install language English. Yes, that's fine. We can leave it. Mirrors. If we click Enter, you can see mirror region. If we click Enter again, it will give you all the regions available, but you should simply pick one close to where you live. You can see at the bottom here, press forward slash to search. So if I press forward slash, and then you and I, I've got United Kingdom, United States or reunion. For me, it's United Kingdom, and I can press Tab button to select it. You can see that little asterisk shows up. So I press Tab again to deselect and tab to select. Press Enter, and we can go back. Now the next option, local, that's actually keyboard and language settings. So if you are in US, you are probably okay. You probably don't have to change anything because you can see down here below info, keyboard layout is already set to US. Language is ENS, so English US and encoding is UDF eight, which is probably okay for you. But for me, I will change it because what I need is UK, which is here just above US. The language I want is EN, but it's ENGB and the encoding, yes, it's okay, UTF eight. You can go back. We are in the main menu, but now that if I go up again to localise, we now see all those settings that are currently picked. If I go even further up, my region was United Kingdom, keyboard layout is okay, et cetera. Let's go further Disc configuration. Let's click Enter. And you can pick here manual partitioning, if you wish, and go through that have disc configure et cetera, partition it disc anyway you want. But you know what? If you use the best effort default partition, it's so much easier. I will show you just click Enter here, and then you pick the volume we've just created for that operating system in Proxmx, which is this QMO hard disk. So again, I will press Tab to select it. The little asterisk showed up, and I press Enter. Now we can pick our file system, and honestly, I don't know if you want to use XFS or F two FS. Probably the choice is between extended four and better offaS because Batter offaS is a newer file system, so maybe I want to select that setting. I will click Enter. It will ask me if I want to create sub volumes with a default structure. Yes, that's what I want, and it will ask if you want to use compression. So I will pick that as well. So again, with up arrow, you can see all the information, what we've just configured. It will create small FAT 32 volume just for boot, and then the Better fAS as main storage, that's fine. Next option is disk encryption and eff click Enter and then enter again, encryption password. You can see Enter disc encryption password or leave blank for no encryption. For me, I don't want to encrypt the disc, but maybe you won't, if you leave it blank, there will be no encryption. If you use the password here, your disc will be encrypted. That's all it is. Let's go back. Now, the bootloader, the group is selected for me, and it's fine. But if I want it, I can change to different one. But let's stick to group. Swap, true? And yes, that's what I want to live. I want to use swap. Host name you can change it if you want. You know, you can call it whatever you want. No. I will just leave it. Doesn't really matter. Now the root password, if we click Enter, it says, Enter root password, leave blank to disable root. And again, it's up to you, but personally, I would just disable root because in the next step, we will be able to create a user with pseudo access. And many new Linux versions have root account disabled by default, I mean. So it's your choice. If you type the password here, you will have root account. If you just leave it blank, you disable the root. And that's what I will do. I will disable the root. I will not type anything here. And now we have user account, user account. Other user, I will create a new user. I will call it Marek, password. Okay. I have to type it again for verification. And now it asks me, should Mark be a super user? Well, yes, remember I don't have Root account, so, yes, I want to have a user with superuser privileges. So I click Enter, yes, and that's it. And if I want, I can add another user. I can create as many users as you want, but that one is fine for me. I will just confirm and exit. And now the profile. Let's click Enter to get into that and the type, click Enter again. And this is interesting one because you can choose minimal server or X Org, but I would go personally for desktop because you can see it installs like VIM, HTp et cetera, but it also prepares your desktop environment. If you want to have that graphical user interface, the desktop profile is really the one you want to go for. So I will click Enter, now it asks me which ones I want to select. Most people will be familiar just like me with nom or KDE, and you use Tab again to select your choice. But note that you can actually select more than one. You can select all of them even if you want, and then you can switch between them. But to keep things simple, I will just use gnome and that's it. So I click Enter. It asks me for a graphic driver. And by default, it's all open source. And this setting is okay for Proxmox. But let's click Enter Anyways. So if you install this arch Linux on your laptop or PC, maybe you have AMD, Intel or N Video card, and do you want to install different drivers? Then this is the way to do that. But as I said, Proxmox is okay with the open source only. We also have Griter. Ritter is just your login page. If you click Enter here, the only other one I heard is SDDM, but GDM is fine as well. It's just login page, so it's not that important really. Okay, so we can go back, arrow up. Can see, you can review it again, arrow down. Next option is audio, and by default, it's no audio server. Well, you don't want to leave it as that. Let's click Enter and you've got two options for Pipe wire or Pulse audio. And I would go for pipewire because it's newer option with real time multimedia processing and some other advantages. But you might consider pulse audio only if you find some issues with the pipe wire. Me, it works great. So I will pick pipe wire. Now, the kernels. By default, it's a default Linux kernel. But if you click Enter, you can see we've got other kernels as well. There is a hardened one, and there is a longtime support. And the thing is, if you click tab, you will note you can select more than one. And you know what it's not that stupid because maybe you want to play with that later on and booting your Linux using different versions of kernel. But for this scenario, I will just use basic one, the default one, I mean. Enter additional packages. Let's click Enter, maybe. It says that you can install additional stuff in the installation process. The truth is you can do it later on as well. But it says, you know, if you desire a web browser such as Firefox or Chromium, you might specify it here in following prompt. You know what? Why not? I mean, I will probably need both, so I can type Firefox and Chromium, as it says, I have to be space separated. So it's not comma separated, it's space separation. And just click Enter. It will verify at the same time, have a look. Yes, they are listed. If you had error on previous stage, that means you probably misspelled something or the package is called something different. We can go now to Network configuration. Basic click enter, and I guess nine out of ten times, you will just go for Network Manager. But if you want, you can also configure it manually here. If I click Center on manual configuration, it will ask me to add interfaces. It will see I have it connected with Internet cable. The interface is ENS 18, then I click Center and I can choose if it should be DRTP dynamic host configuration protocol or static IP. If I want static, I can create static IP here. So for me, something like 192, 168, one, maybe what 25 slash 24. Default gateway is the IP of my router, which is 192 that 16811. DNS maybe CloudFlow 1111. You can confirm and exit, but I will actually cancel because I will go back and I will just use that network manager. So, you know, let me go back again, but you can see how much easier it is. Just use Network Manager rather than typing everything manually. What is your choice again, Time zone, loads and loads of time zones. You can scroll down, but it's much easier to press forward slash again to search as suggested. So I will forward slash to London. I've got Europe London Time Zone. That's what I need. Automatic timesing, I would always leave it true. You want to use NTP for various reasons. Optional repositories, I'm not interested, so I can simply install it now. Let's click Enter. Again, Enter, it says press Enter to continue. We formatting the drive, it will follow with the installation process and once it's done, we should have running arch Linux. This took a while, probably several minutes. But it now asks us, would you like to shrout or Chroot into the newly created installation and perform some post installation configuration? Well, no, that's not what I'm interested in, then, so I will just pick now, click Enter, and it will reboot. Oh sorry, it will not reboot on its own. You have to type reboot. So Enter and the Arch Linux should be now up and running. We can pick first option, Arch Linux, and that's it. Now we can log in. By way, this is that GDM, remember? It's called Gretter in Arch Linux. I can type my password. And that's our Arch Linux installed. You can pack the tor, I just skip it and you can see those nine dots. You can see the Firefox, for example, and Chromium has been installed because we added it as additional packages. We've got already VIM installed and some other stuff like HTp. You can also type here, let's say, terminal. If you want, you can make this window bigger. You can also type HTp here to see the CPU utilization, memory utilization, and all the nice stuff. If I want to open Firefox, I can use this, go there again, and Firefox. Okay, that's it. I hope that's helpful, so see you next time. 8. Install Linux Mint on Proxmox: Linux Mint is one of the most popular Linux distributions, and it's perfect for Windows users who want to switch to Linux because Linux Mint makes that migration as seamless as it is possible. And Linux Mint is based on Ubuntu, but uses different desktop environment. It can use Cinnamon, XFCE or made desktop environments. While, Ubuntu, by default uses nom. So okay, let's just install it then. I will install it today on my Proximo server, but I will add some extra info where necessary. And this way, you should also find this guide useful if you want to install Linux Mint on other devices like PC laptop, server, mini PC coffee machine. I don't know, wherever you want to install. So let's get started. And first, I need to download the Linux Mint ISO image. So to do that, I will just go to Google and search for something like Linux Mint download. And I will pick that first link from the top, which is directly from Linux Mint. So you can see Linux Mint 21.3 has a code, Virginia, and here is where you can choose your version, your desktop environment version, I mean, I will download the cinamon, but as you can see, there is another one XFCE or mate addition. So let's just scroll up and download the cinnamon edition. The installer is 2.9 gig in size, and you can also find here installation guide release announcements, and this is the link if you want to download it using Torrent downloader, but I will scroll down and you have mirrors. You can use either word mirrors or you can scroll down to whichever location is close to you. For me, it's United Kingdom, so I have a little bit of scrolling. Maybe UK fast sounds good. Now the downloads just started, I have to wait for the ASO download process to complete. The ISO is now downloaded. I can see it in the folder. And if you want to install it directly on PC or laptop or server, that's where you would use programs like ballena Etcher that are able to create bootable USB drives, and you would want to write that image to that USB using this program. Once you have it on USB stick, you just slide that stick into the laptop or whatever device you're installing the Linux Mint on, and you would boot from that USB stick. However, for us, it's a different process because I'm installing it on Proxmo server. So what I have to do go first to my Px Mx. I will go to Local PVE to ISO images, as you can see, I already have some, and now I click Upload to upload the file that I've just downloaded. So I will select that image, which is currently in my Downloads folder, as you can see, Linux Mint, and then I will just click Select. Linux Mint 21.3, yes, that's what I want, and then just click Upload. Should see task Okay at the end of the process. That means the file was uploaded correctly to the Proxmox. When I close this window, I should see it available here in my Proximox Console in available ISO images. That means I can now create a VM. I can create virtual machine. I click that button in top right corner, create VM. I will pick the ID for my VM. Doesn't really matter, but I will pick maybe two oh six. I already have two oh four and two oh five, next one up is two oh six. I will call it Linux Mint. Can't have spices here, so I will add dash. I can click next. I have to pick my ISO image that I just upload. And it's Linux Mint, I click next. I can leave everything here as it is, click next again. Disk, by default is 32 gig. I will make it a little bit smaller. Maybe 20 gig should be more than enough. I will add discard which is trim option for the SSD drive, I mean, and I can click next. In the CPU tab, I don't like having processor emulated. I usually pick host, which is at the very bottom, which means I've got the best performance available. I will also increase the number of cars, maybe two. Then we can click Next again, memory, it's set to two gig, which you could give it a little bit more. But in this instance, I will just leave it as it is. Click next again, Network. All those settings are fine for me, click next again and just confirm everything if everything looks okay, configuration wise, it looks fine, so I will just click Finish. Now the VM is being built two oh six, we already can see. We don't have name yet, but shortly it should show up. There it is Linux Mint. Now if I select it, I can navigate using either right mouse button or I can use these buttons here in the top right corner. I will just start this virtual machine, and now I will console to that machine. You can see it's connecting and it's Start Linux Mint. So I will click Enter. It might take a while because it's not normal bootloader, you will have a kind of working Linux mint already, but I will show you what I mean. So what you can see now, it's an instance of Linux Mint as if you were running it from the CD or DVD drive. Remember that live CDs. So at this stage, Linux Mint, lets you play with it. If I click this icon, I already have M and everything, but the performance can be terrible because for me, it's fine because my ISO is currently on SSD drive. But if you booted it from the USB drive, your experience might be not that great. So what we have to do next is click that Install Linux Mint. So we install it properly on the drive rather than previewing it directly from that ISO. Hope that makes sense. I will double click that. And this should trigger the proper installer. You choose your language. For me, English is okay, even though it's not my native language. If you are in US, you can leave it as it is. For me, it's okay. I click Continue. Install multimedia codec. I'd say yes. I save us sometime later on. Let's click Continue. Now a little warning, erase disc and install Linux Mint. This will delete all your programs, blah, blah. Well, I don't have any programs. It's a fresh installation anyways, so yes, I'm fine with that and I will click Install now. This will just double check if you are sure you know what you're doing, because this basically will erase everything on the drive that we allocated for that Linux Mint. And in Proxmox, we did it during the virtual machine creation process. But if you, for example, install it from USB drive, you have to be sure you choose correct drive because you can erase wrong drive at this stage. So yes, double or triple check that this is what you want to do, really. So we click Continue. It will ask us for time zone. London is okay for me, at least, continue. Now pick your name, Smack. I'll just delete that. What already exists on the network. Add Linux Mint. This is the user name. I can change it if I want, but that's fine for me, and we will create a puzzled. To repeat it here, and now we can click Continue. This process will take a while, so I will just fast forward to when it's completed. All right. I took around 10 minutes on this minipC around the Proxmxon, but at last, it says, installation complete, and it tells you, installation has finished. You can continue testing Linux Mint means you can stay here as you are and use this kind of live CD environment, but I want to complete this proper installation, so I will restart now. Let's click Restart now. Now it says, please remove the installation medium. But that is true if you run the installation from the bootable USB stick. Now is the time to remove it from the device you are installing Linux Mint on and only then press Enter. But because I installed it on Proxmox, I don't even have that USB stick, so I will just press Enter. Now the proper installation of Linux Mint asks me for my password. You can see that welcome screen, you can read more about Linux Mint itself, I will disclose it and you can see you've got loads and loads of programs already installed, pre installed during installation. You also have Modila Firefox and most of the stuff you would expect from operating system, it's already there. So I hope you will enjoy Linux Mint and I will see you next time. 9. 103 k8s on proxmox3 thinkific completed: So you've done it. You've got your home lab up and running. You've got home assistant managing your lights, maybe you've got Plex or Jellyfin serving your media, or maybe you've got even more Docker containers on your nook or maybe on old laptop, and it feels great until it doesn't happens when that one mini PC or old laptop crashes? Well, everything goes dark, or what happens when your traffic spikes, that one container just can't handle that load? The standard docker is great for getting started, but eventually you will hit a wall and you need something that doesn't just run containers, but something that orchestrates them. That is where Kubernetis comes in. No, I'm not talking about a Minicube or KTS. Today, we are going to build a real deal like full scale production ready Kubernatis cluster running on your Proxmox VE hypervisor. This is the same exact architecture used by the tech giants to keep the Internet running, but it will be scaled down to fit our home. Here is my little battle plan, let's call it. We will spin up one master node. It will act as a control plane for our Kuberntis cluster, and then we will deploy two worker nodes. These are actually the ones that do the heavy lifting, let's call it. They run the containerized service. Then I will show you how to easily scale this up to five, ten, or even 20 nodes, as many as you want, really. By the end of this video, you won't just have a cluster. You will have an entire system that can self heal and scale. And most importantly, we will utilize load balancer to distribute traffic like pros do. If phrases like a control plane or cube proxy or something like that, they sound like an alien language to then don't worry. This video is designed for you, right? We're going to as always, we are going to build it piece by piece, and we will have quite a few commands that we have to run on our virtual machines. But I will explain not only why you have to copy paste that command, but we will go through why we are running each of those commands. So you have better understanding of how it's all meshed together and how it works as a Kubernatis cluster. I guess this might be a bit longer video than usual, but by the end, you will have all fundamental understanding of the most powerful tool in modern DevOps really. Let's get to work done. I will use this Zima board tool for this project. Zima board is right here, but this is the NAS case for that Zima board as well. This Zima board is not requirement, any minipC laptop, PC, whatever you have there. Anything that can run Proxmox will be fine. You probably know that Proxmox can run on nearly anything. I will assume that you have Proxmox already installed, and if you don't you don't know what Proxmox is and how it works, the Proxmx installation was covered in a separate video. About the Zima board too, it has a four core intel and 150 CPU. It has 16 gig of Ram and it has 64 gig of internal EMMC memory. But as you can see, I've done that expansion card and I added two terabyte SSD drive. I've got additional external storage. You can see, this is PCI Express card, and I've seen some people even attaching proper graphic card to the Zima board. But for me, it's just I use it as external storage. I will use this storage for our virtual machines in Proxmox. And as you can see, this is my Proxmox running on the Zima board to from ESWL Technology. I don't have anything running on it yet, no virtual machines. The only thing I change is I added that external SSD and you can see it as transcend PVE. And it can be used for virtual machine disks and container volumes, the same like local LVM. The next tab you can see opened, it's my Github repo, which you also have access to. It's automation Avenue, KTS on Proxmox. That will be very helpful. So it's the best to have them both opened at the same time. This will give you not only the commands, but also a quick overview of what we are going to do, and it will tell you what these commands are about. The first thing it mentions is we really have to start from our router, not even from Proxmox, but I have to log onto my router because I have to check one thing. If I go to my network to the N, this is on Flint T device, but you will probably have the ACP server configuration somewhere also in Network tab or something similar. I guess you might have something like that. You will have 254 here at the end or 253. This is the scope of IP addresses that your router provides to your home network. Basically the first IP address available is one dot two, and the last one would be probably one.254 for you. As you probably already have seen, I had mine set to 99. That means the first address is dot two. The last one is dot 99, and then from dot 100, all the way up to.254, I can assign to all my devices at home statically. Because this DHCP server, the scope of those IP addresses is now limited, and it can only handle out around 100 IP addresses, which is more than enough. And everything from dot 100 to.254, I can manage myself manually, statically. I hope that makes sense. That's the first step really. That's what this document says. My DHCP Scope finishes at dot 99, which means from dot 100 blah blah, I can assign statically, and we can now log onto the Proxmx and create our virtual machines. As I mentioned, we need one master node and two worker nodes or more. It's up to you. I would say this is a minimum to have that feeling that you have a Kubernete cluster and three separate virtual machines that will run that cluster. We can go back to our Proxmx and first, we need an image for our virtual machine, and I will be surprised, but I will go for Ubuntu 2604, LTS. And we've got February 17, and you can see that it's scheduled for release on April 23, but to be honest, I've been playing with this Ubuntu for a while already, and it's super stable, and I can't see why we shouldn't use this one. But if you want to go for 2404 or 20 204, I understand that or maybe different, completely different Linux operating system. This is also fine because every Linux can run Kubernatis but remember that the commands might be slightly different than, but you will be fine with any Ubunto. It doesn't have to be 26. I recently started using it and I find it super stable. Maybe we can add download. Maybe I will add server. We've got this server install image and you can either click this first link or if you scroll down, we also have this one, which I can see was updated just yesterday. This interesting. I will just right click it. I will copy this link. I will go back to my Px Mox to the PV, ISO images download from URL. I will paste that URL, I will query that URL. It can read from it. That's fine. That means I can download. That's now done. It says Task Okay, which means we can close it and we can see that image available here locally on our proximos. I can close that tab. Let's go back to our instruction. Instruction is obsolete because I worked on Snapshot three, but this one doesn't even show that snapshot information. Never mind. We can go further. I will amend that instruction. Now, it says, create virtual machines. That was I didn't know how to approach it really to make it easy to understand because we need to create three virtual machines. We could, for example, utilize cloud images and Cloud Int file, or we could create one and clone it. But with all those, it's additional work required anyways. I think it's a bit I don't know. It might be overcomplicated for some people. So it might look lame, but we will create every server separately. And yes, we will have to go through installation process three times separately for each server. Because it's Ubuntu server, it's really just a few stages and it takes 2 minutes to install it. That's why I thought. I think that's better way. I think that's the best way really and the easiest to understand. To create virtual machines, I've got that commands, and you might think, where did I take those commands from? I will show you how you can create your own command like that. We've got this image. When you normally create a virtual machine, you simply go here manually, create VM. Yes. You give it an ID, let's say 190, you call it, I don't know. I will call it test. Yes, doesn't matter. And you go through those stages. You choose the ISO, you go next, let's say, take that QEMO agent, you go next, you then choose your disk size, for example, 50 gig, and I also want to take this advanced because I need this card and SSD emulation because I will work on SSD. Disk. I go next. I say maybe two cars and I want to I always use host CPO type. But if you want to use any of those, you will be fine as well. Then I go next memory. Let's say I don't want ballooning and the two gig memory. Yes, I say next, next and finish. And now, this creates this virtual machine. But this virtual machine has a configuration, which means if I go to PVE to the shell, if I go to CDC PVE 1 second? What was it? PVE QEMU server, yes. When you run LSL, you'll see the configuration file for this server. And if you run CAT 190 conf to see what is inside that file, you'll see all of that. It's basically a representation of what we went through during this manual process. You can create every virtual machine manually like that, or you can simply create templates that will include all that information here. Like agent, yes, that's QEMO agent. I want it enabled. Number of course two, what CPU type, host, and so on and so forth. The storage, I can see I didn't change it. It's a local LVM. But if you go back, you will see that it will vary. For me, for example, it will be the transcend, but for you, it might be local LVM or might be something else. It's whatever you chose for your storage during virtual machine creation. But if you are confused, you can still use simple manual process to create every virtual machine separately, yes? That's what I mean. Will use those templates. And you will see we've got three different templates. First template is Kuberntis master node, and the master node will have four cores and more memory. Whereas the worker nodes, we've got two workers, Worker one and Worker two. They will have two cars and two gig of memory. And they will all have, what is it? 50 gig for the local storage, but it will be based on this transent external SSD I've got. And this is already not true because this is what my image is called ISO Resolute Live Server. So maybe let me copy it. I will open notepad. Master Node. Maybe let me make it bigger. Everything else should be the same. I simply copy this with new updated image, and they simply maybe let me clear first. I will simply paste it here. You will see it's already being created. 191 will be my master node. After a few seconds, it should be shown. There it is TS master. Let's do the same for the workers. I will say virtual machine ID 192. I will call it worker one. I will give it just two cars and two gig of memory, and that should be it. I can create another one. It's done, maybe less clear. I will go again, create another virtual machine 193 this time, I will call it Worker two, and this time, I don't have to change anything else. That's it. Now I have three virtual machines. Maybe let me remove that test because it might be confusing. I don't need it anymore. I just wanted to have it to see what confit should look like, but that's it. Okay, job done. That means we can go back to our instruction and check what we should do next. It says now start each one and configure host name and static IP addresses on them. That's what I mean. We will have to go through the installation process individually. I will just click Start, I will go to Console. And yes, we will have to install. Let me click Enter. We will have to go through this process manually. But you know what? Even if you use Cloud in it and cloud images or let's say you clone stuff, that doesn't mean it's faster. You will have to play with host names. You will have to regenerate as a SH because it's getting very confusing very quickly, I would say, this is the best approach, in my opinion. I mean, for three virtual machines. If we had 20, maybe that would be different, but not for three virtual machines. But anyways, let me choose English. 1 second. Let me double click that. We will make it a little bit bigger because it's pretty small. And I say, continue without updating. Doesn't matter what version of installer I've got. I say D, Ubuntu server, done, nothing to change here, and this is where we want to change that IP address. I go up to that ENS to my Internet interface. I click Enter and I say, Edit IPV four because now I have IP address given by DHCP. Look at that 192 1681 dot four. Remember, my router will hand out IP addresses from dot two to dot 99. But now, I want to overwrite it. You want your cluster to have static IP addresses. That's why we are doing it here. I click Enter, I say manual and I say subnet is 19216810 slash 24. The network IP address is dot zero. That's why I put it here and it's 24. It's my subnet mask for you probably the same. The address, I will want to match the ID of my virtual machine. What I mean is 192168, one, 191, and I can statically assign that IP address because this is inside the scope of my manual of my static IP addresses. Anything from dot 100 up to.254, I can assign manually, and that's what I'm doing. Gateway is my router IP address, 19216811 and name servers, I can put either the same as for the gateway, or I can use completely different one. For example, 1111 is CloudFlare one, so it can be either the same as Gateway or a specific DNS name server that you want to use. I will just go for 111. And I save it. You can see it's been assigned 192-168-1191, which matches my ID. I say, Don, proxy now, you just click Enter and now you should get a response. Yes, that's what you are looking for. If you get something like that, that means everything works as expected. You just click Enter. Now I will untick this LVM group. But if you want to leave it ticked, it's fine. It's up to you, but it's a bit more configuration. I will click Enter here to untick it and I will use simply as a simple storage, 50 gig storage. All of them. I will do the same. And now I say D. This is just a summary. It will show me that it's indeed 50 gig as a one XT disk for this virtual machine. But there is no right or wrong choice. If you want to use LVM, that's fine. I will click Don, I mean Enter, and now continue. Confirm destructive action. Sounds scary, my name is Mark. The server name, I will call it KS master, so I will simply match. Whatever name I gave for my VM, and now user name to log on to this server will be Marek and PassOd. Whatever you want to use as a pass. But you have to remember it because we will use it to AH to this server, that's it. I say done and now just continue. And here we have to tick, we have to press Enter to have this tick. Install OpenSSH server. That's what we need because we want to Assate to this server. This is pretty important. And now I say done. Here I just press tab. I don't need anything from here, even though you might see some kybernti stuff, but it's not actually what we are interested in. I say, D, press Enter. And now the server is being installed, it sounds like pages because I went through each step. But for the next ones, I will just go through it. That's done. So I just use the down arrow and I say reboot now. And while it's doing it, it will show me, please remove installation medium, press Enter. I will just press Enter. I don't have to remove anything. And this is our KTS master virtual machine configured. But now I have to repeat this process for workers as well. So let me run Worker one. I say start. I will double click here again to make it larger. Enter. It says development branch because it's not officially released operating system, but it's fine. As I said, I find it awesome already, even though the release is scheduled like in two months. For me, is okay. Continue without updating. D here the static IP. I say edit IP before. I go manual, subnet 19216810 slash 24, address for this 1192, 168 1192. Remember, I am matching the virtual machine identifier. Gateway is my router 19216811 name server 1111. Sf. Now done, enter. I can see this works as expected. So I say done I antique this LVM group D and continue. Name Mark server name Kates worker one, and user name and password to log on to this server. Don, continue, install OpenSSH server, yes and done. Tab done. That's now completed, down arrow reboot. Now, we'll ask me to remove the media, like that. I just press Enter. I can close this window now and that's our worker one now ready. Let's do worker two. I know I might look not very professional, but I believe this is the easiest way to have it done. Let's double click. English for me. Continue without updating. IP address 193 this time. Sorry. This is for subnet. It's zero slash 24, here, 192, 168, one, 193, Gateway my router, 168, one, one, one, one, one, one, safe. AntalvMGroup, for me, might not be true for you. Continue. Make worker, two this time, Mark Don. Continue. Install yes, open as sig server tab don. Installation complete. So I say reboot now, press Enter, and that's it. I can close it now. And if you want to create more workers, you are free to go because you will see how easy is add too many more workers to your cluster later on. But we will go back to our instruction and let's see what we do next. So that's what I do. Yeah, that's always a great first command to run on a newly built server. Let me start with Master, maybe. I log Asma. 1 second. Let me. I'll go AsmicPazsword that I have just created I am logged on now. Let me double click on that. I just say up update, and up, upgrade. Auto say yes. Let's enter. Sorry, Sudo. Sudo, up update and sudo uptUgrade. Asks for puzzle again. That's great. All packages are up to date. I can say pudo reboot. But to make sure it's always best practice to just I know it's the same image, but I will run these commands, but I will get the same output. Sudo Update and pudo up. Upgrade. Yes. And so do reboot. I simply follow this instruction, even though this portion is not necessary, but you will very rarely have situation like that that there are no packages to update. It's a coincidence that the image was released just yesterday. Usually, you will have something to update and something to upgrade. That's why it looks like pointless, but I will go through that instruction. So should you. So do, Up. Maybe clear that, so do up, update. And so do up, upgrade. That's, yes. That's it, do reboot, just to follow the instruction. If I go to Master, it should be back up and it is. Now I want to show you a little trick because we have to configure something we have to run the same commands on all three servers. It's a bit pointless to run the just like what we did with upgrade and update. It's a little bit pointless, so there is a little trick you can use. If you open your terminal, and it doesn't matter if it's Mac, Windows or Linux. There is a tool called TMOx. And if you don't have it installed, for example, for MAC, you can install it with Brew Install TMOx. And what it allows you to do, you can split the screen. Let me show you. Let's follow this instruction. Like you can see, some useful TMX commands. If I press Control B and quickly after the inverted commas, let's see, Control B, inverted comma, you can see I split the screen in half, horizontally. And if I do it again, Control B and comma, I split it again, the bottom half. Now I have three different windows. And what I can do now, I can press Control B and column, and you can see that bottom line is now yellow, which means I can run this command. Where is it? Set W synchronize panes set W synchronize plans. Press Enter and now whatever I type, as you can see, the same thing is shown in three different windows. What I can do now, if I run Control B colon again, set W synchronize planes again and now Control B up arrow and then Control B up arrow again. What I can do now, I can SSH to different servers first, SSH Mark at 192-168-1191, I think it was my master node. I say, yes. I'm logged onto my master node. Now, Control B down arrow. Here, I Sage to Mrekt 192, 168, one, 192. I say yes. That's my worker node. Control B down arrow, SSG, Marek, at 192, 168, one, 193. Yes. Yes. Let's now click Control B colon, and I say, again, set W synchronize Pines now maybe Control B arrow, Control B up arrow. So I'm on this window, I say clear. I can now run commands for all three servers at the same time. And now the first command I want to run to enable is to install QIO agent on each of those servers. I just click these squares to copy it, paste it there, the center. Now password and the same operation is being done on every single server. That's it. Let's clear. What we have to do now, we have to disable swap. Sorry, let's go back here. Why do we do this? I mean, this isn't like Kuberneti specific. You could in theory actually omit it, but it's always better to have that IMO agent because the Proxmxs more for Proxmx. It has some visibility into each virtual machine. It can CIP addresses and can interact better with virtual machine. This first command is not like Kubernete specific, but second one is required by Kubernetis. You can't have so called swap enabled. First thing we do we disable the swap on current machine on current session, I mean, that will disable the swap. However, if we check at FS tab, you can see that after reboot, you will have the swap again because of this entry at the bottom, swap dot image. Let me clear that and what we can do, I can run that second command, so do nano at Fstub. I will paste it here and we have to go down, I will use down arrow to that swap image, and I press Option three to insert this hash tag. Maybe I will add space as well. I added this hash tag for every single server, and now I say Control O, enter Control X to save it. If I now run that cut command again, now we can see this line is still here, but it's commanded out, which means after reboot, the swap will not be recreated. And that's what we need for our Kubernatis cluster. That is now done. We can go further. These are just checks at C host name and at C hosts. Cut at CHstname. Just double check if you've got your host name correct. Yes, this is Kates master. This is worker one worker two, and the other one for host. I mean, hosts, sorry, you should have this entry, Kates master, pointing to so called local host, then Kates worker also and worker two, pointing to this 127011 address. This is fine. This is what we expect, let me clear that. We can go further. Host names have to be configured correctly, and now we need to enable two kernel modules. One is overlay. It's basically how container images are built. They use overlay file system and this has to be enabled in the kernel. The next one is Net filter, B bridge Net filter, and I pasted some information about it, but you know what, you don't have to worry too much. What you have to know simply that we have to have them both enabled because they are required by Kubernetes cluster. You can see some explanations here if you want. You can read through it, you can learn more about it, but honestly, it's not that important for you to have a deep understanding of what they are doing. I will simply copy that or maybe before I do, if we want let me move it this way and this that way. If we go to that at C modules load Kates dot C, if we go to at C, modules, load D, run LSL, there's actually no file called KTS CV. But when we copy this past it. And now run LSL again. Now we can see this file and let me clear again. If we run cats.com, we can see these two lines have been added to this configuration file. Then we have to basically do the same for current session because this is applied after the reload and we have to do the same to current running server. We need these two commands psudomdpbOlay, and pseudo mood prorob Barnet filter. That's it. This is a bit more advanced topic, the same for the next entry. All of this is required so Docker containers can talk to each other and they can work correctly, that Kubernetis can manage them, basically. If I copy all of that, if I paste it, if you go to this location at CtL C at CctL DSL, we can see this file s.com. Let me clear that. If I run that s.com, we can see those three entries have been added to this file. We did something similar like we did there, we added those two lines to this file, and here we added those three lines to that file in slightly different location. Now to apply these changes to current system, we need to run this command. That's what we will do. I mean, I could be more specific. This is applied for entire system. You can see though that last three lines are indeed the ones that we have added. That means it basically works as expected. That's for the weird stuff, you know, I don't want to go too deep really because this is a little bit complicated this topic, and it's also the topic that you don't really have to fully understand, believe me, unless you really want to. Not for home networking and for home and for Kubernetis running on home network. But now we can install Kubernetis components. The first one is Container D. It's a demon, so called demon that can run Docker containers. That's definitely something we need. Let's copy that. Let me maybe clear that and we need this on every single server as well. So I press Enter and that will install Container D component. That took just a few seconds. Let's clear again. And, yeah, we can check with System CTL status if we want to system CtL status. And it was called Container D. And we can see it's up and running. Let me press Control C, clear that. But we need to create a so called default configuration as well for that demon. And these two commands, first one, we'll create that container D directory in at C folder. If I go to at C, L maybe grab for Ctan, there is nothing that would have that name. So if we copy these two commands, if I run them, and now up arrow, if I LS L for the same, now we can see that this folder has been created and not only that, but if I seed to that folder and run LSL, I can see indeed this config dot tunel has been created. Let me clear that. And the thing is we have to change one thing in this config dot Tumel file. If I check that file now like cut config Tumel, if I grab for system D, you can see an entry system D C group, it's currently configured to false and we want to change it to true. How I can do that, I can simply run this command. This pseudo Saidi. Is easy way to change this entry from false to true. You just paste it. And if I run up arrow again, grab for the same. Now we can see it as true, and that's the setting we need in this convict. Now we can run those three commands, restart Container D to apply that configures and then we can run up arrow. We can check the status and the status is running for 8 seconds. If the service is disabled, that means it will not be up after the reboot. If that's the case, you can also run enable Container D. But for me, it was enabled already. For you will be the same, I guess. But just in case you can run all three of them. That's fine. This is job done. Let's go further. What do we have to do next? And you can see here quite a few commands. And what we are really interested in is this one, pseudo apt install Cub Lt, cube ADM, and Cube CTL. While all the previous commands were preparation for this ubernatis cluster, this one is actually the core of the Kubernatis cluster. You can see there are three different services, but they have to run together. You can even see here. One is worker, one is installer, and one is the remote control, cubelet, cube ADM, and Cube CTL. They are not available in so called standard repository. So we have to add different repository first to be able to run that command. That's why we do this. First, we update and upgrade again and we install Curl and GPG command and certificates. Then we need to download the so called GPG key that will let us add this repository, which then after the update, because every time you change something to the repository, you have to run psudoUdate. Once this information is updated, we can run this command that as well. The last one, maybe 1 second. Let's simply run it. Yes. I will get back to it. Let's go back here and I will just paste everything. Long output, I just press Enter and I just wait. It didn't take long. It took maybe 20 seconds, to be honest, but you can see at the end Cub let set on hold, IDM set on hold, and QCTL set on hold. This is a good practice again. If we don't run that last command, you might break your uberntis cluster with simple update command and upgrade. And it should say here somewhere that you might want to upgrade your cluster periodically. You might want to have it up to date. But from time to time, you might want to do it, but you want to do it in controlled way. That's why you don't want these three items. Basically, anything you upgrade on your virtual machine will not affect your Kuberntis cluster. Hope that makes sense. Never mind. Let's reboot again. It says optional, but every time I install a lot of things, I do reboot. I simply want to see if everything comes back up as expected. If I can log on, if I can see the services running, et cetera. Anyways, we can now close this one because you can press Control D or you can just close the entire session because now we need to run separate command on the master node and separate on the worker node. So let's log on to them separately. I'll just run SSH Mark at 192-168-1191 that is my master. As I say Marek at 192168, one, 192. That should be my worker. It's worker one. And again, another window. I could use TMX again, but, I mean, yeah, I could, but never mind. 192, 168, 1193. Because you can switch between Timux windows as well, between panes, or you can run three terminal windows. Never mind. Let's see what we have to do. We have to initialize the cluster on the master node. We are nearly there. I simply run this command, cube ADM in it. But you might be wondering, what is this? This is an overlay network that will be created and this prefix is used by the next component we are going to install, which is called flannel. There are other ways because basically we need something called CNI, container network interface. This is a component that basically lets all those internal communication to work properly within Kubernetis cluster. The nodes can speak to each other, the containers can speak to each other. Everything is discovered and there are multiple solutions that can be applied. For example, flannel or Caliko or there are three or four more pretty popular ones, but flannel, I think is the most popular and this flannel uses this IP prefix. In theory, you can change this prefix, but then you would have to also change the configuration for that Flanner service. That's why I think the best for you is to simply copy paste as it is. And there is only one important thing about this IP prefix. It has to be something that is not used somewhere else on your network. Honestly, I would be very, very surprised if you utilized this subnet somewhere. You might have ten dot zero dot zero, but ten.244, I don't think. Double check because if you do, you might have a problem. But usually, this is not used by anybody at home. So for me, it's safe to run as it is. I just copy it and I run it on the master. Okay? I only run it on the master this time. I say paste, press Enter, pseudo password. And that's it. I might take a while. It says it might take a minute or two, but for me, I don't think it takes 2 minutes. But if it looks like nothing is happening, don't worry about it because it might take a while to pull all the information it needs. But what I want you to notice is this last command, cube ADM join. This command is generated at the end of this process, and this is the command that lets you join I mean, you run it on the workers so they can join this cluster that is controlled by this master node. But the thing about this command, it is only valid for 24 hours. So if you decide in a week that you want more nodes, then you will have to regenerate This command that you can run on the new worker, right? I think it's mentioned somewhere. Yes, it's this one. Cube ADM, token create, print, join command. But that only, you only need this one if you create more nodes in the future in week or month or a year. Before we run it on the workers, we are still on Master, we can add this kind of optional, but I would run it because basically it will let you run the cube CtL commands and some other commands without having to type sudo all the time. So it's pretty handy. I will just paste it here in my master node. And that's it. It basically copies this admin conv to this conflict file and changes the owner but what it really means, you simply won't have to run sudo cube CtL or other uber Natisrelated commands with sudo. You will simply be able to run Cube CtL. That's what it is for. Not that important but handy. And now we are back to that cube flannel. This container network interface service, yes. We have to run this also still on Master only. We run those commands on Master, yes. We didn't touch the workers yet. I run that, and you can already see, I don't have pseudo here. I just have cube CtL apply. Oh, I just wonder on second, let me face this. Let me run it. Okay, that's fine. Yes, everything was created, so that's what we want to see. That network interface and all the components have now been created, namespace service account. Which means we can now join our workers like Worker one. Where is it here? Worker one and Worker two to our Kubernete cluster that is managed by this master node. And to do that, I have to copy that command that was generated here, which is cube ADM join I just copy all of that and paste it on my worker notes. I say, paste, enter. Okay. We didn't run that other command here, so it says user is not running as a root. So we could apply that thing, or it's not a big deal. As I said, it's optional. I can run up arrow and I can simply add sudo at the beginning, Now it will work. And if I run the same command for Worker two, it should join Worker two as well. And that's cool. It even says, Run QPCtLG node on the control plane to see if this node joined the cluster. Let's do that. QPCtLG nodes. This is the master, CPCtLG nodes. Have a look. I'm on let me close these ones or maybe move aside so it's clearer. This is my master node. One of the nodes is the master itself, and worker one and Worker two are other nodes. But what's important is their status is ready. This one is 29 seconds up, and you might think that this is wrong. It says roles known. But no, this is fine. The old kubernatis would show you a worker role. But new versions of Kubernatis I mean, new. It's been like this for a while. But this is expected. So everything works as expected. So let's go back to our instructions. Let's go further. Well, yes, that's interesting thing because at this stage, we basically have fully working cluster, and you could call it a day. You could say, yes, yes. I've got Kubernatis cluster now up and running. But if you are familiar with Kuberntis a bit and the services, the type of services you can run on Kubernatis, you will quickly find out that the service type load balancer is currently not available for our cluster. If you run this as 10. What is LXC (Linux container)? How does it work?: In Proxmox, we can create virtual machines using this Create VM button, and then we can create Alexey containers or Linux containers using that create CT button in the top right corner. But what that LLC container really is? I mean, what does it do exactly in the background? Or how does creating Lexy container compare to creating virtual machine? Ever create a Alex container in Proxmox, did you notice that you do not have to install anything? We just run the container with no prior installation needed. We will explore today what is that LLC, how it works, and how it compares to the virtual machines. Let's first have a look at the major differences between VM and container creation process. I want to just quickly show you what the create VM options are so we can see exactly how very different these available options are when we compare them then to create container options. What is the reason for that? Why these options differ a lot. But it's also worth to mention that I'm using my Proxmox server heres, but you have to be aware that those virtual machines and LAX containers are not Proxmox specific things. They are Linux thing. So you can run VMs and Lx containers on any Linux operating system. For example, to create Alex container on Ubuntu, you'd have to install Lx D, Linux Demon, and run a lot of commands in CLI. Well here in Proxmox the Proxmox gives us that nice little user interface where we can do the same with just a few clicks. That's why it's so much easier to see all those differences here on Proxmox than on any other operating system really. If you ever created Virtual Machine in Px Mx, then you should be familiar with all those options. I like here, of course, you have to choose the Virtual machine identifier like maybe two, four, five, and then use the ISO. Here, I also want you to note something. Look at the sizes of those ISO images. For example, Linux Mint 3 gigabytes. Windows, 5 gigabytes. They are huge. If I choose Linux Mint, let's say, I can then choose the guest operating system, if it's Linux, if it's Windows, if it's Solaris or other operating system. This one is Linux, and if we go next, I'm not creating one. I'm just going through these options. That's what we should concentrate on here. I can choose different graphic cards. I can choose different machine types or bios even. I can choose have a choice of tree here or Scazzi controllers, blah, blah. If we go to disks again, I can choose what type of device I want to choose, et cetera. And then let's go to CPU as well. I can choose what type of CPU or how this CPU should be presented to this operating system, to that Linux mint that I'm creating now. Have, again, choice of many, many different CPU types like AMD, as you can see, Intel, blah, blah, blah. Okay, I hope you know what I mean. Let's close this. It's not exactly what I wanted to show you. I want to show you how it differs from that create City options. Create City, I mean, here, it's not big difference. Let's say two, four, five, our identifier, I can choose host name as well. I need to choose pass but then if we go next, it asks for template, and I don't know if I have any. I mean, I've got one, it's for Debian, but look at the size now 126 mega. Remember, the ISO was five gig for Windows or three gig for Linux. Here we've got Debian, so it's also Linux operating system, but the template has just 126 mega in size. We will go back to those templates, so don't worry too much about it now. Let's go further disks, not much choice again. The storage is already chosen for me, and I can only change the disk size. Right. Maybe I will change it to 50, but that's basically all I have here. I can't choose if it's ID or Scuzzi or whatever. Let's go next, and now I've got CPU look at that. I only have the choice of how many cores I want to assign to this container, but I can't choose if it's Intel, AMD, or any other processor. And memory, again, I can only choose the amount of memory and the swap. So if I go next, just some basic networking stuff. And then I just go next, next, finish, and that's it. Look at that. It took what? 2 seconds? It says Task okay. And if I click on it, I can just start it. That's job done. My LACC container is up and running. I can see already CPO usage. But if you did the same with the virtual machine, that would be the point where you would start your installation. Here, we didn't install anything. All right, so let's just go back, okay? Let me exit that. So what's going on here? If I go here first to these city templates, as I said, it's just 126 meg. Why is this city template so much smaller than Virtual machine ISO? It's because this container template is mostly consisting of just basic user space. And I know it might not tell you much at this stage, so to explain that better, let's break my current Proxmox machine into three main separate components. I mean, this is the main Proxmox servers, and what are the three main separate components that make it work in the first place? The first component is the hardware. It's pretty obvious because you have to install Proxmox on something. You need a motherboard, you need a CPU, memory, hard disk, some network interface card, et cetera. A miniPC laptop or personal computer will do just fine. If you're not sure how to install Proxmox on them, then I have a video that takes you step by step through the Proxmx installation process. But anyways, what that Proxmox installer does, it first installs so called Linux kernel. The Linux kernel is a component that knows how to talk directly to that process or memory or hard disk. So if I go here to boot under the root directory, if I run LS LI, I can see this is actually my Linux kernel. I mean, my Proxmox runs on this Linux kernel. You can also run command UNM R, which basically shows you the same information. 681268 12 PV. And interesting thing, you can run up search Proxmox kernel. This command will show you all available kernels for this proxmx it's loads and loads of kernels, as you can see, I can scroll up and up, many different kernels to choose from. Be kernel is something I can replace. I can install different kernel. But the thing is, you are not able to talk to that kernel directly. By default, the kernel doesn't even do anything. Kernel is not something for us users to play with. The only thing you can actually do is to install different version of kernel. That's very important component. This kernel was first created and released by Linus Thorwalz in 1991, nearly 35 years ago, but it's basically still the same project that was originally created by Linus. I mean, yeah, of course, it grew in size a lot since then, and a lot of new things were added. But basically, Linux kernel is one constant specific project, and its major focus is just to be able to talk to the computer components. But you might ask if users cannot talk to this kernel directly, then how we can interact with our computer? And the thing is users we have to use so called user space. This is the third major component installed during Proxmox installation. User space includes, for example, file system. So if I go to root folder, let's say, if I run LS LA, all those folders you can see here, they are actually part of that user space. Then if I go to maybe Ben I run the same command here. What you will find here, you will find all the commands that we can run on this system. I can scroll up. You can see it's loads and loads of them like WG or word count or watch or who am I? All those commands are here in this forward slash Ben directory. Basically, what is in this folder dictates what I can run as a user in my command line interface. Even shell, this command line interface is also part of user space. This is how I interact right now with my Proxmx. If I run echo shell, see that I currently run Bash shell, but that's not the only shell available. There are many other shells available. But what I mean, it's simply part of user space as well. The fact that I can run commands here, this is because I have this shell available. And also, if you have a desktop version of Linux operating system, then your user space will also have a graphical user interface that you can use to interact with your computer. Like I mean, currently, I am on my Ubuntu and I have graphical user interface here yes so I can also just click, buttons on my mouse, and basically I run kind of like shell, but from this point from graphical user interface. But what's important here is that during installation, Px Mox created this entire user space that I can now use with all those folders, all programs, all commands, and all that stuff, so I can now communicate with my server. I can type some crap here, like who am I maybe was one of the commands available here, and it says, I am rude. But the fact is my shell does not know how to speak to the CPU or hard drive direct. All the shell does is simply sending so called system calls to the kernel Kernel has an API, which is a little entry point for this user space for this shell that is inside user space and kernel can read the whatever crap I typed here and it can take that information and translate it to the low level instructions that a CPU or memory or hard drive can actually understand. That's basically very rough overview of how computer works process. But going back to that user space, in fact, Proxmox runs on Debian Linux distribution. Basically, if you compared Proxmox user space to native Debian user space, you wouldn't find many differences. The main difference would be that you have some Proxm specific files that were added to this user space. If we go to at C, I mean, that's a lot of stuff, but if we go to PVE, this PVE folder and all those files that we can see here, these are Proxmog specific files. That means you will not find these files on any other Debian, or, in fact, you will not find them on any other Linux distribution, not only Debian. This is kind of Proxmog specific user space that was created. These user spaces will differ between different Linux distributions because user space belongs to completely different independent project. That project was called Gnu and over time, many people had their own idea what an operating system should look like, what folders should be included in the file system, and what it should basically generally look like from user perspective. They started creating their own user spaces. That's why we ended up with not just one Linux distribution, but countless of them. If you take alpine Linux, it will have different file system, different tools, different commons available. And let's say Centos or Ubuntu or Linux mint. But there is one very important element. The kernel used in all of them will be the same. And sometimes you might hear the time that the kernel is interchangeable. That means that you can swap one kernel with another and your Linux distribution will still work fine because the kernel is one ongoing project, and all Linux operating systems will use the same kernel family. I think some of you might say, Mark, it's not entirely true. I know I'm oversimplifying some stuff here while going along, but I just want you to know that I'm aware of that because, for example, processor architecture needs too much, and there is different kernel family for RM processors and different for X 86. But I don't want this video to be 35 hours long, and this is just rough overview because what we have to concentrate on today are Lx containers. Let's go back to that main topic then. What is that LLC container? What is the template? The LLC container is simply a new user space that you downloaded as a template. That template is mainly just a user space. So file system and some binaries and basically some folders and files. And you can apply that template to your running Proxmox server, and all the hardware components stay exactly the same as Proxmox can see them. We don't change any CPUs or memories or hard drives, as you could see. And in fact, LLC will also use the same kernel. This Proxmox kernel will be shared with this new LLC container. So that LLC template that you download in Proxmox is only a simple file system with some applications that are run by Kernel as kind of a separate entity because Linux kernel has some interesting features like C groups or name spaces, and it can use them to isolate the container from your Proxmox server. And Linux kernel can also control the resources that are assigned to that Lexy container. That's why we could choose how many CPU cores we want to allocate to container or how much disk space we want to allocate to it. But we couldn't change the type of the processor, for example, because there is no virtualization involved. We basically use the same components as Ppmox does. When you configure and start your Alexy container, you don't have to install anything because there is nothing to install. As already mentioned, the hardware stays the same. The hardware drivers are already running in the kernel and what kernel does, it simply just starts some services in that LXC, there is not even a proper boot process involved. Kernel simply starts or stops some services. That's it. The advantage of that that the ELACy containers are very lightweight for the system because it's just another user space that Linux kernel has to control. But this advantage is that all those templates you can apply, they have to be Linux kernel based templates. If we go back, if I go to CD templates and I search for new templates, what you will see here is we run Debian, but we also have Ubuntu, Fedora, line Linux, arch Linux, et cetera There is quite a few of them, but they are all Linux based templates. You'll only find those Linux distributions because the template has too much current available kernel that is already running in Proxmox. This is very different than when you create a virtual machine. Because when Proxmax creates a virtual machine, you have to go through the installation process because Proxmox will virtualize the hardware first. The system will think it has separate CPU, separate disks, separate memory modules, et cetera, and then the system will also create its own kernel and its own user space. So the disadvantage is obvious. There's a lot more resources needed to run the virtual machine, but advantage of that is also obvious because you are not limited to Linux operating systems then. You still can run Linux as a virtual machine, but you can also run Windows, you can run free BSD, Solaris or any operating system you want, really, because you create separate hardware which is virtualized, and the installer will create its own kernel, so that limitation is gone. That's all I wanted to say today. So I just hope it was helpful and thank you for watching. 11. Proxmox helper scripts - single command installer: Did you know that you can install anything you want on your Proxmox server using just one command? Let me show you how it's done. What you need to Google is Proxmox helper scripts. Then we can click that very top link from the Github pages. And then we can either choose one tool from given category, and you will see it's quite a few of them. Let's say media photo, you have all my stuff like Plex Media server or Jolly fin or Sonar. It's just one category, remember, for operating system, you've got the newest Ubuntu available 24 oh four. All of that can be installed using just one command. I think the easiest way is to simply go up and here in this search window, you can just search for whatever you're interested in. Maybe Casa OS, it's very interesting project that can also, as everything else, can be installed on Proxmox using just one command and it's this command here. Let me copy it. We just then go to our ProxmoxT our node. In my case, it's PVE, it's called PVE and I just paste it here. That's it. Let's click Enter. It will ask us if we want to proceed. Yes, of course. And you've got option to use default settings or advanced settings. So I will use default. As we can see, the container was created on the left, container number 100. Now it is being updated, and we just have to wait. It takes a while. It's installing some dependencies, et cetera, even says patients. But anyway, we can see CASA operating system is being installed. That's now done, and you can see CASA OS setup should be reachable by going to following URL. We just copy this URL. We paste it in our browser, and believe me or not, this is our operating system already for us. You can just go, create a username, create a password. I will save it as well, and that's it. That's our Casa OS up and running. It can't really be easier than that. But bear in mind, not all links will complete the installation. Let me show you what I mean. Let's check that it was Ubuntu, the newest Ubuntu. It's not the container I'm interested in. I'm interested in the VM, and this is the newest bundle that actually is available. It was just recently released. You can see we can also copy this command. It will also install everything in one go like using just that one command, but have a look more info at blah, blah, blah. What it is for? Let's have a look. First, I copy this command. I go back to my Proxmx to the node, PVE in my case, to the shell, and I will paste it here. Let me maybe clear it first. So, exactly the same process as we did with Casa OS. Now we'll just press Enter, and I just wait. Ubuntu is being installed. Proceed yes. Again, just default settings, so everything is done for me automatically. After a while, a new VM should be shown here probably with the ID of one oh one. Oh, there it is. Virtual machine ID is one oh one. As you can see, it's being created here on the left. It. But notice that this time it didn't give us the link to the operating system. We can't access it immediately. So it's been installed, but it says, set up Cloud in it before starting. And it gives us actually link to believe it's the same 2072. Let's have a look. Yes, it's exactly the same link as here. So either copy from there or we just click this one. And what it is, it tells us what to do. Setting up Cloud in it. You don't have to know what cloud in it is. It tells you exactly what has to be done. For example, you have to set up the root user. You have to create password for that, change the upgrade packages, et cetera. You simply have to follow these instructions. To complete this process, this ubumtu is already here, it's installed, but it's not fully configured. So bear that in mind. But it's still extremely streamlined operation, everything is done still in one command. You just have to configure some basic things. And the last thing I wanted to show you is if you don't really know sometimes especially more advanced users, they don't want to just run command and they don't even know what's going on in the background. Well, you can see these are links to the Github. So if you go back up the very top, you've got that icon here, view on Github. What you can view there is actually the source code. So if you go to that install folder, you will see all of those shell scripts that run in the background. Like, for example, we installed that Casa OSS, so we can find that shell script. I will be this one. And you can see exactly step by step what is being done here. And this script is very short, actually. But if we go to probably Divan will be home. That's not that long as well. I'm sure there will be much longer ones. Let's have a look at graphema a little bit longer. But my point is, this is simply open source project. You can check every single command and you can check line by line what is being done, what is being installed, et cetera. So it's like full transparency. And you can see also the author, TTechs TT ECK I'm very grateful because that helps me a lot. So yes, that's all I wanted to say. I hope that helps, and thank you for watching. 12. Monitor CPU and disk temps in Proxmox: Look at bad guys. Proxmox temperature monitoring shown here directly in the node summary. No, you will not find it in your Proxmox user interface. That's something that we will install today in this video, I mean, we will run a bar script that will let you monitor temperatures of not only the CPU, but also the SSDs, your hard drives, and it will show you the current fan speed and detailed system information of your server, et cetera. All information will be displayed directly here in your Proxmox node summary tab. So we have all information about our node in a single place in this summary tab, I mean. The script that makes it happen is based on Linux package called LM sensors. Is a very popular tool used to check hardware health like temperatures and fan speeds. But LM sensors natively, is displaying the output in command line interface only, which means if I go to Shell and I run command sensors, I will see current temperatures for my CPU and other stuff as well. But I think you will agree it's much more convenient to have all that information in this node summary tab. How do you install and run that script then? It's super easy. The project can be found on Melox' Github page, and the link is displayed here right now. Scroll down, you will see the instruction, which is pretty good, I would say. They also show you how this view looks like. It obviously might differ depending on the amount of CPU course, how many drives you have, the system information obviously will be different, et cetera. They say exactly here what do script does, what is supported, and some other bits and bobs. Scroll down a little bit further, you will also see this install portion. Basically, all that is required here is to just run those four commands. That's it. I recorded the screen before I had this tool installed, which means you can follow the exact steps and you should see very similar prompts for each step. First command we need to run is that up to get install LM sensors. This is standard Linux package. It has nothing to do with this website even. All I need to do is copy paste that into the shell. I have to go to my node to shell and just paste it here. Then I say, yes. And AM sensors package is installed. Now they say the next step is to run that sensors detect command. But in fact, even if you go now back to your node shell, and if you run command sensors, this command should already work. But this is just a side node. So let's just follow the instructions. We run that sensors detect command next, and now you will have multiple questions. This portion actually can look bit different for you than it is for me because it will be a hardware dependent. Depending on what CPU, you have the how many drives, et cetera, this portion might differ. And you have to also be pretty careful what you are answering here. If they say that something is totally safe or even if they say that something should be safe, I tend to answer yes. And in fact, I type PS here, but just basic Enter should do the job as well. Is in capital letters, it's kind of chosen as a default option. And now we can just press Enter to continue. And it will also ask you if you want to add core temp module. The default is no here. I choose yes, but this is entirely up to you. They also say you might want to run at C it K mode start command to get all those modules loaded. But as I said, this portion is like a hardware specific. You might want to investigate what's the best option for you. These are the options that I chose, but I don't say you should do exactly the same. Let's go to the next line and next line is that WG and Long URL. What this command does, it pulls the shell script, the bash script from that Github user content website. You can see it downloaded that PVE Mode GI sensors dot shell script. And the next command to run is to simply install that script. But before we run that last command there from the website, the install command, you can go back to the PVE to the shell. If you run LSL command, you should see this script right here in this directory. Here it is PVE mode GI sensors. Before you run any script, before you install it, it's really advisable to at least have a look at what's inside if there is nothing dodgy inside that script. You can run CAT and then the name of the script, and that's what it looks it's pretty long. I mean, it's not like one liner or something, but honestly, I can't see anything dodgy here inside. So that means we can now run that last command, which is Bash, PVE, mode, GI sensors Install. But on their website, they say there are other options as well. There is an uninstall option if you want to remove that feature. So if you run Install and you don't like it for some reason, you can always run uninstall and you will revert this setup to the original view with no temperature. There is also that save sensors data option, which will save current readings for each sensor. It will save all your temperatures. But for now, let's just copy this command, which is the install option. Let's just paste it and now some more questions. It asks if you want to display temperatures for all course, which is option C or just an average per CPU. It says I am the only supports average, but I have Intel processor here, so I choose C, which is the default option anyways. As you can see, it's capital letter. Now it asks if I want to display fans reporting a speed of zero or only the active fans, which are actively rotating. The interesting thing is that I don't have any fans in my case, but I have so called fan emulator because I've got a passive case, but CPU requires at least one active fan. My case has fan emulator that simply lies to the CPU, that the fan is rotating, but I do not have any fans. Never mind. Next question, do you wish to display temperatures in Celsius or Fahrenheit? Celsius is default, so I can just press Enter or I can type C and Enter. Now it asks if I want to enable system information. Above, it will differ for you because this is again, hardware specific. It asks me if it's option one, two, or none. Simply it detected my hardware, but it is unsure which hardware it is. The fact is I bought the first option, which is CRKive even if I chosen the second option, it's still fine because the first option is for my full mini PC with the case and the second option is if I wanted to buy just a Burbon not even a Burbon but if I wanted to buy just a motherboard, then the code for that is CRB five. But from the hardware perspective, they have exactly the same specification, simply one is with the case and the other one is just a motherboard. Now it says restarting PV proxy. PV proxy is simply this user interface we are looking at right now, this entire web page. After a while, you should see it being disconnected and connected again. Once that happens, you can simply refresh this page. But the thing is, even if you go to the PVE to the summary right now, you will see no difference. You will see no CPU temperature or any other temperature because the website says, then you have to clear the browser cache to ensure all changes are visualized. I will just copy the IP of my Proxmx and I will go in my case. It's Firefox, as you can see, you have to go to settings to privacy and security, and here is where you clear the data. Clear the cache. Now if I paste the IP address of my Proxmox and its port, now you will see that I can see all the temperatures of all the cores of my CPU. But there is another thing you can do. You can simply go and just open new private window, and this should work even without clearing case because basically the Incognito website doesn't use any cache. So even if you didn't clear the cache and you paste here in the incognito mode, you should also see the temperatures and all other information like CPU fan and drive and system information, et cetera. I'd also notice that your view changed a bit. For example, this is from my other mini PC, where I have the same script running. And here before this is before I run that script because you can see there are no temperatures. But this top left window, you can see it takes half of this screen. But now after installation, you can see it's much wider. It takes entire screen. You can also see this one has just four cores, but it's another passive minipC I have that barely draws any electricity. So it's really useful for like a samba server, et cetera. Alright, but never mind. I hope that helps. I hope you like this tool. I just wanted to mention it's not my tool. As you can see, it belongs to Melox. I don't know about the pronunciation. Hope you will enjoy using it. Thank you. 13. Send notifications to your phone! Get alarms instantly!: Have you ever wondered how to get real time notifications from your home devices? Let me show you something interesting. This is my phone with the telegram application installed and on my desktop, you can see displayed my Proxmox server dashboard. You can see the temperatures are running at around 40 degrees. Let's go to that other tab and let me run at stress test. That's it. I will run it. Let's go back to this tab and you can see already some of the cars exceed 65 degrees. That's the threshold I configured to get the real time notification to my telegram application, it should arrive within 1 minute from that threshold being exceeded. Here it is. It's actually on my phone and on my desktop application because you can see it here like another tab and it also shows CPU temp is now 74 degrees on my phone, I can also see exactly the same information. My telegram displays a warning for CPU threshold exceeded. But if you follow this guide, you will be able to monitor anything you want on your Proxmox, on your Linux, or any other device that is able to run simple Bash scripts. And you can forward these notifications not only to telegram but to slag, to Whatsapp, Messenger, and other communicators. This solution is not limited to telegram, and I will just use telegram as an example for this guide. Let's get started, shall we? Let's start with the telegram itself. Telegram is an application. You can download to your phone. It binds to your telephone number, and then once you have it on your phone, you can also authenticate it on other devices like this laptop or your PC or anywhere you like. But you will have no bots. What do you start with when you have telegram installed, you have to find this bot fader first. We will simply search for at bot fader. You have to choose the one that has millions of monthly users. Don't use any of those. You need this one. And you just say start. That's your first conversation with the bot father. And what you have to do now, you have to create a new boat. We have to simply create a channel we can connect to so our Proxmox or any other device can send the notifications too. So I say new boat and bot father says, All right, how are we going to call it? I will call it just Proxmox. And now it asks for username for that bot, but user name has to be unique and it has to end with underscore bot or simply bot. Because it has to be unique, I will put something like Marek Proxmox notification bot. Let's see. That's all we need here. The most important part is this API access token. We have to copy it and paste it somewhere else. I will keep it here. This is my HDDP API key for telegram. Now you can start that bot by simply clicking this first link. The bot father says, Congratulations. You will find this bot by clicking this link. I click on that and that's my bot Proxmox boat. Let's start it. That's our bot started, but we need one more thing. We have to figure out what is the chat ID. Because this chat, whatever we put here, it will have some ID and we have to figure out what is that ID. To get the chat ID, you have to first send a message to this bot. It can be anything. Hello, whatever. Doesn't really matter. But what you have to do next is you have to go to this URL, HTTPS api telegram.org, and you have to run simply this, but you have to copy your HTTP API key. I will copy it here where it says API token. That's basically my API token. And at the end, you should have get updates. Let's copy that. Open another tab, and I will paste it here, paste and go. Now we should get a response, and sometimes we will only receive an empty response. That usually means you have to wait a little bit longer or you can simply try send another message. Sometimes it triggers, sometimes it does not. And we can try again. This works, actually. I will change it to pretty print. What we are interested in is this ID, finishing with 503. This is our chat ID. You can see from and two is actually the same ID because what I did, I pasted it here within the chat itself. This is the identifier for that message. I said, Hi bot, and it was sent to my board but from this bot itself. Hope that makes sense. Let me copy it. And I will save this information now. Chat ID is this, and now we have everything we need from telegram. We can now switch to Proxmox and we can start building our BS script. And to build our BScript, I will need a tool called LAM sensors. I have to install it first on my Proxmox. I will say app get install M sensors. And once that's completed, you have to run sensors detect. What I do next is just press Enter Enter, Enter choosing default options. Whatever you see in capital letters is a default option, and I'm fine with. It needs to scan some devices, et cetera. Not that bothered, just press Enter, Enter. Once that's done, I just run command sensors and this command displays temperatures and some other information for all of my components. I can see my NVME SSD drive temperature. I can see temperature of every core on my processor and that processor temperature is actually what I want to use for my bar script. In fact, if I go here to my node to summary, you might wonder, Hey, Mark, how did you get that temperatures here? I don't have anything like that. We discussed that in one of the previous videos. This is a script from miliox. It still runs fine for Proxmox nine because the video was for Proxmox eight, but it still works fine. You can follow that video to have them displayed like that. But I don't want to have them only displayed here, those temperatures. I want to have them sent to my telegram. Let me go back then to the shell. Now if I run that sensors command, we know the output looks like that, but it's not exactly what I want. I only want this digit like 43, 42, I only want to know what is the current temperature without any other redundant information. The first thing I can do is run sensors and maybe let's grab for core. This will only display this portion that starts with core. Now let's go further. Maybe I want to I can use cut command or I can use oak command, for example, and I can only print which column it is third, I think. That should only print third column. And yes, it does. It's still not exactly what I want because I don't want this plus and I don't want anything that goes after the dot. We can improve that command further. I can use SD for it. We can substitute. I, I will not discuss the Linux commands. It's completely separate topic, but what I need is this. Basically, this set command should get rid of the pluses and should get rid of anything that goes after the dot including the dot, and it does. But I don't want to have them all, all those temperatures. Let's focus on the maximum temperature for a single core. We can display only the maximum temperature by adding. This is the pipe we can now sort by the temperature and let me show you what it looks like. The highest temperature will be at the top and the lowest at the bottom, and we are only interested in the top value. I can add another pipe and I say head and one. This will only display this first digit. I know this command looks a bit weird, but it does exactly what I want. By the way, I will include all the commands that you need and you will find them in my Github repo. Simply go to that link that is displayed now and you will find them all, including the script, the full script that we will have later on. All information will be included in that Gitlab repo. But that's it. That's what I need. Let me maybe copy that. I know exactly what it does. I will make a note, maybe it will make it wider, so it looks better. This is the command I will use in my script to get the maximum temperature for my processor, the hottest core, I mean. It's 14 of them. I will only record the hottest one. Okay. Now let's test the connectivity from the Proxmox to the telegram chat. Let's see if I can communicate with this bot. I'll go back to the Proxmox again. Let's maybe go to maybe Temp folder. There's nothing interesting here right now, so let's create a script called telegram dot shell. I say nano telegram dot shell. Let me paste something and I will explain what it does. This is the shell script I need and first the telegram endpoint. If you wonder, where do I get that information from what to put here, API telegram send message? You can navigate to this link. Core telegram org bot APIs, authorizing your bot, and all the information is here, how you can interact with your bot from bar script or from other sources. And this is basically the URL I use. I have to put my token and method name. You can read about method names as well. But basically, for me, the method name is called send message because that's what I want to do. I want to send the message. I just have to place here my API key and my chat ID, and I saved it already. They are here. My API key is this long string that we got at the very beginning from our bot father. Let me just copy paste it. Note that you have to leave that boat. Yes, you leave the boat and then you paste your API key after bot. This URL has to start with bot and then your API key. Then we also need the chat ID, which we also have already and they have it saved. It's here. Let me copy paste it. And what I do, the set X will simply display more information. Once this shell script is running, I will see more information if I leave this on. Now I create a notified Teams function which will run a curl command. It will post to my telegram endpoint. Telegram endpoint is a variable that we saved here. It's that long string with our API key included. Then if you check further, you can see the chat ID, it uses the variable called chat ID, which we have here as our text, we will send simply, this is a test message. That's all. This is our function and below, I simply use this function. This is all we need for now for testing purposes. I press now Control O, Enter and control X. That will save my telegram dot shell script. If I LSL telegram dot shell, I can see indeed my script, but my script has to have so called execute permission. I have to add one thing. I have to say change mode plus X telegram dot shell. If I run the previous command again, you can see the difference. The X is added to every permission. I will also not discuss the permissions, but believe me, that's something you have to do so this script can run successfully. And now I just say dot forward slash telegram dot shell. I press Enter. Probably you could hear I received the message. If we go back to the telegram bot, not this, sorry, let me close this. This one, I indeed received this is a test message. I received that message, which means Proxmox is now able to communicate with the telegram bot. That's cool. We are nearly there. Let's now change this telegram script. Again, I say nano telegram dot shell. Let's amend our script then. I will first add another variable. I will call it CPU temp. And CPO temp, that will be the output of our long command. Do you remember this was our long command. I can copy it. Every time I run this command, I will see what's the temperature of the hottest core. So I need that command. And to tell Bar Script that I only need output of that command, I say dollar and then parenthesis, and I paste it inside that dollar parenthesis. I paste it here. That's exactly what I need. Maybe let's test it first before we do any further changes and I amend it here. I will now say, I will remove this test message. I will now say CPU Temp is single quote inside quote here I say dollar sign, CPU Temp. As I said, all those commands will be available, so don't worry about it. I say Control O, enter Control X. I can run CAT telegram dot shell. Maybe let's clear first. I say CAT and let's see if that p script works as expected. I run it again by simply running dot forwards telegram dot shell. Press enter Got the notification. I can already see that it should be sent us CPU temp is 42 degrees. Let's have a then. And yes, indeed, I get this information. CPU temp is 42. Well, let's change it a little bit before we go any further. I will say degrees Cis, right? Control O, enter Control X. Let's run it again. Let's go back. Now it looks better. CPO temp is 44 degrees Celsius. That's cool. But I want it to display the warning only when my temperature exceeds a certain threshold. I go back. I can see my course run at around 40 degrees, something like that, and let's say I'm not bothered until they reach 65 degrees because 65 degrees is something unusual and they want to be notified when they reach that threshold. Let's make the last amendment to our script, then. Let me clear maybe. I say nanotlegram shell, and now I'm no longer interested in that set X, maybe because I know it works as expected, but instead of using the function, I will remove it, and I only say I square brackets, if the CPU temp which is simply this thing, this variable, the output of this command, say, if this CPU temperature is greater than 65 semiclum plus Enter, then run this curl command, and they say P. That means finished. I don't need that function, and there is no function notified teams anymore anyways. It's just these three lines or four lines, I would say. They should do the job. If the CPU temperature is greater than 65 degrees, then send notification, and maybe let's change this notification again. And I will say warning. The CPU temp is whatever it is. Let's run Control O, enter Control X. And now I don't want to run this shell script manually because it doesn't make sense. I want this script to be run every single minute. Every minute it will run for me, and if at any time the temperature exceeds 65 degrees, the notification will be sent automatically to telegram. And we can do it various ways, but I will use a Crone tab for it. Can run Crone Jobs on your Proxmox and I will configure one. I say run tab. I can do L to list Cron jobs. I can see there are none because everything is commented out here. So I say Cron tab, edit. It's E. I will edit the Cron tab. I will add a Cron job at the very end, and you can read how it works or you can simply Google, let's say how to run Chrome every minute. How Cron guru, it says to use just those five asterisk. That's cool. That's past it here. And now I say what I want to run the command. All right. And my command is I want to run temp telegram dot shell. This is the location of my telegram shell script. And now I say Control O, Enter Control X. It says Cron tap installing new Cron tab. If I run Cron tap L, I can see it at the vain. And to test if it runs or not, I have to make the temperature of the CPU to be higher than 65 degrees. And how can I do that? I can run that stress test. And if I check the history grab CPU, I use that stressNG. You can install it if you want with install. Stress, G, but because I already have it installed, I can just run the command. So let's run it. And let's wait. The cores are already at 70 degrees, so the threshold has been exceeded and now we just have to wait for the Cron Pub to run. Let's go to Proxmox and let's wait. I mean Proxmox Proxmox both. Here it is warning. The CPU temp is 70 degrees, which means the Cron PAP and the shell script work as expected. Yes, that's all I wanted to show you today. I hope that was helpful and thank you for watching, Mark. 14. Self-host n8n AI automation software on Proxmox: I think you might have heard of NA ten platform already. It's a great workflow automation software that lets you easily create AI agents and automation workflows, and you don't need any special programming skills to get started. This solution is called no code or low code solution, so basically anyone can start playing with it without any previous experience. You can automate almost any task you can imagine using using that NA ten platform. But in this video, we will just focus on the installation part. NA ten can be run either free of charge or as a paid service. In this video, you will learn three different ways to run NA ten on your local machine so you can use it free of charge. But first, I want to just make you aware of that paid option. If you go to that pricing tab, and those paid options are shown here, and those are the prices of using NA ten in their cloud. With the Cloud version, you don't have to worry about installation, servers or configuration. Thing is there ready for you to use. The downside is that it costs money each month you want to use this platform. But the great thing about NATN is that it's open source product, which means you can pull entire code and install it on your machine instead of using their paid Cloud solution. You can see that Github icon in the top right corner. If you click on it, you can basically see entire code that is used to run NTM software. And because it's an open source, there are many ways you can install it yourself. Running it on your server is called self hosting, and that means you can use NA ten free of charge. Okay, let's do that. Let's get started. We will go through three different methods to get it installed, and you only need to pick one of them. First two methods are Docker container based, and they are very similar to. First method is where we run a simple Docker Run command and the second way, we will build a Docker Compose Yamal file and we will run it using Docker Compose app command. The third method, we will install it on Proxmox server with just one command using so called community script or helperscript, it's also called. You can use official documentation from NATen. You can find a lot of information about installation and configuration here on the docnten dot IO. Here is the Docker, for example, and we will use some of the commands from here to have it up and running. All right, first method using Docker Run, this one. This is my Ubuntu system, so it's a Linux based. Let me make it bigger. And you can run Docker containers on any operating system really. Here on Linux, you only need to install Docker, for example. But if you want to run them on Windows or Mac, they also let you run Docker containers, but you need to install additional software like Docker Desktop. So you can simply Google how to install Docker Desktop or Mac or how to install desktop on Windows, because it's not covered here, but just wanted to let you know that you can run Docker containers on Windows on Or MAC as well. Here on my Ubuntu, I don't need Docker Desktop. Linux can run Docker containers natively. I just need to install Docker. But before I do, I run that command. It's a pudo UG update and pudo UGT upgrade. And then I add Y. It's to simply answer yes to any questions that might come up during this process. So I press Enter, I need pudo password. And that command is not Docker related, but you should always run it to have your system up to date before you do anything. But if I want to run Docker, I say Docker. You can see Command Docker is not found, but it can be installed with any of those, and I'm not really a fan of Snap, so I will just use this command. So do up to install docker dot IO. Just copy paste it. And that's it. Well, I didn't put Y, so I have to answer yes. I might take a while depends on your Internet speed. But now we should have Docker up and running. If I run system CTL status Docker, I can see that it's indeed up and running for 12 seconds. Now, next command is optional, but if I don't run it, I would have to run Docker with sudo always sudo docker, blah, blah, blah. I don't want to do that, so I can run this command instead. I run sudo user mode, AG it's lowercase A and G then Docker. And dollar sign user. That means current user, whoever I am will be added to Docker group. I press Enter, and then to make it live, I run a new GRP Docker. It refreshes this group like you can also log off and log on, but this is easier option. Just run that new GRP Docker. Now if I run Docker command, you can see it gives me all options. I can run Docker Tag, Docker Stop, docker RM, et cetera. Maybe let me clear that to test Docker, there is a really nice command. It's Docker run Hello world. If I run that command and I get the output, that means everything works correctly. Docker can pull the images and all process works as expected. Let's press Enter. It says unable to find image locally. That's true because I never run this command before, but it was able to pull this image. We can see it here, pull complete, and it says, Hello from Docker. That means I can be sure that Docker works as expected. This is a really good test. That's basically it. We can now go to NAN and follow. There are actually just two commands we have to run. They say, we have to create a volume first, that Nate N data because we will use that Docker managed volume. So that's fine. I will copy that. Maybe let me clear first. I will paste it. And the volume should be created. I can confirm running Docker volume LS command. And indeed, I can see that local volume called NAN data has been created. Next, we just run this long command, Docker run ITRM name. Basically what it is. You run it interactively. This is about how to stop the Docker. This is the name of the container port it's running on, and the volume we're using is that Naten data volume that we have just created. If we go further, this is the image it will pull from doer dot nn dot IO website. All right. Let's just copy. Copy Paste. Again, unable to find locally, of course, because I've never run this command. This is fresh operating system. Nothing is installed here, and again, it might take a while. The process is now completed. You can see you can press O to open in browser or you can simply copy this link. Local host on port 5678. I just copy it. I will paste it in my browser and go. And that's it. That's my NA ten. That's the process. Well, nearly completed. We just have to set up the account. I mean, that's not the part of the installation, but maybe let's do that because I created like a test email. You can see NA ten test email at protonmil.com, basically just for that. So we can use it here. Mark put your name or whatever. You create password, and you just click Next. I will say it what describes my company, a business owner, myself. Doesn't really matter, get started. And now you have that little button. Send me a free license key. I mean, you can skip that, but you will have some extra options added if you put that license key. So let's do that. I will click that. Your license key is on the way. So I go back to my inbox and it should be sharply, hopefully here. All right, that my free NATM license key. So I can activate it. You can do it like that, or you can simply copy this key. Go to your NATM, go to that usage and plan, and you can paste it here, Enter activation key. Activate license activated. You registered community addition has been successfully activated. And you can see it here. We are on community addition and you are registered. Well, that's what I like extra information, but not part of the installation, yes. If we go back to terminal, you can see a new message, license successfully activated. And if I control C here, it's a stopping NA ten, and now my website basically doesn't work anymore, because I stopped the service. And running it like that, I don't really like it the Docker Run command. This is not doesn't feel right for me. I like to run Docker images at least in Docker Compose file. So let's create it will be the second version, okay? Second way of running NA ten. We will create a Docker compose file. So I'm currently in my home directory, home I can use any text editor I want. You can use even notepad on Windows or text edit on Mac. Here on Linux, I've got, for example, Nano and I create file called Docker Compose dot yaml. 1 second. Let me just clear that. Nano Docker Compose Yamal. I can use that information from their website. I can use basically it. I can use this command and convert it to Yamel. We have some ports, we've got the volume, we've got the Docker image. But to save some time, let me just show you something. I will remove it. And this is it. This is what it looks like the Docker Compose yam. I don't want to bore you with the details how to translate that Docker Run to compose. But basically, that's it. That's my Docker compose file. I press Control O, enter Control X, at least on the MC to save this file. If I run cat Docker Compose, you can see that's what it looks like. Now, the only important thing, I have to be in the same folder where this Docker compose file is located. So if I run LSL, I can see I am here in my home directory. This is my home directory, and this is where I have my Docker compose file. There is one more thing. If I run that cut command again, the volume, I wanted to match it to what we already had previously. We run that Docker Run command, yes? And we created already this volume. It's called NA ten data. I mean, I can run this command again, it doesn't harm. So basically, I can run it now, you should run it before you run Docker Compose already because these volumes NA ten data, this external, kind of expects this volume to be already created. So you need to run this command if you haven't already and make sure running Docker volume LS that indeed this volume is already here. And that's cool. However, if I run Docker Compose, it says it's not found because Docker compose, it's a separate component. It's not part of Docker. It's separate component, but we know it can be installed with psudo up to install Docker Compose. Let's copy that. I will paste it. Again, sudo pass. Yes. And now Docker Compose has been installed, which means now, let me maybe clear that again. I can simply run Docker Compose up the IpressEner and it created some network. It created the NA ten container. And if I run Docker PS, I can see that it indeed has been created. It's running for 12 seconds again, and I can connect to it on this first port, which is 5678. I mean, let me just cut it first. Basically, whatever you have here, I mean, you can't change this port. This is simply what application runs on. But if you want, you can change this port on the left side. So whatever I have here, I simply connect to it on the local host. So I go back again, HTTP, Local host 5678. If decenter, you can see that it takes me straight to this landing page. It doesn't take me to this account creation. Why does it do that? Because I matched this volume. This volume was already created. That means it doesn't matter if I run Docker Run or if I run Docker Compose up D, we write simply to the same volume to the same storage. Whatever I saved when I run Docker Run, I can also read from that location when I run Docker Compose a D because I use the same volume. I hope that makes sense. And if I want to stop it, I can say, Docker compose. Stop. If you run Docker PSA, it will show us this container, but its status is exited, and then I can also remove it by running, let me clear Docker compose down. The good thing, though, is it will not remove this volume. As you can see, this storage is still there, and all my configuration, if I refresh here, well, we stopped the process, yes, but I can simply run, again, the Docker Compose up DRD, and if I go again to the local host, it will get me straight back to where I was before. That's why I like it. All right, but let's just stop it. Docker Compose down. Whoops. Down. It's now stopped. And let's go to the third option, how to install it the NA ten platform as an LEC container on Proxmox. So this is my Proxmox and the fact is that the Ubuntu we worked on is also running on that Proxmox. It was this Ubuntu server with idea of two oh six, where we were running that Docker commands. But now I want to run it as standalone instance here on the Proxmox server. So what I can do, I can simply Google Proxmox helper scripts, and just click on the very top link, and we can see that view script button. And here, I can just search for NTN. And you can see it in Internet of Things and Smart Home section. So let's click on that. That's the NATM and all you have to do is to copy this link. You get this little message. Be careful when copying scripts from the Internet. Always remember to check the source. That's a good advice, and you can check the source by clicking this button, star on Github. It will open new tab and you will actually see what is the code and what it does. But I have already checked that, so I can just copy this, and then I go to my Px Mx, to PVE or whatever your node is called, to the shell, and I simply paste this command here. And when you presenter, it will take you through that interactive process. The simplest possible way is to just use that default settings. It's really nothing to show here. If I press Enter, it will just go through this process. But we will go through it again. I don't like some of the options that are chosen here, so I will show you how it's fully automated. I mean, it's running right now, but then I will show you how to change some of the options during the installation if you. Like, for example, here, disk size 6 gigabytes or RM size 2,048 megabytes. It's maybe okay if you just start with NA ten. But if you want to store some additional files or maybe, let's say, run some additional databases that you want to connect to this NA ten service, and you want to run it on the same Alexy container, then maybe you want to change those values, and I will do it later on. Right now, I will just wait until this setup finishes, and I will show you how to change those values if that's what you want to do. And if you wonder what are those little dots here, they are so called tags, and that's also not what I want to have. For example, this yellow this blue is automation, this green is community script tag. This is not important. It's just if you're curious. Let's wait for this process to complete. And now this fully automated process is completed. We can see the URL, it's different IP address. It doesn't show us local host because it's a standalone Linux container, like container. We can copy that. We paste it in our browser, and we should still be able to access NA ten. But as you can see, now, it takes you to that account creation page because simply that LCC has its own storage. It's a different storage than we used before. That's why you would have to go through the process from the beginning. You can see the resources here, memory, swap course and root disc is different. But I want to show, let me just remove it. Let's just shut down this container first and here in more, drop down when you remove because I don't need this container. I will remove everything. And let's go back to that shell. Do I have it still in the clipboard? That's paste? No, no. Is the IP address. So let's copy this long comment again from the helper scripts. Go back. I will paste it again, run it. But this time, I will choose advanced settings. Number three, option number three, I press Enter. And now it tells me that to make a selection, Spacebar, okay? That's fine. Press Enter. Unprivileged container. That's what I want. Yes. Root password. Yes, I need that to be able to access this container, verify. Basically type it again. Container ID. I want maybe 215, let's say, host name NA ten. That's fine. Disk size, not six, but maybe 100 may be overkill, but yeah, that's okay. CPU course two courses is enough, yes, I would say. Ram little bit more, 4,096. Okay. Network breach, default, VMBR zero. That's fine. And the static IP, I want to use my own 192.168.1.215. Let's enter. Sorry. You have to type 192 dot one, 68 dot one, 215, forward slash 24. You have to provide subdt mask as well. It's fine. Gateway IP is the IP address of my router 192.168.1.1. I mean, these are my changes. You could leave it as DHTP and it will work fine. It will generate DIP for you. Like router will assign IP to this container, but I want to have it manually created. That's why I typed IP address and then default gateway as well. App cacher leave blank, disable IPV six. Yes, MTU default 1,500 is fine. Search domain blank and DNS server IP. I will use 1111 because I use manual configuration, I don't rely on the DHCP. So that's why I typed this. Macaddress leave blank, and blank, custom tags, these are these tags. You remember those two dots that were here, blue and green. I don't need those tags. I will remove them. You can use tab to move between those fields, okay? Now press Enter. SSH key for root, I could paste it here, but I already have password. It's good enough. Enable root SSH access? Yes. Enable fuse support? Yes, because I might want to use Arklon for that as well to synchronize some data. So I say yes. And enable verbose mode, I say, yes, this is for the installation process. It will show me more information. What is going on in the background. I press, ready to create? Yes. And the conflict file, no, I'm not interested. And now the installation process starts again, but you can see those options here are now different. The container ID is 215, my IP address, these last digits, they match the container ID because that's what I actually not for containers only, but for all of those virtual machines and containers, if I see this virtual machine has container ID of two oh six, I know the IP address for that is 192.168.1.206. This is my way of doing things. I don't say it's better or worse. It's whatever you choose. But now I have disk size of 100 gig and I have four gig of RAM. And this is that verbos information I was talking about. You get more info what is currently being pulled during this installation process. But we just have to wait again anyways, so maybe simply maybe it makes it less boring. And it's now also completed, but we can see the IP is the one that I specified and if I just copy that, if I go to the URL, we are indeed again on the account creation website. But if I go to the specs of this NATNExy container, we can see I have now four gig of memory, I've got 100 gigs of storage, et cetera, which means if I want to manually overwrite some settings, I can simply run that option number three at the very beginning. I hope that all makes sense and you find it useful. Thank you for watching and see you soon, Mark. 15. Run Windows in docker container :): I recently came across a very interesting project on Github that allows you to install and run Windows in a Docker container. In fact, you can run this way any Windows you like from Windows six P upwards, and it's fully automated process that also handles the entire Windows installation process for you. If you like me, use Linux or Macos for your day to day tasks, you know that the r is that one or two apps that run only on Windows. You have to have that copy of Windows somewhere if you like it or not. Running windows in a Docker container is so convenient and the fact that it's so easy and it's fully automated makes it a perfect use case for me. Let's see how it's done. Will use Ubuntu 22 oh four that I have installed on my proximo server, but you can use obviously any system where you can install Docker on. Let's just console into my VM. This is the Ubuntu and we need a browser and we need to search for Docker Windows, but it's DOC KR. We are interested in that first link at the very top. That's the project. We can scroll down and there is a read me file, which explains what to do. The most common would be either Docker Compose file or Docker CLI, but you can also use Gubernatis and if we scroll further, you can see there is multiple Windows versions available. Obviously, you can scroll further, but we will do it later on. Let's go back to the Docker file to the Docker Compose example, I mean, and maybe we can use that because it's the cleanest, I would say. So to run Docker Compose, I need two components. I need the Docker itself and the Docker Compose. Let's install it then. Let's open terminal, and then you run sudo update. Let's clear that. And now we need sudo apt install Docker dot IO and Docker Compose. Well, the thing is, I have it already installed, so it didn't do anything. But if you haven't got those components installed yet, that's the command you have to run anyways. So I'm in my sorry, P PWD, I meant. I'm in my home directory, home Marek. There are some files and folders, but let's maybe create new one. I will create I don't know, Docker Comp directory. We will keep our Docker compose files there. I will CD to the folder. And let's go back to the instructions. This is what we need for our composed file. This will install Windows 11, but let's see what Windows versions we have available. So win 11 argument, we'll install Windows 11 Pro. Win ten is for Windows ten. We've got Windows seven. We also have Windows XP and we also have some Windows server versions. Let's start maybe with Windows XP because the installer is just 600 megabytes. So let's maybe start with this one. How can we do that? We can copy our Docker compose file. Let's just copy everything. Let's go back to terminal and I will VIM let's call it Windows XP dot amo. Now we'll just paste everything. And what we have to change is the environment, which is Windows XP. And that's in theory, all I need. But if we go to those instructions to that read me file and scroll further down, we can see that we can select different languages. For example, English is the default language that will be downloaded, and it's fine, but you can choose different one. But what I want to change is the keyboard layout because the default is the EN US, which means English but US keyboard. I've got UK keyboard, though, so let me copy those two, and this is what we have to add to environment. Let's go back then environment. Let's just paste it here and I need UK. Something like that. Let's see what else is there. What other options we have. We've got storage location. By default, it's var win. Let's be more specific, maybe. Maybe let's copy all of that. If I go back, we will paste it here. And I want to be more specific here. I don't want just win. I will call it Win XP. So I know this folder will consist only stuff that is related to this instance for Windows XP. And this is optional. And basically, let's just leave it as it is. Let's see how it works. I will save this file, so escape column WQ. We can cut it again just to have a look. That's our file. And we will be able to watch all the operation like ISO download and installation progress using this port. This is VNC port 8006, and we'll be able to watch all that process by connecting to this port. So now the command I need is Sudo Docker compose, then f, then the name of my file, which is Windowsxpt and the word up. Now I click Enter and we can go here to Local Host port 8006, and we can see entire process. The Window six speed is being downloaded. And you can watch the Windows installation process, which has been automated. That means we don't have to do anything. We can just watch. All the formatting, all the other tasks are being done automatically. After a short while, the Windows XP is fully installed, and I didn't have to type a thing. We went through fully automated installation process. You will see that default user was chosen for us and it's called Docker, and we will have a look at that. It's another environment variable. We can change. But basically, we have Windows XP fully up and running. You can now personalize it, you can do whatever you want. After 30 seconds or a minute, you will see this Windows XP, this is a confirmation. It's not some dodgy Windows XP image. This is genuine Microsoft ISO, which you can verify with MD five hash or anyway you want, but you will have to activate it. Means, yes, you still need a Windows key, et cetera to activate the windows. But that's fine. Never mind. I wanted to show you something else. I can, of course, now shut the instance down, turn off computer. But what I can do, if we go to terminal, you can see that Windows is still running. Is basically this container with Windows XP inside. What I can do, I can control C, or press now Control C. You can see gracefully stopping. This is very important because that means it's not like abrupt operation which will break your windows. This is done really nice way. It will simply turn off your computer for you. So you can Control C here, and your Windows XP or any other windows will be gracefully stopped. Let's now get rid of this instance, maybe, and let's install something newer. First, let's go to that var folder, and this is the folder we named Windows XP. We renamed the win to Win xP in our Docker compose file. Let's get rid of that as well. Let's go back to the previous folder. We still have this Docker compose file. Let's rename it. We should now have Windows 11. Let's amend it then. First thing I want to change is from Windows six P, the version argument should be win 11. Because if we go back to those instructions in read me file, we will see that this is the value I have to have there to install Windows 11 Pro environment version win 11. What about the default user Docker? I don't want to be called Docker. I want to be called Mark. Let's see how we can change it. We scrolled through quite a few interesting options. So user name and password can be specified using these arguments again. So let's copy them. I will choose Marek. And for password, we'll be pass one, two, three, four super secure password and exclamation mark. But what else have we got here? Have a look, Ram size and CPU course. By default, this container will have two CPUs and four gig of RAM. I can amend that. I can amend using Ram size and CPU course arguments. So let's do that. I will add that to my Docker compose file. Ram size eight gig, that's fine. CPU course four. That's still twice as much as we had with the default values. And for Windows 11, yes, I would say that should be minimum recommended. Let's have a look if there is anything else that is interesting here. Oh, disk size. Default size is 64 gig. We can change it using the disc size value. Let's add that as well. But maybe not 25, six, maybe 100. 100 gig or volume, we will again, call it not exped this time, I will be win 11. This will be the volume on our Ubuntu server in VR folder. Another folder called win 11 will be created, and it will be bound to the storage on the container itself. If you wonder, what is this the KVM? The KVM Virtual machine is a technology that works in the background and it lets all of that happen. I mean, the KVM Virtual machine is passed through to this Docker container, and that is really how these windows is able to run on the Linux instance at all because you can't just install windows on top of Linux. Need some type of virtual machine, and KVM is a native built in Linux solution to do just that. So it's basically a Linux container that runs Windows Virtual machine inside it. This is the entire secret to how it works in the first place. The last thing I wanted to talk about are these ports. We know port 8006 already. This is port for VNC, and this is how we can kind of have a peek at the ISO download and installation process because we can run it in the browser. But there are two more ports that are passed through to our container. And in fact, 3389 is a port for RDP connection. That means we can actually RDP to our instance, which is much better because this VNC port, you can see the graphic is very poor because this is just like a browser like connection, and the graphic isn't that great. And even if we checked that Window six P, it was like blurry and not really clear phoned. But we can RDP to our instances, which will improve the quality, and we will feel more like as if we were natively sitting in front of that desktop. Okay, so let's try all of that. First, let's save the file, escape, call on WQ. Now what we need is sudo docker compose F. But this time, it's Windows 11 dot Yao. And the word up. Enter, and let's have a look what's going on. We'll go through the ASO download process. And installation process. We can just go for a coffee. It took a while, but we have welcome screen now, but what changed now, we had a user Mark. So this one took definitely longer for Windows XP. But first thing, let's try to RDP to this instance because you can see this is poor quality. The phones are blurry and VNC is not really what we need. So this is the RDP client from my MacOS. I can add PC here, and the IP address is 192-168-1204. I remember that because the IP address, the last digit is the same always as my host as my UbuTHst, which is two oh four as well. User count ask when required, that's fine. Let's just add it, and let's connect. Now I can use user name and password that I passed through in my Docker compose file, which was Marek and pass 1234 exclamation mark. Super secure, continue. Wow, that's big. But now you can clearly see the difference in the quality. Now I'm RDPD to my instance, which means if I go here, the VNC is now logged off because I can have only one session, and my current session is this one. It's RDP from my MAC. So let me disconnect. And let's just close it. We can see RDP works as expected. I can get back to my VNC session if I need. All right, so we know that I can simply control C here to shut down that windows. I can obviously also click here, sorry, and just shut it down here. I shut down here, we will see in the terminal that this windows instance has been shut down. And there it is shut down, completed. But how do I start it up again? That's very easy. We can use commander Compose F, then our Docker compose file name. And this time, not up but start. So just start. Oops, sorry. Not that sudo. You have to be a root user to run that command. Sorry, Sudo, Docker Compose F. Let's run it again. Let's sort. Now it should work. Starting Windows done. That means I can connect to it again. Great. Let's go back here. What I can do now, I can also do Looker compose, stop. This will also stop windows. You can see there are many ways you can start and stop your Windows instance or container, I should say. Let's go to the var folder again. So this is the win 11 folder that has been created for us. Let's go there and see what's inside. You can see we have the image and we have all the files that are needed to run this container. And if you check the size of it, we can see that image location is 100 gig. By default, it was 64 gig for Window six P. We haven't checked that, I know, but by default, 64 gig is allocated for any instance, but we changed it in our Docker compose file to make it slightly bigger. Everything works as expected, then. So you can see how easy it is to change just one or two things now in our Docker file. And run completely different version of Windows. Or you can create multiple Docker compose files and run multiple versions at the same time if you want. It's neat, quick and easy solution, so I can definitely recommend it. No, this is not sponsored in any way. This is just my personal opinion. I also like the fact that it runs within KVM because I know that the underlying technologies like security enhanced Linux and secure virtualization will keep that instance secure and completely isolated from anything else that I run on my Ubuntu server. L's, check this out. Using this method, I don't have to think about KVM at all. It's barely visible here. If you ever configured something in KVM, you know it's not that straightforward to prepare KVM for Windows installation, and there is a few bits and bobs that you have to configure first. Here, all the process is automated from start to the end. So I hope you like it too, and thank you for watching. 16. Bind mount NAS (CIFS/SMB/NFS) shares to Unprivileged LXC Proxmox container: This is pretty common problem you might encounter if you run a Proxmox server. You installed Open Media volt, TrunAS Android or maybe other network attached storage solution as a virtual machine on your Proxmox. Then you created shared folder, you enabled Samba or NFS, and you can keep and access all your files over your home network. In my case, as you can see, I run Open Media volt and I can log onto that. This is its IP address. I usually match the end two oh two to the container ID, as you can see, it's easier to remember. And the shared folder, I created mini PC, not the capital M, capital P and C. I also enabled Samba protocol, which you can see here. By the way, that guest Aloud setting allows you to access that shared folder as either a user or a guest as well. Because I've got a user created. It's called SMB user, but you will be able to access these files, sorry, this shared folder, I mean, minipC as user or as guest. With that, I can access it from any location in my home network. So then I felt, Hey, I can also keep all my pictures, movies, TV shows, music, et cetera. I can keep everything in that shared folder, then install Plex or Jifin on the Px Mox as my media server, so I can watch all of that on my TV or on my phone or any other device in my home network. So that's exactly what I did. I installed in my case, it's Jifin and it's running as unprivileged container. By the way, that is the way you should have it installed. And only then you installed it all and you realize when you try to add media library, you then realize this media server has no idea where to find your network folder. It doesn't matter what you put here. Believe me, I tried. It will not work for unprivileged containers. This is simply the limitation. You can't choose anything here either, because these are local folders, local on the container on the Jifin container in my case, or it might be plex container in your case, but they are not here. My movies and shows are on open media vault shared folder. So the solution to that isn't that complicated. With just few commands, we can make it work. And to fix it, we have to go back to Proxm to the node itself, in my case, it's called PVE, and then we have to use that shell utility. Px Mx will act as a man in the middle for us. We will have to mount here our network location first. In our case, it's open media volt, the mini PC folder on open media volt, and then we will pass it to our giffin container. So first, we have to create some local folder so we can use it as a mount point. I will maybe go to CD MT. That's usually a good start. I can see it's empty. I will create a new folder called I don't know, mini PC, but all lower case maybe. Just to distinguish. This was the capital M and Capital PC on the open media volt and it will be all lowercase here locally on Proxmox. Then I have to install common Internet file system utility, and I can do that by running up get install CIFS UTS. Next, it's time to mount our network location to our local location on Proxmox. So I can use command Mount T, then that CIFS tool, then lowercase O. Then we have to specify the user on the NAS location on the network attached storage. So remember, For me, it's SMB user, but also remember that I can access it as a guest as well. So if I go back, I can use user equals SMB user. But what I could also do is just log on as a guest. So that would work as well. But I will change it back to SMB user. Now, the remote location, which is forward slash forward slash IP address of my open Media vault and then the shared folder on open Media volt, it was capital letter. This is my shared folder. This is what I'm referring to. Let's go back to our command. And now, what folder I want to mount it locally here on the Proxmox I want to use that minipC folder I've just created in Mount folder. So the path is M&T, Mini PC. That's here locally on the Proxmox. Now just press Enter and it asks us for password for that Samba user on open Media volt. So I will type it in, and that's the job done. Let's have a look first. This is my mini PC folder. If I see Dir, now if I run AI, I should be able to see its content, and I can. That's basically the same as what we had here in my Ubuntu server. That's it. You can see I have Jerry fin folder already created with movies and shows, so we can go further even And these ones with dot are hidden folders or files, so I can't see them, for example, here in ubuntu in default view, I can only see the ones that have no.in front. But it doesn't really matter. It works as expected, now I just need one more command and the command is PCT. Maybe let me clear it first. The command is Proxmox container toolkit, which in short is PCT, then it's set then the destination container ID. In my case, it's geri fine. So that ID is two oh three for me in my case, two oh three, obviously might be different for you. And then mount point, it's MP zero. Zero if it's your first mount point. For me, it is. So I just use mount 0.0. Now what we do we have to provide location of what folder we want to kind of share with that container, and for us is MMT forward Mini PC. Remember, that's the one that I've just created here on Px Mx locally, and then comma, P equals forward slash. Where do you want to place it on your container on Jolly fin container? Oh, nice. It disappeared one. I want to place it under shared folder on the container. And now I click Enter, take a while it was quick, actually. Now, if I go to my Jellyfin container under shared folder on that container, I will find all the content that is locally here on Mount MiniPC. Whatever I find here on my Px Mx in MiniPC, I will find it also there. But remember that this folder, its content, it actually comes from Open Media volt. So it's a bit complicated, I know. Now, one more thing I would do is go to eryfin and give it a reboot, so it picks up all the changes correctly. I can see CPU goes up, so it should be up. Let's go here to the dashboard, Libraries can now add library content, maybe shows first. Folders. Now, we're interested in local shared folder. If I scroll down, you've got shared folder and it's local here on the jellyfinw because Px Mx passed that information to this container. As you can see, I can see the jellyfin folder and I can see shows folder as well. I can add it correctly now. The fact is this folder is empty right now, but if I had anything there, it would show me all the shells that I have available there. But that wasn't the point. I hope that helps, thank you for watching. 17. Auto bind mount NFS/SMB/CIFS share to Proxmox LXC container after reboot: There was a video about Proxmox I released recently about accessing folders on virtual machines by unprivileged lex containers. Specifically in that material, we had Giffin container accessing media folder on open media volt. But that solution would work for any other Lexy container, accessing any other virtual machine on that box. You guys like that video. However, many of you said that this solution that was presented does not survive the Proxmox server reboot and you have to type those commands manually again after that reboot. Many of you asked if it is possible to automate that task. And the answer is yes, of course, Proxmx is a Linux based solution, so we can do anything we want and there is at least million ways to do that. Let's start automating it then. In fact, that may also show you the way to automate any other tasks, not only this specific one, because we are going to use Bs script combined with a Crone job, which you can later on amend any way you wish to perform any other tasks by simply expanding or amending that BS script. Let's start from what we currently have here. But I don't want to repeat all the stuff we did in that previous video, but I just wanted to quickly recap what we did there, so we are on the same page. I've got basically here, we've got eryfin container, and here we've got Open Media volt Virtual Machine. You can ignore that ubuntu because that's not used for these purposes. So if I log on to Open Media volt, What we have here, I've got the user. The user is called SMB user, and we've got services configured sample services with a shared folder called Mini PC. But please note capital M, capital P and C. And this folder also has guests allowed. That means I can access it either as a guest or as SMB user. So what we did next, we went to Proxmox to the node, PVE. We created a folder inside M&T folder called minipC so this is the folder, and then we mounted it to that location, so to this IP address, and we mounted this folder on this location, the command we used was mount CIFS. The user can be either guest or SMB user, as I said, forward forward slash 192-168-1202, which is IP address of the open media volt, and then forward slash Mini PC with M and capital PC exactly as open media volt, and we mounted that folder to this local folder on Proxmox which is M&T Mini PC. If I do it now, I will get error. Well, password is blank. Actually didn't display anything, but this folder is already mounted. So if I go there, see the mini PC, if I do LS LA, I will see all the folders that are inside there, my movies and my shows. So my Proxmx the Proxmx itself, can now see the folders that are inside Open Media vault. But what we did next, we had to pass that information further to gifin container. What we did was a command called PCT, and then set container ID of elifin which is two oh three in my case, MP zero, forward slash M&T, forward slash mini PC, and then we specified the mount point as it will be seen on the eifin and it was forward slash shared. So that's all we did in the previous video. I don't know what happens if I run this command again. Probably error. Okay. It doesn't error, but we can go to Jellyfin and we can see it's already there in resources, I believe. Yes, that's the mount point. You can see this mount point. MMT minipC which is location on Proxmox is already mounted as shared folder on y fin. But please remember that Mount minipC is actually mounted again to our open media volt. The data is going from open media volt to Proxmox and then passed further to Jellyf. That's fine. That's all cool. We know it works. If I go to my lyfin, you can see it works. I can see those movies. It's actually just one video there. But if I go to Dashboard, if I wanted to add library content type, let's say movies, I can add folder, which is called I don't know where it's twice, but it's called shared folder. Within that folder, I can see those movies and shows. We know it works. What's the problem then? When we reboot the Proxmox, the problem is mainly that our Proxmox is not able to mount folder on Open Media volt because at this stage, open Media volt will not be up and running. So there is nothing for it to mount. And therefore, there is nothing to pass further to geyfin. And you can't use FA Stab file either for the same reason. If the open media volt is down, there is nothing you can do. So we have to start the open media volt after reboot, then mount the folder to Px Mx and only then pass it to Geryfin and recreate that old path that we did in the previous video, you know. So before we do anything, let's just do the reboot and see what we have missing. So just hard reboot, you know, everything is running. I don't know what will be broken. Never mind. Let's see. Oh, actually, it's not that easy. I don't think those VMs. Okay, it stopped the jellyfin container, but it might struggle to stop automatically open medivolt and Ubuntu. So okay, let me close this. Let me go there. Yes, this is still up and running. So let's shut down here, maybe. All right. And the remaining bit is Ubuntu. Let me consul to that because that's Ubuntu server. I don't have any GE. And we do shut down now. Okay, nice. So this one should be shut down shortly as well, and then tipxmx will reboot. Sorry, I didn't think of it. Oh, there was a little beep, server rebooting. Not sure if you heard that. So if I refresh it, it shortly should be back up and running, and we will see what is missing. Server is up, not entirely yet, but should get green shortly. Okay, server is green, but I guess it will not start anything on its own. So let's see what our script has to do first. I would say first, we would have to start open Media volt. That should be our start point. So in GUI I would just click that start button, but we can't do it now. We have to build our script, and in script, we need command line instruction for Proxmx to start that particular virtual machine. The way, this GI doesn't do anything really. When you click Start, you basically generate that CLI command in the background to start the VM. We have to figure out what is that command that this button generates. So let's make some notes maybe. Let's open Text file, what we have to do. Start the VM. So let's Google ProxmxH to start Virtual Machine. Command line. Okay. That's good. Those top links look okay. So let's click on any of them. Let's see. QM list will show us all virtual machines and how to start QM start and then Virtual machine ID. That's perfect. That's what we need. Let's go back here. Text editor. Maybe let's test first. Let's go to the node to the shell, and it was QM list. It lists all our virtual machines, and two oh two is the one we are interested in. So it was QM start, two oh two and crecener. Perfect. Got it already up. It's already up and green. So the command we need is QM start two oh two. What do we need next then? Before we go any further, I would say we would have to have some kind of confirmation that this virtual machine is up and running because you saw it took a while and we don't really know how long it takes to start this virtual machine for Proxmox. So there must be a command that is able to check this status. So let's Google again. What do we Google? Maybe Proxmx how to check whether the VM is running, something like that. We can see directly from Px Mx. There are some instructions. And we can see we can do QM status and then virtual machine ID. Let's do that. QM status. Two oh two. Status is running. So that's cool. But for our script, I'm only interested in this bit, running. I don't want this call on the status, blah, blah. So let's use Ok command to grab just this information. So it's QM status two oh two, previous command, and then we can pipe it to OC and we only want to print the second bit. Oh, that's better. That's what I need. Running. That's what I'm interested in. Let's copy that command. This is exactly what we need as a confirmation. That's perfect. What we need next then. Once the VM is up and running, now it's the stage where we can mount it to the folder on the Proxmx. The folder is still there. You can see minipC. But if you go there, you can see it's empty because we haven't mounted what's on open media volt. For our script, next step will be to mount that folder and it was mount CIFS O user. Maybe for this purpose, we will use that Samba user, the other user, but I will have to specify the password because this user has the password as well. So it's just colon with no spaces, and then the password. Super secure puzzle. It's just for this purpose. I changed it. And then the location of remote folder and location of local folder. If I do the LA LA now, that's the thing. 1 second. Let's go back. Okay. You know what? You know why it didn't work because I was actually in that folder in the mini piece folder. So it was used by me. That's why it looked like as if I didn't do anything. So I had to go back, go further to any other folder, and I didn't really have to re run that command. It was mounted. I just had to refresh that information. But as you can see, it works as expected. Thing. All right, but it doesn't matter. We can see it worked. So what's next? Well, that PCT command. Remember, passing this information now from mini PC further to the jellyfin. But if we go to jifin, we can see this mount point is actually there. This information is not missing after the reboot, so we don't really need to run that PCT command. And the boot doesn't remove that information, so we are okay with that. So basically, the last thing we have to do is to start jifin. But how do we start jifin? It's not a VM. This is a container. So what we do, we Google. We Google something like Px Mx, how to start LAX container. And maybe CLI, something like that. Again, first from the top, so Y PCT fails, but Alex C works. So it looks like this works. It looks like Alex start and then the container ID, but with N. Perfect. Let's try it. Let's go to node again, LexC start, W it N, and the ID of the container. In my case, it's two oh three. Effin is container ID two oh three. Let's enter. Okay. The container is now up and I forgot to make notes. Let's copy this command. I just stopped doing our notes. So that was to start container. But we've got the mount command missing, so we'll copy from history. I believe that's it. So how do we make script out of this thing? Let's write it somewhere on Proxmox as bar script. So let's go to root folder. What have we got here? We can choose maybe optional stuff. That might be. Doesn't really matter, but let's go there to see the Opt. Is something there? No, nothing. So let's create folder maybe called scripts. Maybe we will have more scripts later on. Let's go to that folder. How do we call it? Maybe mount dotsH. DotsH means it's a bash script. But for Linux, it doesn't matter. It's more information for us. If you do Bar Script, if you do LSLA, you will see this file is not executable, which means we cannot run it as a program. First thing we have to do is to change, add executable bit to that file, which means we have to run CH mode plus X, and then the name of the file. If we do the same command again, LSI, now, we can see that little X, which means the file is executable. That's what we need. Let's clear that maybe, we've got the file yes, we created the file, MuntH but it's currently empty, but it's executable file. Let's do nano mount age to edit the file. And now we can do what's called Shibang. This is basically an instruction for system how to deal with this type of file. So we do user Bin ENV space Bash. It's a bit dark font, but you know what? Never mind. So this is our first line. That's how we start every bar script. Click Enter. And what we had next, we had QM start two oh two. So that's what we do. QM start two oh two. That's our first line. And then it was what? QM status, QM status, two oh two to check the status of our virtual machine if it's up and running. And then we were interested only in that second part, which was the word running. The little problem here, the program does start to oh two and then status two oh two. The output will be different. The virtual machine will not be running at this stage. If we run the status immediately after we start the VM, the status will be different. It won't be running. So what we have to do instead, we have to wait until this output of the status command is actually running. So what I mean, we embrace that entire stuff. So it's like dollar bracket. We embrace that entire thing because this is a command, and we then do equals equals running. And we have to use brackets here as well, just to make sure it's a string. So basically, we run that command and then we treat it as a string, and this string has to equal to running. We need the output as running simply. The left side has to match the right side. So this is a test. In Bash, it's a test, and all tests you do in square brackets like that. So what I now want to say is, if I go to beginning until this is true, it's a semiclm at the end, all that line has to be true. If it's true, that's fine. But if not, do slip to done. I know it might be difficult, but what we do here, we simply say run this command, and if the status is running, that's fine. We're done. But if not, if it's not true, then slip for 2 seconds. In other words, wait for 2 seconds and repeat that command again and keep doing that until this is true. I know it's a bit complicated, but it is what it is. But next, let's do the mount. Mount T CIFS user was Samba user. And the location of remote folder and Local folder. Let's have a look. Q and status. Okay, mount, and now we just start the elifin container, which has ID of two oh three. So we just start that. That's our bar script. And one sec. I will add two things. I will actually do slip maybe 20 seconds here and also the I don't want all of that stuff run at the same time. I mean, it won't run at the same time anyways, but I want to give it some time so we can see actually what happens. First, we should have open media volt up and running. Then we should have the folder mounted, and then after another 20 seconds, we should see the Jerry fin coming up so we can see actually the progress as we look at that output. But as I said, you can fiddle with this script later on. Doesn't really matter. To save it, we press Control O, then Enter and Control X. And we can check what's inside that file using cut command. Cut mount, that's our bar script. That's fine, but next question, how do I run this script when the server reboots? Because that's what we need. We want to run all those commands every time a entire Proxmox server reboots. So we can do that using Crone tab. And Cron tab, you can write like Crone tab. L, it lists you current jobs, and currently there is nothing running because we can see that hash. It means this is actually commented out, so this is just for our information, but there are no Krones running. We have to create new ron that will run at every reboot. So let's do that. We use Crone tab. E command to edit the cron tab, current cron tab, and then you can read all that stuff because it explains actually what it does, for example, here. If you want to run something every week at 5:00 A.M. That's how you configure in a cron tab. So you can see here. It's a minute, hour, day of month, and day of the week, et cetera. So if we want to edit it, we just add another line here. But the thing is, I don't want to use that format because that format means I want to run it at specific time. If I set something like zero, let's say so that's at 10:00 P.M. The asterisk asterisk one at five, that would mean I want to run something at 10:00 P.M. From Monday to Friday, only weekdays. That's not what we want to achieve. We want to run this Cron job every time the server reboots. So I need a special command, and it's called at reboot. That means this line will always run when we reboot the server, and it starts up. Okay, cool. So what do we want to run then? We want to run Opt scripts. And then we called it mount dotsH. That means we want to run that script every time a server reboots. But then for cron tab, you need a little bit more information. I mean, you don't always need, but to be honest sex, you know, I learn it the hard way. So first, you specify what you want to use to run that script. And we want to use user been Bash. We want to explicitly tell it that this is a bar script. And then what I usually do, I redirect the Dev. I mean, one can let me write it down. You don't have to care much about it, but this basically means we redirect the standard output to Dev null device, which basically discards it. And standard output is anytime you run some commands, it generates some output. We are saying that we are not interested in this, and this line says it redirects the standard error to standard output. But because we discard standard output, that means all the information that is generated or all the messages that are generated when we run the script are simply discarded. We are not interested in them. And then there is one more thing very important, I would say, I specify the path environment variable. A what it does, it says to Chrome where it can look for the executable files or for the binaries, they are called. There are various locations, and by default, Cron tap chron is usually useless with that. It's always better to specify all those separate locations because colon divides every location. So this location is different than that, et cetera. So believe me, it's better to have it than to not have it. That's quite a lot, I know. So what we have to do we have to press Escape, column W, Q, Enter. And we can see Cron tap installing new Cron tap. So if we now do Cron tap L, it will show us our Crown job. Now we are ready for the reboot and see if it works as expected. Okay, I know already I have to stop manually open Media volt. Let's just open it again. Let's log on, and let's power it down because reboot will not do that for us. All right. Let's wait until it's actually down. Okay, it's down now, the moment of truth. Reboot. Let's see what happens. Connection closed. If I refresh. Okay, it's still stopping the griffin. Yeah. Shut down container, okay? Oh, all right. Now it's gone. So it's rebooting. Little beep. Not sure if you heard it. That means it's coming back up. Let's see. First thing we should see is the open media volt coming up, which is two oh two ID. Oh, it's already up. That was quick. We will wait for eifin now. We can also check system CTL status, Crone, I think. Oh, yeah. So Cron is running, and it also shows us the output of most recent logs. We could see starting task PVE. That's for two oh two. That means for open media volt. And what's going on? What with eyfin? Tatus stopped. Let's see if the folder has been mounted. But. And it hasn't. Oh, okay. All right. 1 second. Screw it up. Let's go to where was it? Option Scripts. Yeah. Oh, can you see the problem? Stupid. I forgot the O here. Alright. I should have copy pasted that instead. Let's do. No, no, Mount dot a side. That's the thing. Then Control O, enter Control X. Let's go to open Media volt, restart it. I mean, stop power it off. Reboot again. Let's wait for it to stop completely. Reboot. Heard a little beep, so it's rebooting. Yeah, we can't access it yet. Should be back up again shortly. Oh, there it is. Let's see this time. Successful or not successful? Open media volt. That's quick. I'm surprised. It's so quick for this status stop running. Let's see if it mounted now correctly. Okay, let's go back again. No, it doesn't, you know what we can do? Sorry. Well, I want to record it actually, because that's what it usually looks like. Something is wrong. We don't know what is wrong. Why doesn't it mount it? We can do. We can simply run our script manually, opt scripts and then it was mountH. Let's run it. Let's see what happens. Am already running. Mount come on, not found. Line three, let's control. Set. Let's have a look, something wrong in line three. One, two, three, I believe it's just about the spacing. The spaces here at the beginning and the end. Let's see. Let's do no. So we got one, two, three, third line. It's moaning about something here, and I believe it's about the spaces. Control O, Control X. Let's run it again. That's better already. We can't see anything. That means it's doing something. Doing something means it sleeps now for 20 seconds, remember? But it doesn't display that error anymore. So we can wait now. We can obviously ignore the VM already running because we know it is. We're waiting for mount and for the jellyfin to start, really. If they start, right. Okay, that's completed. So let's watch jellyfin. It should come back up. All right, it's running. That means we should also have same problem as before. We can see these folders are now in. One last test. Let's reboot and see if it works after reboot. Go to open Media volt again. I know it's a lengthy video, but on the other hand, I wanted to show you entire process. Let's reboot again. Open media volt down. So yes, reboot. Let's refresh. Alright, we're back. So PV should become green shortly, and it is together with open media volt. And now I'm pretty sure it will work as expected. Let's wait for Jellyfin so it's also nice and green. We had those slips. So let's check the mount instead. And it is there. Look at that. Worked as expected. So let's just wait remaining 20 seconds for lyfin to come up. And it is up and running. Let's open Jellyfin then. And I can already see my movies. So if you go there as the last time, we want to go here to libraries, if you want to add library, we will see, I mean, movies, yes. And the folder, we can see that shared folder, and we can see movies and shows. So yes, to be honest, it took a bit longer than expected, but I hope you like it. Well, one last thing. As you can see, for example, these two oh four, it's my Ubuntu, but it's still down because it's not included in our bash script, yes. So what I can do, for example, now, can go to PV, I can go to my prep, and I can do nano mount SH and QM start two oh two. That's already there. I can add QM start two oh four as well. So next time I reboot it, my Ubuntu will be up and running as well. I will do Control O, enter Control X. All right, so that's all I wanted to say today. I hope that all makes sense, and thank you for watching. 18. Read AND WRITE from unprivileged LXC container: In one of the previous videos, we mounted a shared folder from Open Media volt virtual machine on Proxmox and then we passed it further to if unprivileged Alexy container. Both the VM and the Alexy container were running on Proxmox. But many of you have noticed that you can only read from that remote location on open Media volt. I mean, our unprivileged Alexy container, in that case, was eifin it cannot write to that remote location. Today, I will show you why is that and how to change that default behavior so that Alex container can write to VM. In fact, it doesn't matter what virtual machine it is. It doesn't have to be open media volt. It can be truens unrated, or maybe completely different VM that you have there. It doesn't even matter what Alex container you have. The method I'm going to show can be applied to any VM and any LX container that you might have on your server. We will also understand why privileged container can write to that remote location, while unprivileged container cannot, by default, do that. And we will see what we have to change to get that write permissions for unprivileged LLC container. For this video, I use the open media volt again just because I already have it up and running, and my shared folder is called open Media volt. I'm in the storage, shared folders, and you can see name open media volt, relative path open media volt. We will need it later. Note that when you add shared folder, you have to set correct permissions as well. These are mine, the default ones. Admin can read and write, user can read and write, and everybody else can read only, so I didn't change. So this open media volt has the default settings. They also have a user. I created one user, and it's called SMB User, and we will use it to connect to this share. Basically, this SMB user will have that read and write permissions to that shared folder. And first, let's go back to Proxmox and mount this Samba share to the Proxmox itself. This is my Proxmox. I will go to PVE. You can see two oh two is my open media volt VM. I've got also some Ubuntu, but we can ignore them. What I need now is PVE and I go to Shell. In this shell, I will create it maybe in, let's go to CD MMT. If we LSL, you can see it's empty. I will create a folder here called minipC. I believe that's what we used the last time. So I use Make their command to create a new folder, we call it minipC. So if I do LSL now, that is my empty folder. And to mount that Sabah, I need a utility called CIFS, so I have to install it first. And the command is AG, install CIFS Utils. In my case, you can see it's already the newest version. I've got it installed, but you probably will have to run this command. So now we can mount that remote folder, that open media volt folder to the local M&T forward slash Mini PC folder. The command I need is mount CIFS. Then I use O. This is to provide additional information like users passwords, like group IDs that we will learn about later. So my user is SMB user. Now I have to specify that remote location. So what's the IP address of open Media volt and what's the folder I want to mount? So if I go back to open Media volt, if I go to network interfaces, I changed my IP address to 192-168-1202. And the last digit two oh two will match my virtual machine ID. That's what I always do, like 202. I know if the VMID is 202, then the IP address is 192 1681 dot two oh two. So that's what I use in my command. 16812 oh two, and then the name of the folder, and the name of the folder is here in storage, shared folders, and they called it open media volt. I go back and they say open media volt. Now what I want to mount it here locally on. They use the folder that I've just created. So it's MMT Mini PC. Now, the password, I configured for SMB user, and that's it. If I now run Mount command, I will see here at the bottom that mount. And I want you to inspect that all output because we've got user name SMB user, but not that user ID and group ID. Currently, it's user ID zero, group ID zero. Why is that? Because I mounted that remote location as user root here. I'm still user root on this Px Mx on the PVE node. If I run command ID, that's what I am. Root has user ID zero and group ID zero. That's why it has been passed like that to the mount command. I hope that makes sense. And if I clear that maybe up arrow, I simply bind mouth that remote location from that IP and that folder, I mount it to Local folder M&T minipC. That means if I control C, if I go to that M&T MiniPC, I should see the content whatever I have on open Media volt on that virtual machine. So let's do that. LSL, that's my folder. If I see D to minipC LSL, I can see Mark one TXT. That's, in fact, the only file I've got there on my open media volt shared folder. So this content comes from Open Media volt. It's not here locally on the Proxmox. Whatever is on open Media volt, I will be able to see by going to this location, M&T Mini PC. Important thing at this stage, we should be able to read and write to remote location from the Proxmox itself, I mean, because this user specified here, user S&B user should have read and write permissions. So if I, for example, touch a new file called Marek two, I should be able to do that. Now if I do LSL, I've got two files. Maybe to make it even clearer, if I go to another machine, like this is my MacBook, and you can see, I also connect to the same open media volt folder from here as Sbuser SMB user. If I go to that folder, I indeed can see both of those files, which only proves that I am able to write to that remote location from the Proxmx itself. You have to make sure it works as expected, because without it, there is no point even to go any further. I also want you to notice that this mini PC folder belongs to root, I mean, root user and root group ID. Because that will change later on. And the ID of root user is always zero. User ID zero and group ID zero. Okay, so far, nothing looks strange. All works as expected. So we can try to pass it further, this location to our unprivileged compainer to see what happens. And I don't have a copainer yet, so let me quickly create one. So I click here on Create City means create container. I will give it ID of two oh three. The host name, I will call it Mark LLC. I will create the password for the root user. I'll click next. Now the template. I've got one template available, but any template will do. I just want to say, there is no such thing like a elfin Alex container. It's basically one of those templates with elfin installed on top of that. Or you can install anything else you want. You can have multiple you can have all of your programs on one single Lx container. But that doesn't really matter. It's not our topic, so we click next. Disks eight gig is fine. It's just for the testing purposes. Click next. CPO maybe two. Next, memory, the main memory I will put 4,096, the swap can stay as it is. Next, Network, I will put static IP 192-168-1203. As I said, I am matching the ID of the either VM or LACI container, so it's easier to remember what IP it is in 24, Gateway 192, 168, one, one. That's my home router. So I click Next, DNS, leave it as it is next and finish. That's it. That's okay. So that's completed. I should see I already see it. The name has just changed to Mark LACC, so I can now start my container. Took a few seconds, and the container is up and running. So I just double click on it and I can log onto it. I use root and the password I've just provided during the container creation. That's my container. Let me see D to the root folder, S L. These are all the folders available here. What we did in the last video on the Px Mx, if I go back to Px Mx, we run command PCT set, then the ID of the container 23. Then we created mount point MP Zero. Now, we specify the local folder. We want to bind mount, which is M&T mini PC, and the mount point on the container equals shirt. That means in the root location, I will create shared folder, and it will be bound to the M&T mini PC here on the Proxmox itself. So I just click Enter, that's it. Now if I go back to my container, and if I run LSL again, look what changed. I now have shared folder. If I scroll up, it was not here previously. So I either can create it manually and bind it to the Proxmox host or if it doesn't exist, it will be created for me. So if I go there, see the shirt, LSL, I can see both of those files that are on open media volt that are passed to ProxmoxHst and then from ProxmaxHst are passed further to this container to this unprivileged container. The problem with that is I cannot write anything. So if I touch Mark three, I've got permissions denied. And some of you might notice that the PCT command created that shared folder for user nobody and group no group. And maybe you think that this is our problem, but believe me or not, this is not our problem. Even if you changed it to a root, it would not solve our problem, and we would still not be able to write that remote location. The issue here is how host system and in our case, it's Proxmx, but in fact, it can be any Linux distro. The issue is how that Linux handles privileged and unprivileged containers. In fact, if I change this container to privileged one, I would be able to write to that remote location. Why? Because my root user ID and group ID on the container and on the host would be the same. If I run ID on the container, you can see I am root here and the user ID and group ID on the container itself, it's also zero. And for privileged container, it would be seen on the host system on our Proxmx as coming from user ID zero and group ID zero. So nothing would change there. That means the folder permissions would match the user root, and I would be able to read and write to the shared folder. However, we are running here unprivileged container, and the difference is that even though the container looks exactly the same, as you can see, I'm still root on my container. But the request coming from this container on the host will be translated to something different. Our Px Mg will add 100,000 value of 100,000 to the user ID and to the group ID. So effectively on the host for root user on the container on the host IM as user ID 100,000 and group ID 100,000. This is to prevent so called container escape hug, and that's why they are considered unsafe. If I had privileged container and if I could hug my way out to see other folders on the host system, then I would basically gain full control of that host because I would be seen as a root and root can do anything. It's a privileged user. But because my container is unprivileged one, even if I escape this container on host, I would be seen as some random user with ID of 100,000, so I would not be able to do much there. That's why we always should use unprivileged containers whenever we can. But the question is, what can we change for unprivileged container so we can read and write to that remote location? As always with Linux, there are many ways we can solve it. But I picked one that I think it's the easiest to explain. We will simply mount that shared folder from OMV on the host by matching the user ID and group ID of the container user and not the host user. Let me show you what I mean. Maybe I will give you two examples. One for container user root and the other for container user or something else. We'll see. We will create one. But let's just delete what we created. Let's go to the container to the resources. This is our mount point. So let me just detoch it, yes. And as you can see, doesn't clear we would have to restart the service. I would just reboot it. And now log on again. That's it, and that amount point is now gone. So let's go to the Px Mx, as well. I mean, sorry to the PV, and let's remove the mount point. So it's U mount and the location is M&T mini BC. That's it. So if I do mount L now, I don't have that mount weight anymore. So I will clear that maybe again. Let's just double check the container. This is our container, and the root ID is 00. So here on the Proxmx itself, we will do something else now. I will run mount or you know what? Let me just up arrow. That was our command. That's what I need, but I want to change the values here after that O. I will use the ID of the container plus 100,000. So basically, you just run QID equals 100,000. Group ID equals also 100,000. That's the only change. Now I press Enter, asks me for password. Password for that Samba user on the open media voltios and now if I run Mount L, I can see that mount again. But this time the difference is my user ID is 100,000 and the group ID is 100,000. What also changed, let me clear that maybe. If we go to CD M&T, I do LSL, have a look here. Our user ID is 100,000 and group ID is also 100,000, and the mount command did that for me. I don't have to run like change owner or something, Jon command. That's done during mount process. Okay, so that's the first step. Now, we have to pass it further to the container. So let's maybe go back to the container again. If I do CD LSL, maybe we've got already shared. We can see the permission changed as well to root, but that doesn't really matter. Let me create maybe some different folder now. Mike dear, I don't know. OMV root, something like that. LSL, no, sorry. That doesn't look good. RM RFO. Let's go to root folder to this one because that's the home folder for the root user, and let's create it here. Make the OMV root. So we are in root folder, and we've got OMV root, sub folder inside, and we will try to bind this one just to make it different, you. So I go back to Proxmx. Maybe I will use up arrow again. That was the command, and I could use that shared folder. I just wanted to show you the difference. I will just change that shard to the one that we've just created. Root OMV root. Presenter. The mount point should be created. If I go here, I can see mount point bending to root OMV root. So if I go to container, let's CD to that OMV root, if I run LSL, I can see the files from open Media volt. But this time, if I touch, let's say Mark three, TXT, I can create new files. And indeed, if I use that window from my MacBook, you already see the file was created on open Media vault. So this time, I can not only read, but I can also write to that remote location. Let me run SL. You can see now three files, and that's how it's configured for root user on the container and how we pass it on the Proxmx for that root user. But what if I have different user here on the container? Maybe I installed application, maybe Enginet, maybe eifine, whatever, and it doesn't use root user. It uses some different user. Let's do it now. And you will see that it's not that complicated really. We just follow the same guide. Let me see the but maybe let's destroy again everything, right? I will just detach this. Yes. I will reboot the container to fully get rid of that. I will also go to Px Mx again to the PV, and I will unmount the M&T minipC. I it's CD to M&T we can see that miniPC belongs to root and group root again. Okay, let's jump back to the container again. Let's create a user. I will run sudo a user. Sorry I don't need sudo because I'm already route but never mind, and I will call it Mark. I will create a password. I will switch to that user, a Marek. Now, I'm not route anymore. I'm user Mark. Let me clear that. If I run ID, my ID is 1,000 for the user, and the group ID is also 1,000. That makes sense because that's the first user that has been manually created on that container, and the Linux numbers those users starting from 1,000. If I run PWD, print working directory, you can see I also have my home directory created, home Marek. Maybe I will create another folder here. I will make the OMV Mark this time. The full path is home Mac OMV Marek to this folder. Now, let's go back to the Px Mx, and now on Proxmx, I will use up arrow again because I'm lazy. So user Marek has user ID 1,000. I have to add another hundred thousand to match this user ID on the host on the ProxmoxHst, which means I have to put here 101,000 for both user ID and group ID. Now we press Enter, password for Samba user. That's it. If I run Mount L, I can see it again. But this time for another user ID and group ID. That's clear. If I go to no, sorry, I'm already here. So if I run LSL, this time my mini PC folder has user ID 101,000 and group ID 101,000. Now, the only thing we have to do is pass it further to the container. We have mount point from the Proxmox to the open media volt, but the missing bit is from the Proxmox itself to the container. So we create that using PCT command. I will paro again. But this time, the mount point on the container was what was it at home, Marek, OMV Marek. That was the folder. I press center, and that's it. Let's go back to the container. If I run LSL, nothing changed. I I see D to OMV Marek, LSL, I can see the content of the open media volt. But if I touch Newfle Mark four, TXT, I can write to it as well. So LSL, I have now write permissions. So yeah, I hope that makes sense. That solves our issue. But there is maybe one more thing worth mentioning. This solution is not only for Proxmox because you can create virtual machines and LAC containers on any Linux distribution. Proxmox only provides that nice user interface, but it does not implement anything new really. All functions here are already included in Linux distro that Proxmox is running. Basically, you can run those methods on any Linux distribution. That's what I mean. It's not limited to Proxmox which runs on Debian anyway. And yeah, we can use Px Mx graphical user interface to create containers, et cetera, but there is nothing stopping you from using the simple Linux command lines for all those tasks that we performed here. Because, for example, you can create container clicking this button, but you can also use what if it on LCC info and the name of my container, which is two oh three. You know, this is Linux command. You can run on any Linux distro. And you can download the template. You can create your containers, and you can do everything you want using just Linux command line. You can see my containing liners up and running. You can even see the IP address, et cetera. And then what we have the mount command. The mount command is already like Linux command line, so no need to explain that. But if you wonder what that PCT set two oh three command does, because it looks like Proxmox container tools or whatever it's called, but all it does really is it simply adds one line to the configuration of my container, and the configuration of my container can be found in IC PVE LCC. So if I run LSL here, you can see this is the configuration of my container two oh three, and if I cut it, all that PCT command does, it simply adds this line and then restarts the service. You notice that I rebooted the container instead, but that's only because they are so quick to reboot and it does the same job. But I could manually just add that line, reboot the container, and I would end up with the same status. So, that's all I wanted to say today. I hope that all makes sense and thank you for watching. 19. 3 Ways to Mount NFS, Samba SMB share and external / internal storage on Proxmox & Linux: If you've spent your whole life on Windows, then mounting any storage like a USB drive or NFS share from your NAS to Linux operating system might feel like I don't know, learning a new language or something. In Windows, you simply plug in the USB, you get drive D and job done. But in Linux, you plug it in and nothing happens. But there is a reason for this. The Linux is actually much more powerful and stable, especially for servers like Bunto server or Proxmox hypervisor. The main difference is that Linux doesn't use drive letters at all. It uses that single root. File system. You have to tap into that single root file system to see any files on your USB or internal or external hard drives or shared folders like NFS or SMB shares from your NAS device, the folders you have configured on your NAS device. Yes. In this video, I will show you multiple different ways of how you can mount external storage to those Linux based operating systems. I will use my Proxmox VE hypervisor for this presentation. For any or Debian based system Linux like Ubuntu, the process will be identical for other Linux operating systems like I don't know, Red Hat, Santos Fedora or Kali Linux, whatever you are running there, the process will be nearly exactly the same. Maybe the installation commands will be only slightly different. This is my Proxmox, yes, yes, I know that this stuff can be done in Proxmox in graphical user interface. I go the data center to storage. Then I have this ad bottom, and you can see lots and lots of different types of storage, including NFS or SMBsers that you can add this way, but I will not use any of those because this graphical user interface is Proxmox specific, and you will not find it on any other operating system. That's why what we're going to use, we will just use the terminal. So let me go to my terminal. Let me associate to my Proxmox. By the way, Proxmox runs on top of Debian. That's why the commands will be the same for any other Linux or at least very similar. What I will also do, I will insert the USB stick into that minipC the Proxmox. This Proxmox is installed on that minipCPlus I also have NAS device with a shared folder, which is actually called shared as well. But for that, I have both Samba and NFS protocols enabled. We will try to mount that shared folder to our Proxmox using both Samba and NFS protocol. First, let's maybe focus back on that USB stick and the first method to mount that USB stick is the manual mount with simple mount command. You can use that if you simply want to just access the file right now and you don't need this drive to be available after reboot. It's basically you stick something in, so you can access it. But now, if I run DFH for example, it will show you something like that, but there is no USB stick shown here. Why? Because that USB stick is not mounted anywhere. You can see only mounted devices here. Where can I see? I can see it if I run LS BLK, which is List block devices. I press Enter, and I can see my stick at the bottom. How do I know that? Because my stick is 128 gig and I can see it's not mounted anywhere. You can see the mount points and it doesn't have any mount points. But let me clear maybe first. But the next thing we have to figure out is what is the file system currently on that USB stick? If I run the same command, LSBLK I can use up arrow with F. Will show me the file systems as well. I can see that my USB stick already uses EXT four file system, which is good because EXT four is like a native file system for Linux, but you might have something different. You might have fat 32 or you can have NTFS and you have to watch that because for some file systems like NTFS, you might be able to read the files here on the Linux operating system, but you won't be able to write to that USB stick. There are some limitations. Let's say this is a new USB stick, and what can I do to make it ready for Linux operating system? If I want to read write and if I want to have that EXT file system. I can simply run make file system Kfs dot then the file system itself, XT four. And then I just tell my operating system which device I want to format with this file system. So the device is SDB one. Why SDB one? Because SDB the entire USB stick and SDB one is the first partition on this USB stick, and you create file system for a partition. That's why the command is make file system EXT four for the device SDB one, which is partition one on USB stick, which is recognized as SDB. I just press Enter, but it asks you if you want to proceed, remember, this will remove all the data from the USB stick. So either make a backup first or don't do it at all if you have some important data on it. But I know I don't really know what is on this stick, but nothing important. Definitely. I just say yes and I presenter. And that's the job completed. Let me clear again. Now we have to mount this USB stick to our file system. The file system is that tree like shape, as I said, there is even a command, it's called tree. If I say tree D, to show me the directories and the L one, maybe level one. 1 second. CD. I have to be in root directory. This is the root directory. It's at the very top of this tree, and now when I run this tree, to show me the directory, only one level below the root level, you can see this tree. No, I have to find a place where I can mount my USB drive. And most of the time, you will use either Mount folder or media folder. If I go to that Mount folder, if I run LSL, let's maybe clear that again. And now, if I go to that mount folder, if I run LSA or LSL, I can see this folder is now empty, which is good. I can go back to my root folder. I can also confirm running three D L one, maybe, but for that specific folder, forward M&T I can see there are no directories. So maybe let's pick that mount folder as our mount point. Let's create another folder inside that mount folder. I say make directory KDAR. Make dire Path maybe, B, and I say M&T whatever USB, so. Let's call it USB. That will be our folder. Let me apparel and now we can see that within Mount folder, and by the way, if you don't have that tree command, then you can simply run up install tree, but I already have it, so yeah. Now I can use this USB folder to mount our USB stick. Let's run DF h first. This is our current status. Let's run LSB LLK again. This is our device, and the partition I want to mount is SDB one, which now has file system Exit four. I just say mount device SDB one to folder M&T USB. That's what we called it. I just press Enter and you can see that. Your step has been modified, but system D still uses the old version. Use this command to reload. We just copy paste it and that's it. Copy Paste. And that's fine. Maybe let's clear again. And if we go to MNTUSB, if I run LSL or maybe LSLI to see all files, I can now see I mean, I can see one folder. This lost and found folder is created when you create EXT four file system. But that basically means this USB stick is empty because this lost and found folder was not created by me. It was created by EXT four file system. So now, it actually proves that this USB stick is now mounted. Let's run DFH. Look at that. Device SDB one is indeed mounted to this location, folder mount to folder USB. I can create a file, let's say touch Marek TXT. Let's say, if I run that LSLI again, now I have lost and found and Marek one file. I want to show you one more thing. Let me see the maybe to the root folder again and let's clear. I will run LSL, MNT USB, which is basically the same thing, and now I say unmount this location. But the command is actually just mount. There is no N, it's just mount and I say M&T USB. Let's run that. Let's just run the same command like before, LSL for the location M&T USB. Press Enter, look at that. It tells me it's empty directory. If I run the FH, there is no USB stick. The USB stick is still there. If I run LSBLKr LSBLK, I can see my USB stick, but it's not mounted anymore. So let's clear again. Let's mount it again. I say Dev SDV one, MNTSB. And if I run it again, my file is bug. That's how you mount and unmount USB pen drive. We can do the same with the NFS share and with the Samba share. Let's unmount it again, unmount the USB stick, you mount M&T USB. Let's confirm. Yes, there is nothing there. That's basically mounting USB or external hard drive, let's say, or external SSD, like temporary quick mount. You want to access a file, that's how you do it. And if you want to access something from your network share like my shared folder, it is kind of similar process, but our Proxmox has to know the network IP address and the location of that remote folder. So for NFS share, we need first the package. It's called NFS common. So I say app install NFS common, and I say, auto approve. And the fact is the Proxmox already has that package, so you don't need to install it, but I just run it anyways because you might have a Linux version or Linux system that does not have that NFS common. And now, my NAS device has IP address of 1921 681.225. So what I can do, I can first explore what's available on that NAS. I can say ShowmuntEports. 192-168-1225. I press Enter, and these are all folders that I have actually configured as shares on my network attached storage. So what we can do, maybe let's remove first that M&T USB folder. I will create different folder, maybe make their path M&T call it what? NFS, we're playing with NFS. Let's call it NFS and now I say mount, type NFS, the IP of my NAS, which is 192-168-1225 and now column, and I want this folder. I want to mount only this folder. Volume one, shared. I paste it here plus now the location where I want to see it locally here on this Proxmox. I want to see it in this folder that I just created, M&T NFS. I copied this one as well. And that is my command. I now press Enter and that's job done. So if I run LSL now for Mount NFS, I should see the content of this shared folder on my NAS. Let's see. Press Enter, and that's it. And it's various random stuff, on that shared folder. That's what I keep. Nothing important, definitely, but I can see the content of my network shared location on this Proxmox VE. And if I want to unmount it, basically the same command. It's mount, but now my location I want to unmount is M&T NFS, press Enter. And if I run the same command again, S for that folder, now it shows me it's empty because it's not mounted anymore. Or maybe let's mount it again. I want to show you one more thing. This was the command, and if you run DFH, this is what it looks like for that particular command, that displays more information. This is the remote location. This is the local folder where you can find it, and this is the size and how much used and how much free space you've got on this network attached device. All right, so let's unmount it again. And that would be network file system share covered for this basic mount command. How do we mount Samba share? It's very similar. Maybe let's clear that. Maybe let's also remove that M&T NFS now because we are not interested in that anymore, maybe we will create another folder called Samba. And we can run again that show Mount export 192-168-1225 to see all the folders on my remote NAS on my network attached storage. I'm again, interested in this shared folder. However, Samba is configured different way. Samba usually uses username and passord. I mean, you can allow a guest user, but it's still a user, yes. So we need two things user and passord and what your share is called, but it's not interested in internal file system structure on the NAS. My share is called shared and SMB doesn't care that it's under any other folders, on that remote network attached storage. So first thing I need is the package that supports SAMBA protocol here on this Proxmox. The command to install it is up, install, sieves, UTIs, and I will auto approve. And as you can see, on Proxmox again, it's also already installed, but on other operating system, it might not be. So that's what you need to install first. And once you've got that package, the command I need is mount and the type is this time CIFS for Samba, and I say O, small O for additional options. And that option is user name for that remote share for that shared folder on my NAS, and the username I configured for my share is Marek. I say equals Marek. And now, forward slash forward slash. Who sorry I need forward slashes. The IP address, 192-168-1225, its IP address of my NAS, yes. Now again, forward slash, a single one this time, the name of my share, and the name of my share is shared. But not the difference. We are not interested this time in this Volume one, and now after we have it all, I just say where I want to see it here locally on my Proxmox and I want to see it here in the folder that I've just created. So I copy it. I will paste it, press Enter, and it asks me for password that I created on that NAS for that shared folder. I have to type that password, and that should be it. If I now run LSL MNT Samba, this is basically the same content as before, because sometimes people just wonder, shall I use Samba or shall I use NFS? You can use both. It's not a problem. As you can see, the same remote folder, which is here in Volume one, shared on my network attached storage, I can access it over both NFS and Samba. So you can use whatever you want. But anyways, this works as expected, so we can unmount it the same way as the USB or NFS. We say mount M&T, Samba, because that's where we mounted it in the first place. Yes. Press Enter, just to confirm. Oh, sorry, I forgot again. Let's mount again. I just wanted to show you this DF H, what it looks like now. As you can see, it's very similar. I mean, it's not the same because this does differ than what you saw on the NFS share. We've got those two forward slashes and we don't have that volume one, but otherwise, everything else is the same. So yes, let's up arrow and let's unmount it. If I run the same command again, now we can see that share is gone and that covers USB, NFS, and Samba for a simple mount command. And now we've got that covered, we can move to next way of mounting stuff, which is entry in so called tc FS tub. Let me clear that maybe. If I say cut at CFS tub, this FS tab within ETC folder tells my system what devices to mount after reboot. So if I want to have something available after reboot, I would want to place it here. Now, I will show you how to do it with USB and network shares as well. But bear in mind, the FS tab is a permanent solution. So I don't know if you have external SSD drive or USB stick that you are never going to remove, then yes, maybe you want to have it in FSTub file. But otherwise, you probably want to just mount and unmount the USB stick as we did before. So first thing I want yes maybe let's run that LS BLK again. We know this is our device. We want to permanently mount and be accessible after reboot as well. But the next thing we want is the ID of this device. Easiest way is to run just block ID, BLK ID, block device ID. For SDB one, I can see entry here. You can see it's this device, and the ID for that device is this long number. You can see the file system and the block size. But we are interested in just this portion. So what we do next 1 second. MNP we've got that Samba. Let's remove it. We don't need that folder anymore, we will create, let's say, make a directory above M&T maybe permanent permanent storage. Let me cut at CFS tab again. This is the current content of this FS tap file. Let me copy the UUID first maybe. I will need this. So I say copy. I say, no, no, let's see, have a stab. We want to modify this file. We are here. Let me go down. Let me paste it. I just press Command V. I don't think I need the quotes because if you see here, for example, there are no quotes. So by default, it string, we don't need that. And now we can see file system, then the mount point, then type options, so called dump and pass. This UUID will simply tell the operating system which device we want to mount, then our mount point, which is the folder we've just created, which is M&T I think I called it perm. Then the type refers to the file system. So for me is EXT four. Then the options for options, I don't have any special options. I will just say defaults and then dump, I don't think this dump is used anymore. Not sure, but I just press zero. You usually see zero here. And then for pass, pass is it tells the system if you want to check that disc before it boots. Usually see here either zero or two, and that's it. Now I say Control O, Enter, Control X. And if I run that cut again, command, now we can see our entry. It looks like that. This first line is very long, but it's basically just the identifier for the device, and then we just say it where locally we want to see it, what is file system? What are the options and here you usually put zero, zero or 02. Now I just say mount A. I want all those entries to be mounted now. This should be already here, so it should only mount the last entry. I press enter, and it asks me to run this command again, which is fine. So I will up arrow, I will mount now. Now if I say LSL MT perm, yes. That's what we called it. I can see my Marek one file available, which means that USB drive is mounted. If I run the FH, indeed, I can see it mounted devices DB one in MNT perm cool. Let's clear that y B and let's unmount it. I just say mount MNT perm. If we run again, this mount point is gone. Even though remember, this USB stick is still there physically inserted. All right. How do we create entry for NFS share then? It's a very similar process. Let's maybe run Control R. I will search for command show mount that I used before. I will re run it again. These are my all available shared folders on my network attached storage. So this is the one I'm interested in, and this is the IP of my NFS. So let's go to at CFS tab again. We will modify it again. I go down. We don't need this USB stick anymore. I say Control K to remove that entire line, and now I want to mount my NAS, which has IP of 192 1681, 225. I say colon, forward slash, and then that path to my shared folder, which was Volume one. Shared. It was capital letter, and it's important because Linux is case sensitive. I want to mount it, I will mount it in the same location perm. We still have it. I didn't remove it. And now I say type is not X four. Remember, it was X four? No, I say NFS network file system. The options are still default, defaults. I mean, then the comma, I want to add underscore Net Dev. It's network device. And this is very useful, you know, because after reboot, your system will see this option and it will know because it's network device, the system will know that it will have to first run the Ethernet controller, WiFi controller or whatever you have to be able to access this network share, and only then it will try to mount it. And without it, you might have a problem. Your system has to know that it's network device that you want to mount after boot. And now we say zero Oh, no, zero, zero here. We don't want any checks on network device. That's fine. It should be okay. Let's see. Control O, Enter Control X. Now let me run that what was it? System CTL demon reload, because it might ask me to run it again. So let's do that apparel again and mount A doesn't mount, so I believe it's mounted. Let's run the FH. Indeed, it's here. So if I run LS L for mount perm, where we mounted it, I can see the content, indeed. Let's click that. And now let's unmount it again. You mount MMT. So if we run this command again, now it's empty. Now the question, how do we mount Samba share? How do we put an entry in Fatab file for Samba? Well, as I said, Samba requires a shared folder name, and it requires credentials, and we need to pass those credentials to Samba when the system reloads. So for Samba, we will need to create a file with our credentials first. I say, no. At C, whatever my creds, my credentials, I create new folder, New file, sorry. I folder at C, called MicredsPres Enter. And now I will just configure my username for the shared folder, Samba shared folder. User name is Marek, and the password is whatever my password for that Samba shared folder on network storage is. And I just say Control O, Enter, Control X. Refer on LSL. At C Micred, I can see this file indeed has been created just to make sure you have correct permissions configured for that. You can also change mode 600 for that Atc Micred file. And if you run again, you can see they changed. Only the user that created this file can read and write to it. Nobody else. Previously, other people could read it as well. Now only I can read and write to it. Now we can modify the FS tub file again. I say no, at CFS tab. Let's go down. I want to access this folder, but not over NFS anymore. I want to access it using Samba protocol. I say, Control to remove this line, and it's pretty long, so I have it already prepared. Let me paste it and I will tell you what it does. B as you can see, it's forwards, IP address, then the name of shared folder. Then the location mount points is MMT perm, that's the folder we created. Now the type is CIFS for Samba and the credentials, we pass the path to the file where we created that credentials. It's in file called Micrets. You can add this to make sure it works as expected. You also say that it's network device. I say Control O, enter Control X. I say Control R system the demon reloads, This is the command I need. And now I say mount A, and if I run the FH, I can see my shared folder is indeed mounted, but this time using SAMBA protocol. So if I run LS M&T perm, I can still see the content. Cool. We can unmount it then. I say mount, M&T perm and that covers USB, NFS and SAMBA for FAS tab file entry. But remember that more often you will use it for internal storage rather than external one. But that brings us to the last option I want to talk about, which is called Smart automount which is FSTpEentry but controlled by system D and it's very interesting way of mounting devices. It's pretty new. I don't want to say it's new, but it's only available in newer operating systems. You won't find it on very old ones, but it's a great way of accessing USB drives and NAS devices and some other external storages because it's automounted, I mean, only when the system wants to use it, which is like autofS somebody might have heard of but it's newer, it's better option. I really like it, so I will show you. Let's clear that maybe or maybe let's remove first or MNT perm. We don't need that folder anymore, not Rf RF, but RAM, let's clear. Let's create new folder. I say, make directory path MT smart. Let's call it smart smart automount we will do the USB drive first again, which is LS BLK. It's this device unmounted right now as we can see BLKID. This is its block ID identifier. Let's mount it then. I will copy it again. I say nano at CFS stab, go down Control K to remove this line, and now I need that identifier. I want to mount it to our new folder called Smart. The USB is running EXT for file system. For options, I say no auto. So it prevents boot mounting. Operating system will not include it as a search right after the boot. It's like on demand. Whenever I need to read from the device, it's immediately mounted to the file system. You will see it shortly. You know what? There is pretty few options, so let me just copy paste them maybe. I don't want you to waste your time seeing me typing. But basically, as we need that no auto, this automount actually says the operating system that we want to mount this device immediately when we want to use it and only then. And the idle timeout is this device will be seen 600 seconds and then it will disappear again. But if we want to read from it, it will be automounted immediately again. And then also noFL and 02, what we saw before. So now I say Control O, Enter Control X. I I run LS BLK, I can see my USB stick, but it's not mounted yet. We need two more commands. We need that one that we already did control. Let me search for system. That's the demon reload. Yes, we press Enter. This is the first command I want to run. But the second one is also System CTL, but I want to restart the mount point that has been just configured. That mount point or automount is called MT smart dot automount. Why is it called this way? It's called basically the same as your folder structure. We called our folder Smart within folder M&T, first folder, second folder, automount. And if I restart this automount service, if I run LS BLK again, I will not see anything. But if I go to that folder, have a look. It is there, yes. What happens if I run this again? Now, this block device also shows me this mount point. It will be on and off on demand access, which is very safe because entry, permanent FA Stab entry can actually break your boot process if one of those devices are not accessible. But this way, if you do it this way with smart automount, it will not break anything. But to unmount it, we need three steps now. First, I say, mount M&T smart, which is our location. That's first thing, and then I say system CtL stop this automount which is M&T this folder, that folder, M&T smart dot automount. I stop this service, and now I say nano at CFS tab, and I remove that last line, Control K, Control O, ter, Control X, and now it's removed fully. That's for USB stick. So let's clear that and let's do the same for NFS. For NFS, we just say again, nano at CFS tab. I go down, let me maybe copy paste. I don't want to borre you to death. That's the line I need. Basically the same as you can see, IP, location, where I want to see it here locally on my Proxmox type is NFS, this time, this is the automount that we restart or stop the idle timeout, no fail, and the dump and pass zero, zero. So very similar to what we had before. I say Control O, enter Control X. Let's maybe first check, LS M&T no, it doesn't show anything, yes. I will run up arrow. I will say demon reload and restart that utount If I run now LS M&T smart, now I can see the content of that M&T smart which is basically whatever I have on my remoteness. If I run the FH, we can see it mounted correctly. So that's an FS. If we want to unmount it, we unmount it the same weight. I say, mount MMT smart. Then I stop this automount. I say system CtL stop these fold areas. This MMT SMRT automount which is MMT SMART automount and nano at C F tab, I remove that line. Control, Control O, enter, Control X. Let's clear that, and let's cover the SMB quickly as well. Maybe let's call it different way. Remove that MNT smart. I will create different folder. Let's call it make directory M&T Smart Samba. That's our local folder where we will want to mount it using Samba protocol. So again, nano at CFtub and the command pretty long. So again, for Samba, bit different formatting, yes, forward forward slash IP, then the name of the share. This is the folder we've just created now. Smart Samba, CIFS for Samba, no auto to not mount it directly after the reboot, but on demand. Automount is created automatically. Ideal timeout. So how long this folder will be mounted for when accessed? But we need credentials that we created in previous stage because Samba needs username and puzzle. So I have to paste this path to this file that contains my username and puzzled that's it. I say Control O, Enter Control A, let's run Control R system CTL. Control R again, Control R again. Yes, this one. Now Control R system, again, Control R, Control R, restart. This is the one I need. Press Enter. Oh, okay. That's not what I need. We called our folder Smart Samba. Yes. I'm happy that I renamed that folder because you can see how it follows the path. Yes, Mount smart Samba. So we have to call it the way we call the folder. Press Enter and now the FH. Uh it's smart sum bias. Now it's seen because we listed the items inside this folder if we run the FH. Now we can see the content, yes. As you can see on Linux there are always 100 different ways to achieve your goal, and the options I showed you are still not all the options available for you. There is, for example, AutofS, which is yet another way of attaching storage, and it's basically, let's say, older version of the smart automount that CtL driven Smart Op. This Smart automount is much more predictable, in my opinion. Saying that AutoFS is still very powerful tool and it's used by big enterprises, and I don't know. I guess some of you might find it as a solution. But for home systems, I think the setup is a bit overcomplicated, and you will be better off staying with just Smart automount. That's why I decided to not cover AutoFS in this video. Once you understand how to mount that network storage and USBs or any external storage, then you can go even further. You can build, for example, Bash scripts. That's what we did actually for open Media volt. It was running as virtual machine on Proxmox and we made sure that we start that VM first, so the mount or the shared folder is ready on that open media volt VM. Then we mounted it to the Proxmox and we passed it further to LXC, and you can see that video displayed right now. You can watch that if you are interested how it was done exactly. But it all starts with mounting the storage to the host first like Proxmox in ours. All right, I hope it all makes sense, so I don't know. I don't want to make it any longer. Thank you for watching and see you next time. 20. Run OCI and Docker containers DIRECTLY on Proxmox!: Since the release of Proxmox 9.1, we have a new option available for our containers. It's the pull from OCI registry option. This basically allows you to run Docker containers directly on Proxmox in a similar way that you run your LXC containers. You no longer need to create another Lex or virtual machine, install Docker on it, then run Docker image there. Now you can simply pull those Docker and OCI images directly from remote repository to Proxmox using this little button, the same way that you pull LXC templates. Maybe before we run those containers, let's talk about that OCI thing. Why can't they just say pull Docker image here instead of pull from OCI register? Yes. Or other question, is the OCI image different than the Docker image? And the answer is they are basically the same or compatible as the difference is more legal than it is technological, I would say. But to explain that, I think the best example would be with the Lego bricks. You know. Everybody knows Lego, yes. It's a company that makes plastic bricks, we all know as Lego. And this locking mechanism for those bricks was patented by Lego, so no other companies could make bricks exactly the same type as Lego. When the ego patent expired, other companies started making the blocks that look exactly the same. They look the same, they smell the same. They are basically the same. However, for legal reasons, they can't call them lego blocks or Lego bricks because a ego is a company and a brand, and other companies cannot use this brand name. Are not allowed to use a Lego brand on your own product, and it's similar here. Docker was the inventor of Docker Images. They invented the way how they are built. We still have Docker Build tool, for example, yes. They also figured out how to run them, and the problem really was that Docker is a private company, and many people didn't want to build any solutions having in mind that the technology is owned by a single private entity, and that's where the OCI came into play. Docker simply acknowledged that problem and released all the information about this technology so it could become the open standard, and it's no longer bound to a single private entity. So nowadays, we can assume that Docker and OCI images are simply the same images. I hope it explains a bit. We are talking about the same containerization technology. Now, the funny thing, the biggest OCI registry will be the Docker Hub anyways, because every time you pull Docker image from doer dot IO, you basically pull it from Docker Hub. That's what Docker Hub looks like. I believe you need an account to actually view the images. If we go to Explore, you can see all the images that are available in Docker Hub. But this is not the only OCI registry you might come across. Another big one is Github container registry, for example, if you go to ghcr dot IO, this is basically it. You can see the open source repositories, and if you go to trending, you will see which ones are the most popular ones recently. You can change the language, blah, blah, and you probably already recognize some of them like traffic. Or IPTV or NATN workflows, very popular recently with ANATN automations. And these are these OCI registries you can pull the Docker images from or OCI images. There are many bit less popular like qua IO, but you can also have your own registry. For example, in AWS, you've got something called Elastic Container registry. You can create your own containers and you can push them up to that ECR registry, and then you can pull those images using this button from your own registry in AWS. Okay, so how do we pull that image? Let's say I want to pull something from Docker Hub. We go to Docker Hub, we are already here. We can explore all the images available. Let's say we've got Alpine is Alpine Linux. Very well known. It's says Docker official images. That's cool. Let's click on that and we already see some things. Like a basic command is Docker pull alpine. That's how we pull the image using the Docker itself, which means I can simply go back to my Proxmox and there are really three ways I can pull those images. I can simply try what's there. Pull alpine, which means alpine is the only thing I need here. But the thing is, right, let's run it alpine. I can query tags. Let me show you what it means. It will show me all available tags. Basically, if you go back, you can see those tags here. You usually go for something like latest, but you don't have to. You might want to go for the edge one or you can pull any other tag that you want. But the latest is usually at the bottom, and you can simply download it. But what you can also do, you can scroll down and you can see some branches like additional information here like this library alpine is. If you put this, let's remove the tag maybe library alpine. As long as you can query the tags, that means it works properly. I can see I can still query the tags, and I can still choose the latest or gas, or you can be even more specific, and you can say Docker DO library alpine. That would be the full path to this repository to this Docker image. Because what it really is, this is the name of the remote registry. It's Docker Hub, basically. This is so called name space, and this is the name of our image. All right. I hope that makes sense. We can query the tags. We can take the latest one maybe. Let's just pull it. Yes. I say download. And it takes 2 seconds, and we can already see that the alpine latest has been downloaded. First thing you might notice, it's not compressed, like Lexton plates are usually compressed. You have tar dot GZ, which means they are gzipped. This one is not compressed because it's just three mega in size. Let me show you the first difference between LLC and Docker containers. If we want to run this container, we do it exactly the same way as we do with LLCs. We create Ct. I call it maybe ID 245. I say alpine Docker, I need password. And if we go further, template is the Docker image that we just downloaded. I say next. And now the disk size, let me say 0.01. I say, Mark, what are you doing? This is 10 megabytes, basically, yes, 0.0 1 gigabyte. Yes, that should be enough to an alpine Docker container. Let's go further. Core one is even too much. I could even limit it further, but never mind. Memory, 512 now. Let's give it 128 megabytes and no swap at all. Let's click next. We'll give it IP address. And the gateway, and that's it. I say next, next, and finish. Again, took 2 seconds, and we've got our container created. It's here and if I start it, we can see it's now up and running. Let's go to the console. You can see application container detected. Console might not be fully functional. All right, but let's press Enter and we can see it is actually functional. First thing you might be interested in is the disc space, yes. Does it really fit into 10 megabytes disc volume? We're on DF h and we can see that indeed, Alpine Linux takes only 8 megabytes. All right, we occupy 88% of the disc space because I gave it just 10 megabytes, yes, but it's still enough to run Alpine Linux Docker container. How it differs though from alpine Linux Lax container, because if we go back, if we go to template these are the normal templates for lexy containers. You can also see there is alpine Linux, LXC container, yes. I could run it as Alex. I will show you the difference if we go back here to our console and if we run PSOks command, that's the biggest difference really. Docker container usually runs a single so called entry point. It's a main process with process ID of one. You can ignore the second one. This is basically me running this command. If I run it again, it will increase the process ID, but this is basically you running this command. But the only process that is constantly running is this shell. This is all this container runs really. If you compare it to Linux container, even the alpine is very basic, it will run many more services. We can see this entry point configured here. If we go to options, you can see the entry point is configured as been shell. What it means exit if I just type exit, press Enter, you will see what happens. It says detach terminating have a look. This container is now offline. Is status is stopped. Why? Because I stopped the only process that is running on this container. This is the only process and I've just stopped it. It wouldn't happen if it was Alexi container, but I can now go back and just start it and it will take 2 seconds and it will be up and running again. It's not a problem. It's just something to bear in mind. This shell, which is this, basically. That's what we use right now. It's a shell. It's the only process running on container. If we run, let's say, cut at COS release, you indeed can see that this is alpine Linux. If we just go through some of the tabs here in resources, you can see our hundred 28 meg, but you can also see we can add mount point and we can add device passthrough as if you had LAX container running here. Which is very interesting option, I would say, and should simplify a lot how you run some services on your Proxmox. Then if we go to options, we talked about entry point, but let's have a look at the environment. This is simply where you add your variables to your Docker container. You might want to add some variables. That's where you do that using the options environment. Currently, only path is specified, but you can add additional ones if you want to. Let's maybe go here. I will say exit. It will shut down this container. Now let me remove it. Now, if I want to pull something from different registry than Docker Hub, then I need that full path. Let's say you want to pull something from that Github container registry, maybe home assistant. Bear in mind that you need the full path then because Docker Hub is assumed here as a default repository. But if you want to pull from GHCR, you need to put it here, cart IO, let's say home assistant and it's a home assistant again. If we query the tags, we can see the tags, can scroll down to see the tags available. But if I remove that GHCR and leave just this and if I query the tags, you can see that without this registry host, it kind of assumes that it's hosted in Docker, and in fact, this image is not hosted there. It's hosted in ghcr dotio. That's why we need full path. The other thing about those registries, if we go, even if you go to Docker Hub let's say, if I go back, maybe let's search for I don't know Plex. You can see that each container can come from different sources, yes. For example, Linux server is very popular location for Plex, but you have many, many other ones where you can pull the Plex from. And the funny bit Oh, it's like 17 pages, yes. The funny bit is that the official Plex image is not even here because the official one from Plex INC is called, in fact, PMS Docker. And you can see that official Plex media server, Docker Repo, and you need like 500 million pulls, and that's the one want to pull if you want to have official plex image. You can see all the information here, you can see it runs on port 32400 and you can pull it using this command. So we can simply copy again here because we are back on Docker Hub, so I can use just this, paste it. Let's queer the tags. Go back to the bottom. I will pull the latest one. Because I want to show you something different. It says task. That's what you always want to see. Let's create the Ct. I will also call it maybe 45 as the previous one. Let's call it Plex, password. Next, template. I need this one, PMS Docker, which is Plex, storage maybe this time will increase some a little bit. One core, maybe 1024, next, IP. Next, next. It's a detected OCI archive, and it's Task okay. Which means we can now start. Our container, again says application container detected, Console might not be fully functional. On this occasion, if I press Enter, in fact, it doesn't do anything, you might be thinking, what's going on here? First thing, we still can access the Plex server because if I go to HTTP, not a, but HDDP on is to 192-168-1245, this is the IP of M Docker container to port 32400 forward slash web. We can see, in fact, Plex is up and running. It says application is not hosted by Plex, of course, because I host it on my Docker container with this IP address. But how do you get to that? How do you get console output? What you have to do, you have to go back to PVE and you say, PCT, Enter, and then the container ID, which is 245. You can see you are logged on to your Plex. But why this way? Why I can't access it as I did with the alpine? That's because this Docker container is different. If we run PSX, you can see many services running in one container, and in fact, if we go to that plex, if we go to that options that we explored for Alpine, we can see now the entry point is different. It's called forward slash in it, and in it behaves like a system container, which means it behaves like an LLC container. It's not a single service. It's multiple services, and you won't kill it by simply exiting one of the services. And another thing, if we go back, I mean, sorry, I have to run PCTEnter again. If I say cut at COS release, we can see that Plex is basically running on Ubuntu 20 404. If you can see, because if you go here and in options, you have the it as an entry point, that basically means it's a system container, equivalent of Alexy container. So I know it's confusing. So you can see the differences between those Alexy containers and Docker containers sometimes might become a very blurry. For me, the most important bit is that it works surprisingly well this technology at this very early stage. Remember that it's still technology preview, so it's not even beta. This is simply the stage where Proxmox wants to figure out if it's worth pursuing to develop it further, and I think it is. Of course, for me, personally, support of Yamlofles where I can create multiple containers by running just a single template file would be nice addition. But the fact that this thing already works and it's so easy to use, it's really, really refreshing, I would say. Oh by the way, the environment, if you click that, you can see you have many more environment variables here, but you can still add as many more as you want. That's it for today. Hope that was helpful. So thank you for watching. 21. Proxmox OCI Containers + GPU Passthrough + Mount Point + HW Transcoding: This video, I want to show you how super easy it is now to mount a storage or pass through devices like let's say GPU from your Proxmox to a Docker container or any other OCI compliant, unprivileged container. If you want to run Jellyfin, Plex, MB, or anything that needs, for example, hardware transcoding, now it's very easy to do. We already know that since Proxmox 9.1 release, you can run Docker containers directly on Proxmox. We know that Proxmox can now pull Docker images or any other OCI container images and Proxmox can read all those layers for that image and it will run that Docker container similar way to how we run standard Lexy containers. We know that because that's what we were talking about in previous video. We saw how to find Docker images, how to pull tags, and how it streamlines the entire process. That means you no longer have to run Docker on top of LXC or VM because you can now run Docker containers directly on Proxmox. You know what? That is not even the coolest thing about this technology. The fact that your Docker containers run in Lx like environment also means it's super easy to mount external storage or pass through any device from Proxmox to that container because you can use that graphical user interface that was added, specifically for that for Lexy containers in Proxmox 8.4 or something like that. You don't have to deal anymore with all those nasty bindings and ugly looking configurations within the.com file. You can now simply do that with a click of a button. In this video, we will mount external storage and we will also pass through my integrated graphic card to giffin unprivileged container. But I will try to explain each step, so you will be able to apply that solution to any Docker or OCI container running on your hardware and it doesn't matter what hardware you have there. The only thing that matters is that you are running Proxmox 9.1 or newer. Let's get started then. So this is it. This is my Proxmox 9.11, as you can see, and we will use official eifin documentation for running the container and then for passing through the graphic card and external storage. But first of all, we can see the official container image can be found here, Jellyfin forwards Jellyfin, which is pulled from Docker Hub. But you can also pull it from Github container registry, as you can see, and there is also Linux server dot IO. And honestly, this is the one I like. I don't know why, but there is no particular reason. I usually use this one. So let's just copy it. I just go back to my Proxmox and now in my local PV, I go to City Templates. I use this new option, pull from OCI registry and I just past it here. Linux server forward slash Jellyfin. I will query the tags. If you don't know what tags are, you can simply see them here, but you can also go back here and there explain latest tag is always trucks the latest. Usually go for latest or stable. Let me just start typing latest and I can see it's available. I will pull the latest tag. I say download. We'll wait for 5 seconds or so now the template based on that Docker image has been created. It says Jellyfin latest. I will now create the container. I will change that maybe 246. First name Jellyfin. I need some password. As this is required field and bear in mind, I use the unprivileged container. We don't want to use privileged. I say next. The template, the one that we just created or pulled. I say next, again, the disk, I can leave eight gig because I will use external storage for that. Basically, this storage will be just for Jellyfin and eight gig is more than enough just for Jellyfin. I say next, core one core is fine, next, next. Well, I need an IP address, so I will say 192, 1681, 246. I usually match the container ID. I created a container ID 246, that's my IP address. But obviously, might be different on your side and default gateway is one dot one, so I say next. Next and finish. That's all I need. It's a detected OCI archive. That means it is aware that this is not normal xy, but it is something that was created based on Docker image, and now we have Task Okay, which means I can close it and we can see our container here. If we go to resources, that's all we have memory, swap, one core, and root disc, which is eight gig. But now I want to add another disk. I want to add, actually, my SSD drive, which is two terabyte SSD, and I've got some videos on it. What I have to do first, then I need to plug it in. In my case, it's a minipC. It's a billing minipC with N 100 processor. I plug in my SSD drive. Now I can go back to my Proxmox to PVE, to shell, and now if I run LSBLK which means list block devices, I press Enter, and I can now see that disc here at the very bottom. How do I know it's this one? Because I can see it's not mounted. It doesn't have mount point. Honestly, maybe even easier would be to run this LS BLK command before you actually plug in your SSD drive, and then you run it again after you have your SSD drive plugged in. You will simply see a new device that is there, but it's not yet mounted. You can see mount points here and there is no mount point for this disc. It says 1.8 terabyte, but it's two terabyte disk. How do we mount it first? Because we have to first mount it to the Proxmox itself, and then we will pass it through from Proxmox to our container. To mount it to the Proxmox, it's super easy. We run LSL for the root folder, we can always see that MNT folder. This is a great point where you can mount any external storage. So I will do first, I will first create a directory within that mount directory. I say, Make D, Me directory, P, it will create entire path, M&T will call it SSD drive, maybe. Which means now if I go to that M&T folder, I run LSL, I can see this SSD drive. But if I go to that SSD drive, LSL, I can see there is nothing here, which makes sense because this is the folder that I've just created. But this is the location. I want to mount my SSD drive too. I run command, mount now this is the physical device, SDB, this is my SSD drive, and SDB one is the first partition on this SSD drive. Now I want to mount the partition, not the physical disk. You always mount the partition. I say device that I want to mount is called SDB one, which is partition one on device SDB. I hope that makes sense. Now, where I want to have it mounted. I say M&T SSD drive, which is the folder that I've just created and I want to have it mounted here. I press enter, and now it might take a while. Sometimes it takes up to 1 minute, so we just wait. And now if I run LSL, this is sometimes confusing for some people. When you are already in this location, nothing will change. You have to go back, let's say cd dot dot and then go back to the SSD drive, CD SSD drive. You have to refresh this information. I run the same command again, LSL. Now I can see all the files and folders that are on my SSD drive. And the folder I'm interested in is actually this video folder. If we go to video and they run LSL again. I can see I've got two videos. They are both four K videos, and we will use maybe one, maybe both of them to test transcoding on ery fin container after we pass through our GPU. Basically, whatever I have in that SSD drive in the video folder, I want to have this to be available in my Docker container, in my Jerryfin Docker container. Maybe I will copy it. MMT SSD drive forward slash Video. Let's copy it. The next thing we have to do is to pass through that location to our container. So we go to Jellyfin. You can see there is only root disk, but that will change. Let's go back to PVE. I go to ETC PVE LXC. If I run LSL, I will see a configuration file for my container, and the ID will match this Docker container. Oh. I have to go back again. I say nano 246.com. This is the configuration file and we want to add one entry, maybe here after root file system, but it doesn't matter where you will add it. But I think it makes sense to add another disc volume right after the first domain one, the eight gig one. Here I say mount 0.0 column, space, what I want to mount. I want to mount. Actually, I have it copied, I believe, still, if I paste it. S. That's the location. I want to create mount 0.0, which is this location on my Proxmox, and now I say comma MP, and this is where this mount point will be seen or can be found within my Docker container, and I want to have it in media. Jellyfin will have that media folder, and all those files that are here will be visible here in media folder on the container itself. We will see that later on. Now I just say Control O, Enter, Control X. If I run CAT, this is basically it. If we go back to Gerry fin to the resources, now we can see this mount point here. Mount 0.0 is indeed mount SSD drive video, Mount point is media. We can start the container and just double check if we indeed see those files in media folder. I say start, the container is running, which means I can do two things. For some Docker containers, you can simply go to Console, press Enter and you will have access to the console, but not for all of them, that depends on the confit but I can always go to PVE and I say PCT, Enter and the ID of my container, 24c. Now you can see I'm no longer on the node. I'm on the container itself. And if I go to media, this is where I'm supposed to see my files. I run LSL, and indeed, I can see both of my files. But that also means I can now go to HTTP to the IP of the Jellyfin container 192-168-1246. I was, I think, to port 8096. This is the port that Jellyfin on. I press Enter, and here it is. Welcome to Jellyfin. This is Jellyfin running on Proxmox as Docker container. I say next, username user name ABC, but I will change it to Mark. Password. I will put whatever say next, and now you can add media library. I want to add movies, and I want to add the folder media because they are in media folder. Remember, I'm still on container, and container can see them inside this folder forwardlaMdia. I say, Okay. Okay. I say next language. For me, United Kingdom, next next, you are done. Finish. Now we just have to sign in using the credentials we've just created. I say sign in. And in fact, I can see both of those files. But if you want to add remote location, like if you have NFS server or SMB maybe on your network attached storage, you can also do that, but we already talked about it. There was a different video you can watch. It requires just one or two more steps. It's pretty simple process very similar to this one. So if you want to have the videos available here that you store on remote NAS, then that video explains that process, and you can apply it here. That's cool. But what about the GPU? And what about the transcoding? That's what Jellyfin can do, but it requires access to the hardware acceleration on our graphic card. File, it's a four K video. Let me pause it and what is transcoding? It's when you change the resolution or format from the original one to something else. As I said, this is four K video, but if I go to settings, I change the quality to maybe the lowest possible. That means this four K video has to be transcoding to very poor quality video and only then can be displayed here. If I play it now, I mean, it took a while. I didn't even realize, Look at that. If we go to play B info. Oh, this is very, very poor. This is struggling. Everything takes a while. I can see it transcodes 14 frames per second, and you can see how it lags. Everything just became so slow. Look at that. 14 frames is not even enough to play with normal speed. It's 0.2 of the required speed because this is 60 frames per second. Why is that? Because now everything is done by the CPU. There is no hardware transcoding. That's why we have only 14 frames per second. We can see the video code accused is 8264. All right. That's cool. We know what happens. And actually, if I go back to Proxmox, I should see in the summary, you can see the spike. Look at that spike, CPU. Well, it will go even higher. The CPO simply struggled to transcoding it because it doesn't have that hardware acceleration. Hope that makes sense. That's fine. Let's close it maybe. And passing through the GPU is very simple. You just go to Jellyfin to the resources, and you can add MundPoint or you can add device pass through. We already have the mount point. This is our SSD drive. Now we add the device, and you can pass through any device you want. It doesn't have to be GPU, yes. It can be network card or whatever you want. But before we add that device, we have to find out what we have to pass through. Because you can see it requires device path. How do I find out what is that path? Well, the thing is, if we go back to the PVE to the shell, so we are still on Proxmox is. If we go to devices to the DRI folder and we're on LSL. By the way, if you wonder Mark, how do you know where to go? Well, I still use this file. These instructions. We are done with the container itself. We install the container. Now if you go to post install setup, you can see the transcoding section. Now you choose whatever GPU you have on your device. For me, it's integrated graphic card on Intel N 100 processor. That's why I go here, Intel GPU. Here it is tutorial on Intel GPU. We can see we can use two methods for hardware transcoding, QSW and VA API. If we go further, we could see our codec is actually h264, and it says, A Intel GPU can support transcoding for that codec. School. We go further and I need Linux setup because Proxmox is Debian based, which is Linux based, Linux kernel. The first thing it needs, it says it requires this thing, Jellyfin FF mpeg. But in fact, we already have that. And by the way, this is the location we are currently in depth DRIs. But regarding this package, we can go back. We can go to our container. So I say PCT enter 246, sorry. I can run command user lib, Jellyfin, FFmpeg, FFmpeg. And it shows me the version, which means this is already here running. Which means I don't need to install it. But if I had to install it, I would just run update and up to install these packages. Next point, make sure at least one render D device exists in this location. That's what we were checking, actually. This was on Proxmox, remember, yes. Back on Proxmox, we go to Dev the RI folder and we can see the render is indeed here. The card one, sometimes you have card zero, sometimes card one as a first physical graphic card. I don't know why is that because index should start from zero, but sometimes it's shown as card one. If you want to pass through entire card, that's what you would pass through. De DRI card one. But they say, the only thing we need really is this render device, and we've got one as well. We've got render d128. But if you have multiple graphic cards, you might have 128, 129, 130, and so on. I have only one, so I have render D one, 28. This is the device. This is that hardware accelerator you can use for transcoding process because we don't need entire card. We need just this render device. Let's go back to the instructions. And it says, add Jellyfin user to the render group. This is the render group that has access to that render device. Yes. But if we go back to our Proxmox to our Jellyfin, we are still on Jellyfin container. Maybe let me clear that. All right. We are on Jellyfin container. If we run PS Ok Command repress Enter, you will see that the process called Jellyfin that uses that FFmpeg library is run not by Jellyfin but by user called ABC. This is the user that Docker container, this particular Docker container will use to run Jellyfin. You can even if I clear it again, I will do up arrow, you can run PSOks, grab Jellyfin. That will be easier to find. We can see Jerry fin is run by user ABC. Now I need user ID and group ID for this ABC user. I say ID, ABC. I can see that user ID for this ABC user is 911 and the group ID is 911, and that's all information I need to pass through this device, which means I go back to Geryfin. I shut it down first because to pass through the device, we have to shut it down anyways. Now I add the device. I say device pass through, I will take this advanced options. And now, what I have to pass? I want to pass Dev DRI, render D one, 28. That was that hardware accelerator. Remember, we checked in Proxmox. Now, the user ID in container, by default is zero, which is root user, group ID in container, by default is zero, which is also root user, and access mode is 0660. These are the permissions for that device. I will show you what it is, what that is later on. We simply need here user ID, which is our ABC user on Jellyfin. Remember, you have to match user as seen in container. Means 911 and group ID for that user ABC was also 911. We can leave this access mode as it is. I say, add. That's it. Now I can start my container. We can see it's up and running. So again, I go to PV, I say PCT, enter 246. And if we go here now, see the Dev DRI, LSL, I mean, I didn't run this command before, but you would see just empty folder. But now we can see device called render d128, and the owner, the user ID is ABC, and the group ID is ABC. And at 0660, the permissions, they are the standard Linux permissions, you can see here. So user can read write, group can read write, but anyone else cannot. Looks as expected, so we can go back to the instruction. And you can see we didn't have to play with that part because it's not even user gerifin that runs this eryfin process. But let's go further. It talks about Intel OpenCL ICD. If you want to check, if there is such thing, we just copy this command. We are still in the container. I will paste it here, press Enter, and it tells me that there is no such thing, installed non candidate none. So it says you can run simply this command. I don't need sudo because I'm already route. You can copy entire command or you can just copy up to install that thing. Let's paste it. Let's run it. Oh, we first need to run up update. That's within the container. Remember, that's cool. Maybe let me clear that and now I will use up arrow, and now I install this command. I mean, I run this command to install that link. Cool. Let me clear again. And if we run that previous command, now we can see we've got installed and candidate, which is what we want to see. We can go further than. Check the support QSV and VA API codec. All right, that's very important for us. This is what we need for transcoding. It shows you this command. And we expect output something like here below. Let's see what we get. Oh, that's long output. But if we go up, we can see that VA API version is already there, and also there VA open driver returns zero. Return zero usually means, perfectly fine. Zero is success, which means we are done. That VA API is available. Next command checks the OpenCL runtime status. Let's copy this first command then. Maybe clear again. I will paste it there. Press Enter. Oh, there is no psudo command here. Let's remove this psudoEnter. This is what you expect. We expect only green stuff. You don't want red stuff, right? We already know that VIAPI was up and running, but we also can see that OpenCRGraphics was also found and Intel QSV is there and it's available. That means we can go further. Well, there's nothing else ready. That basically means everything works as expected. But I have one more command. It's very long band. I can't even remember where I have it from, but it's something like that. And if we run it, it tests everything including the previous tests. But you can also see the MFX session, which is required for the herbal acceleration, and there is a little test. Basically, at the end, it tells you terminating red with return code zero, which is also success, which means everything works as expected. Let's go back to the Jellyfin then. I mean, to the graphical interface, HTTP. Yes, this is what I need Jellyfin go to movies and you would think that if you go now to your video, you would have transcoding, well, not yet. You have to still configure it here within Jerry fin. As you can see, it takes very long time. Come on. That's very slow. Again, just to compare, we say playback info. We can see just 13 frames per second. That's fine. We stop it because we know this is being transcoded by our CPU, we go back and we go to dashboard within the eryfin we go to Playback, transcoding, and it says transcoding, hardware acceleration, none. That's where you want to set whatever your device supports. For me, it can be either QSV or VA API. But the recommended one was QSV. That's what I'm choosing. And hardware decoding for my codec is already highlighted, but I believe it also supports this one. I think one, one, that's something you have to check in the hardware specification, whatever your GPU supports, right? But it doesn't really matter. I know this O, this was already. The 8264. But here in the QSV device, you can see they say specify the device on the multi GPU. While I don't have multi GPU, I like to be specific and also put this device there. I know this path is correct because that's basically what we passed through the DRI render d128. I simply hard code it here, and we scroll down. Nothing else is interesting here except of the save button at the very bottom. I say Save. Now we go back to our movies, to the same movie. Now when we play it, if we go to settings, play by info, we can see we have 220 frames per second and it's not lagging anymore. It's responsive. It plays it immediately. But basically, yes, that's what it is. We can see the transcoding works as expected and it doesn't use CPU. I now uses the GPU hardware accelerator. And by the way, if you change that configuration here in the dashboard, if you change that config and then went back to the video and it says playback error or player error or something like that, that means you have this user passed through incorrectly. In this device, if you edit it, this either user ID or group ID or both of them pass through wrong user. There is a little work around. If you don't want to figure out which user ready should be passed through, you can change the access mode to 0666. This is basically granting the access to the surrender the one to eight device to all users within the container. So from security perspective, it's not desired probably, but that's the easiest way to get it up and running, right? Passing through the permissions for all users. But for me, it can be zero or I can simply remove everything because it's by default, this type of permission. Hope that makes sense. Thanks for watching, Marek. 22. Deploy ARR stack with qBittorrent and Jellyfin using just 1 command!: How long do you think it might take to deploy R apps like Prolar, sonar, radar, lider, or Homer, and then add qubit turned client to that and Jiffy media server on top of that. Some of you might think that it might take hours. But with the method I'm going to present, you will only need one command, and it only takes 5 seconds to have it all deployed. You can have it deployed on any operating system where Docker can be installed, which means nearly any operating system really because on Linux, you can have it installed natively, the Docker on Windows or MacOS, you can use tools like Docker Desktop to have Docker running. A operating system will do. Let me show you what I mean. I will go to pertainer first, and you don't really need a pertainer for what we are going to do today, but I just wanted to show you clearly what is going to happen in the background. But portainer as such is not a requirement. Just wanted to show you that we have only per container running and then that RMBG the remove background app that we were working on in one of the previous videos. But as you can see, there is no QbitorenGfin, or any of the RSC applications running. So that's my whole point. Let's open the terminal then. The command I need is sudo, Docker compose, up, D. Let me show you what happens. Click Enter. Oh, password. That's it. Job done. Well, it didn't even take 5 seconds. It took like three or 4 seconds, I guess. So let's go back to pertainer and I don't know why Homer is always late. Like the status is always shown a little bit later than for all other containers. But never mind, you can see we have something called R Stack, and all those applications are part of RSC. So now if I want to go, for example, to QBI Torrent, I can access it on Local host on port 80 80. So I just go there. HTTP. Local host. 80 80. If I log in, this is my QBtTrrnt. If I want to access something else, maybe Rader, Ryder is running on port 787 night. That's the whole point of this ptaer. I just wanted to see it graphically. So 7878, that means I can go here, HTTP. Local host 7878. This is my Ruder, I can access any other application. I will not go through them all, but you know what I mean. How does it work? How can it be deployed so quickly? Some of you might have already guessed that this command, looking at that, you probably have guessed that we have a Docker compose file that includes configuration for all those components. All the configuration for those applications will be in the Docker compose file. I will share that file with you so you can have exactly the same solution applied on your system and we will go through it step by step to understand what it does and what you can change to adjust it to personalize it to your needs. What I'm going to do now, I will remove everything, including Docker compose and all the images and I will start from scratch. I will show you step by step how you can also deploy it this way. Maybe before I do, let me show you some more commands. For example, here, I can now do stop to stop all the containers. In the ptainer, they will be shown as exited. So if I go back, I can do now again, pseudo Docker compose RM to remove them. Are you sure? Yes, done. That was not even a second. If I go to portainer, you can see it cleared. There are no containers running. But I can also go back up arrow, up arrow up arrow, psudodocer compose up the D. Again, I can build everything again in three, 4 seconds. And Homer is late to the party again. But it works. Just to prove it, it's 7575 port. So let's go here. HTTP. Local host. So yeah, you can see it's up and running, we just have to log onto it. But let me remove everything, as I said, and we will go and build everything from scratch. Okay, I have removed everything now. So where would we even start? First, you have to make sure you've got Docker and Docker Compose installed on your system. And how you do that obviously will depend on your system. But for me, I'm on Ubuntu, so I can just run Sudo app install docker dot IO, then Docker Compose. And I can add Y to auto answer. Ter. And as you can see, I've got it already installed. So I've got Docker Compose already installed, newest version, and Docker AO also installed newest version. So that's fine. What we have to do next is we have to go to the Github repo that I created. I will paste the link here, but you will find this link also in video description and in the commans. So you just have to paste it in your browser and just go there. And these are the files that we need. I think the easiest way to do is to click on that green button code. And just download the Zip. This way you don't need to install anything like Github, CLI or anything. You simply pick that download Zip and it will be downloaded automatic it took just a few seconds because it's very simple code. That means it should be now in my download folder. Well, this is some old crap we don't need anymore, but never mind. Let me just go there using my terminal. So you can see YouTube 39 apps, one click. We have to unzip it first because it's Zip file. Maybe I will make it bigger. So it's unzip and then the name of the folder. If we run LSL again, you can see I've got zipped and unzipped. So I have to seed into that unzipped version. If I run LSL, you can see Docker Compose and ReadMe file, you have to run LSLA to see all files because it's a hidden dot ENV file as well. It's very important for us. And what you have to do, you have to really follow what's in read me file. Maybe let me open it here in the browser because it looks better. So these are the instructions that I wrote, bear in mind, these are instructions just for myself. I made them a little bit better, so it's clearer for everybody, but it's not like professional read me file. I should be good enough. So I pasted some useful links. Then you have to download zip files. We already did that and then this installation process. And before we run that Docker Compose a command, let's have a look at the other files. We've got Docker Compose, for example, and you will see all the services are configured here. It's a pretty long file, not that long but, you know. It has conflict for every single service, for every single application. Like, for example, here, you've got Prolar and in the volumes, you will find a variable. It's called R path. I will explain what it is. You will see that every single service will have that variable. If I scroll further to sonar, you can see also path variable. And then the ports and some other configuration. But I also want you to have a look at the last two lines. ENV file is dot ENV. It's this third file. So let's click on it, maybe. So in this dot EN V file, you can see that variable specified, and you can change it to whatever you want. What it means, all my R apps will be installed in media folder in R folder, and it will create sub folders with the services name. If I go back to Docker Compose, so that's basically it. It will be media, forward slash R, forward slash prowler, and then forward slash convic. That will be full path for this particular volume. So what I mean if you want to change it, you can change it to whatever suits you. Then we have user ID and group ID, and we've got the time zone. User ID and group ID, you can leave it as it is, or you can change it as well, and the time zone just adjust to whatever where you live, you know. It will depend on your location. You will also see if you install this stuff on Windows, this path will look a little bit different because on the Windows, you've got usually something like that. You use back slashes, not forward slashes, and you have to specify the drive like C or D or E, whatever. Reason I did it that way is every single service will have the same user ID and group ID. Each service will have the same time zone, and each service will be installed in the same media forward slash R folder, which is very important because we will change the permissions to that folder. But that's enough. Maybe these settings are okay for you and you don't want to change anything. You don't have to. You just go back to read me, and that's basically all you have to do is to run sudo Docker Compose D. I will copy it. We'll go to my terminal. They only have to make sure that I am in the same location as my Docker compose file. Then I just paste my command. If I was somewhere else, it's still possible to run it, but you have to do F and then full path home, whatever, you would have to specify the path to this Docker compose file. But because we are already here, we don't need to do that. Will make it bigger. Now if I run it for the first time, it will take much longer because Docker will have to pull all the images for every single service. Let me show you click Enter. You can see it's downloading now image for the prowler first. And now it's completed, but it took three or 4 minutes, I think, but that will depend on your Internet speed and some other variables. But what it means, they're all done now. That means I should see them in my pertainer. And homer again, starting, but you can see, Oh, what I first see the stack name changed, but never mind, it doesn't really matter. You can change the stack name to R or whatever you want. But the most important is that all those containers are now up and running very fresh, and the homer is now shown as healthy. And regarding the deployment itself, that's basically it because all it does, it goes through that Docker compose file. You can see each one will have the image, and I chose the latest, the newest image for every single service, but you can adjust that as well. If you want for example, to stick with a particular version, it's possible to do it by changing this value. But what I wanted to show you is that R path. Let's go to read me file again and let's read because the deployment is done, but I want to show you also the initial configuration of every single service. Let's scroll a little bit further. This is what we did. This is if we wanted to stop the service and remove, but that's not what we want to do right now. The instruction says, go to folder specified in dot ENV file. I mean this one media forward R. Let's go there, see the media R. If I run LSL, you will see all services and download folder. They are all here in this location, created at exactly the same time. So what ReadMe file says, Redmi file says, I have to change the permissions to whatever is in that ENV file as well. 1,000 1,000, I simply have to match this user ID and group ID, and I have to assign those values as new owner of this R folder. It might be a bit confusing, but basically, what we have to do if I Cd dot dot SL, this is my Rfolder. All I have to do is sudo change owner recursively because I don't want to only change the Rfolder. I want to change the permissions for all the subfolders inside that Rfolder. I want to change owner to 1,000 1,000 for R folder. Center, that's it. If I run LSL now, you can see it changed from root to Marek. Well, coincidently Marek, if we do ID Marek, user Marek on this host on this Ubuntu server has ID of 1,000. If you log on to the container itself, you will see it's running as user ID 1,000, but the user will be ABC or something like that. It doesn't really matter what's the name here. What matters, this value has to match. I think I am overcomplicating this really. Let's go back to RID me. These permissions have been changed. That means every single container will have exactly the same permissions inside that folder. So now we can configure the QBItTorrent service. Why? Because it uses temporary password only. So to configure QBtTorrent, we have to run psudo Docker ps. Let's do that and be clear that pudo Docker ps. All my containers are listed here, maybe make it a little bit wider, bit easier to read, and I need the ID of the QBI torrent image. This is the ID. You can see container ID, it's this column, so I need this value. Let me copy it and I need to run psudo Docker logs and that container ID. Let's do that pudo logs, and I will paste container ID. You can see you can access QBI torrent by going to this URL. Let's open it. And the administrator username is Admin, and the password was not set. Temporary password is provided for this session, and this is the password I have to use. So let me copy it. Let's go there, Admin, but the password I will paste whatever was there. Let's click Login. Don't update because that's not the password that we're going to use permanently. This is a temporary one only. So let's go back to the IDM file and you can see now you can go to tools options, webi so tools, options, WebUI, and this is where I can create permanent password. I will do it now. That's my password, and I also click that Bypass authentication for clients on local host. Then I scroll down and they save it. So what I can do now, I can log out and I will log in again, typing my new password I've just created. Now I login and it takes me to the QBI Torrent with newly created password, permanent password this time. All right. Let's go back to the IDM file. Anything else for the QBItTorrent doesn't look like I can now configure the prowler service. And I'm not going to explain what every service does because I kind of assume that you already know, I will only concentrate on the deployment and initial configuration of those services, okay? So I will copy that. You can easily Google what is Prolar for, and you will find out. And there is lots of great guides already on it. For initial configuration, I just paste the URL, and every single service on the first run, it will ask you to configure user and password. And then it's up to you if you create the same user and password for all of them, or if you are lazy like I am, I will have the same user and password for every single service. But never mind, it's your choice. Authentication method, you can choose basic or forms. I usually choose forms, and then the user name Admin, I will leave it as it is, and password. Whatever you want. Save. That's done. So Prowler's main job is to have some indexers configured. Let's go back to the read me. It says, Go to settings, download clients first, Settings download clients, click plus, and then a Download client QB Torrent. I already clicked at Download client, so QB Torrent, and I have to put credentials for Qb torrent. So whatever I configured for QB Torrent, I will paste it here. And then if you click that Test button, you will see unable to connect to qubit torrent because here you have to type the IP address of the host, not local host, but the host, in my case, it's my Ubuntu server. So this is the main host, and I can type IP address. And I've got loads of virtualization, so it's a bit messy. But basically, this is my IP address of my host machine. So I can copy it and I will paste it here 192-168-1204. If I do test now, now it looks fine, so I can save it. And you can see qubit torrent is now enabled. What's next? Let's go back to RID MiFile and yes, that's basically it. So we can go to Sonar now. If you click the link, we can go to Sonar and basically do the same thing. Authentication method, I will use forms, username and password. I will paste the same again, but you can have different password for each service and save. Ah, what I accidentally did, I closed that read me file by opening the Sona. Let me paste the link again. That's the read me file. We are on Sonar. In Sonar, I go to settings, media management. And then what I have to do add root folder and set data TV shows as my root folder. Add root folder, data, TV shows. Okay. And what I did here really is if we go back here and if we check our Docker compose file, if we scroll back to Sonar, I matched this folder. TV shows is a root folder for Sonar service, and they will differ a bit because, for example, for radar, it will be data movies. For IDR it will be data Music folder. So there is a slight difference between them, but except of that, everything is very similar. So go back to Sonar root folder has been added. Let's go back to Rhythm file. So first step is done. Now I go to settings, download clients, plus. So again, settings, download clients, plus, and our download client is KubitTrrent. And we repeat what we did previously. Post is 192-16-8124, credentials for QubiTrrent and I can test it now. And it gives me a little green tick. If I run again, have a look. Green tick means okay, so I can save it. And I've got QBID torrent added. There is also that remote path mappings. I think I mentioned that in read me file. Yes, in case your QBID torrent and RStck are installed on different hosts, this is something that you can play with, so it will still work. But for us, it's not important because we've got it on the same host. Everything is running as the same stack on the same host machine. That means I can go further settings general scroll down for API key. Settings, general scroll down. That's it. API key. I copy it, and what do I do with it? I have to go to prowler settings as. Where is my prowler here? Settings, Apps. Under the applications, I have to click that plus, and we are currently setting Sonar, so I chose Sooner it asks me for API key. So I will paste it. Let's test it. We can see it moans about local host again because I have to use that IP address of my host, which is 192-16-8124. Same for prowler. If I test now, now it's all fine. Green tick, safe. What else shall we do here? Let's go back to Redmi file settings general switch to Show Advanced Settings general switch to advance is here, show advanced. Now you can see more options, you scroll further, and you have backups and backups, I have to configure data backup. So let's click that folder, remove that. Data, and I will choose backup. That's my folder. Okay? Basically, what we do here is we are matching in Docker Compose. Scroll down. We are matching this folder, data backup. The path on the left from the column is on the host and on the right from the column is on the container. And right now we are matching the path on the container, which is data backup. All right, so let's go back. So we click the safe changes, and that's it. Let's go back to the Rhythm file. Sonar is done now radar. But if you read the instructions, you will see it's exactly what we did with Sonar. The only difference here will be that your root folder for Sonar, as I said, is data TV shows and for radar is data movies. Then for lighter and reader, you will again, have to match this folder to whatever is in Docker compose. So Lighter is data Music folder, and reader is data books. So I will not go through them. I hope that is clear, and the root folder will actually be the only difference between them. Okay, let's maybe do the reader quickly, but this will be the last one. We can figure. So again, form page, puzzle. That's it. Next, settings, media management. Root folder, settings, medium management. Root folder, data, you will see it here anyways, movies. We know it's not backups, it's movies. That's cool. Settings download clients, plus QBI Torrent settings download clients, plus QBI Torrent, credentials for QBI Torrent. And not local host but 19216, eight, 924 or whatever your host IP is test safe. Next, setting general API key settings general API keys. Go to prowler ad application, Rader one sec. Don't mix them up because there is radar and there is reader. I'm setting radar right now. API key is that local host replace with my IP. Test. Safe. Okay, general advanced data backup. General, show advanced data backup. Okay, safe changes. We ignore those three? Well, to be honest, Homer, yes, it's in the stack, but I never played with Homer. Never had time to have a look at that really. So it is added, and you can access it on port 7575. But I don't even know much about it because I've never used it. But what we have to do now we have to go back to Prowler and click indexers at the top right Indexer. Okay, so Prowler indexers, add indexer. And this is the list of There is loads and loads of indexers. You can see 627. You have to find ones that work for you. What can we do? It is. That's the popular one. Test, save. And what else? R Bili. That's another one. Test, green tick, so safe. Okay, can close now. This is something you have to fiddle with because some of them might work better, some of them might work worse, depending on your location, on your needs, et cetera. Okay, so let's go to the Rhythm file and then click Sync Up indexers icon. This is a little icon, sync up indexers. We have to click that All right. Now if you go to settings ups, so settings. As we can see full sync for radar and sonar. And that's cool. As you can see, ASC completed. I mean, not entirely because you have to go through configuration for reader and lider, et cetera, but the process is exactly the same for all of them. And how do you work with it? How do you add movie to radar or add series to Sooner? Well, if you go to radar, for example, you go to movies. You can see I have no movies found now because I never searched for. And you know what? There is a lot of stuff that you can find using radar and Sonar, but we obviously want the legal stuff only. So I will go to FireFolks to Google and let's say films that can be fully legally downloaded. And you got some redid stuff, but there is a Wikipedia. List of films in the public domain. Look at that link. It's a second link. Public domain means that the copyrights are either expired or the film never had any copyrights. So if we click on that list, it says, No government, organization, or individuals own any copyrights over the work. So if we scroll down, there is a lot of legal stuff here. But basically, if you scroll further and further, you will see a list of the films, and you will find more information about each of those. And it's quite a lot of them. If I scroll further and further and further, A star is born, but not the new one, 1937. Let's see if we can find it. Okay. So technical or drama, let's copy it. Go to my radar, add new. I will paste it, and I will add 1937. There it is. As is born 1937. So I can click it, add movie, and it will be listed in my movies. If I search all, well, you can see color changed. That means if I go to my QBI Torrent, I can see it already started downloading. A star is born 1937 remastered. And what this means when this is downloaded, I can then go to my Jifin which is running on port 8096. I will go there. So Jifin I can configure it first. I have to the password. Maybe user name, also Admin. So every service will have the same user name. I will do next. But now the media library, I can add new one, content file movies. What I have to do basically here is to add folder, which is specified in my Docker compose, of course, if I scroll down, Jerry fins here. I have to match the data movies folder because that's what's on container and as I said, on the left is Path on the host. I have to match container folder, data movies. Add Data movies. When the film is downloaded, I will be able to watch it using my Jifin application. I hope it all makes sense. If you have any questions, let me know in the comments. Thank you for watching. 23. ARR stack with Gluetun VPN (build your own docker-compose.yml file!): Hi, everyone. He a look. This is my newest R stack. As you can see, except of standard containers like sonar, radar, giffin or Kubitornt, I have now added not only Bazaar, but most importantly, I have now configured gluten container so my traffic can go via VPN tunnel. All of that, all these services can be deployed in 5 seconds with one simple command, Docker Compose D. So it's very similar to what we did in previous ARStACRlated video, but that previous ARStAC was a little bit smaller and you guys asked back then how to add some additional services like that bazaar, I mentioned, but most importantly, you asked for that gluten container which can be added and then used to manage our VPN connection. Here it is. This video will be a little bit different though, because I don't want to just share the completed Docker compose file with you for you to run. I want today to go through the process of building that Docker compose file from scratch. If you ever want to add remove or change any containers, any services within that file, you will be able to do it yourself. You will simply understand what every single line in the Docker compose file does, so you can change so it does exactly what you want. Yes, you can change it and adjust it however you want. But before we start building it, let me just show you how to remove current stack and how easy it is to run it again. To remove my entire stack, I will simply run Docker Compose down command. We'll press Enter and it will stop and remove all the running containers and will also remove the network. If I go back to container, should they are now gone. Only Ptainer is up and running, which is not part of the stack. If I want to have my stack back up and running, just go back. I just press up arrow because I'm lazy and I will say up D enter and within a few seconds, not even 3 seconds probably, I should have my stack back up and running. I see the gluten is still starting, but if we refresh, it should be now healthy. It is healthy now. That's how easy it is. But we will now go through the process of building the Docker compose file. Let me give you a glimpse of what it looks like currently. All those services use this single file. It's Docker Compose dot Yao you can see that we have all these services here. We've got a gluten, we've got the Jerry fin, we've got the cubirrent, reader, lider, bazar, whatever it's pronounced. My pronunciation is crap probably, but never mind, Prolar and sonar, answer and rider, of course. But that's what we are going to build from scratch. I want you to understand every single line within that file. All right. So let's close it. Let's remove the stack again. And I will actually remove everything, you know, I will also remove the images, and I will remove even the docker itself to really start from scratch. I mean nothing installed. Alright, all the stuff has been now removed. Even if I run like a Docker command, you can see no such file or directory. So let's start from the scratch. First, let's run sudo up to get update and Sudo UtgUgrade. So we will have our system up to date, and I will say day, which will auto answer yes to any questions, yes. So let's presenter. So that's now done. Next thing, let's install Docker. I just run psudoU install Docker dot IO. But Docker AO does not include Docker Compose commands. So that's something we have to add. I will just say Docker Compose. And I will also add that Y because we need both Docker and Docker Compose components. I just press Enter and it's been installed now. Let's just wait for a while. Shouldn't take long again. Okay, well, that's not exactly unexpected. I can see failure, but I noticed that sometimes when I uninstall and install again, quickly, it gives me that failure. You shouldn't get that. If you have fresh system, Docker will be fine. If for example, when I clear that, I run system CtL status Docker, it says failed. It says, start request repeat it too quickly. So what we can do, let me just start manually start Docker. Pudo. Now if I run status, now it's up and running. Sorry. As I said, it only happens when you uninstall and install it again shortly after. That's what I did. Never mind. It's now fine. So we've got Docker and Docker Compose. We can check Docker, let's say, images. We've got no images, but the command works as we can see. We can check the Docker Compose command. Looks like it works as well. It gives us the options available. That's fine. So that's done. The thing is by default, all the time you work with Docker, you have to run those commands with Sudo, like a sudo docker, blah, blah. If you don't want to run all those commands with sudo, then you have to add yourself to a Docker group. What I mean, you can run, it's optional, but it's worth to do it maybe. Who am I? When I run who am I? I will give me the name of the user that I'm currently using on this Ubuntu system. So my user is Mark I can use that user Mark and add it to a Docker group. I run sudo user mode, smallcase A, capital letter G, AG, and then Docker and then my username, which is Mark. You have to put it, of course, whatever the output of who I command is for you at the end. I just press Enter, and now you either have to log out and log in again, or you can run a command which is new GRP Docker. This should do the trick without logging out. And both those user mode and that new GRP commands are optional. So you can ignore them, but then you have to remember that all the further commands you would have to run with sudo Docker, blah, blah, okay? But now because I run those commands, I shouldn't be I mean, I can run just Docker. So next part is also optional, but I want to install portainer. So we will be able to clearly see our services as we saw at the very beginning. So once we have them up and running, we can see them in portainer. But that's all it is. We will not use pertainer for anything else. We will use it just for showing the running services. So you can skip this part if you want to, but it's just two commands to install ptaer anyways. It's better to Google them. Let's open the Google, and I say, what? Install portainerUbunt. O typo but never mind. Let's click that stop link and scroll down, and we have the deployment. That's what I need. I need this command, Docker volume, blah, blah. Press Enter and now second command that downloads and installs the pertainer server. So here is little copy. Bottom, if you can see it, I just press that. It's copied now, so I can paste it here and the press Enter. Unable to find image locally, so it has to download it. But that's normal because I removed all Docker images. So first time on first run Docker will also have to pull the image first and only then it's able to run. Pull complete. So if we go back here and if we scroll even further, we can see we can log in by using this, I can copy again here, so I open new window and I just paste and go. And we've got the ptainer, I will just change the pusswd. You have to set up the password. Okay, login. This password will be now used. And here we have to pick the environment, which we only have one local, so we just press that, and you can see well, let's click containers. We've got one because the portainer itself is a container. You can see it's up and running. But it's not part of the stack because there is no stack name. All right, but let's building our Docker compose file. That's the fun part. So let's Google again, maybe. Let's Google for something like radar, Docker Compose. And we've got the image first. But what I'm really interested in is that second link from that linux server dot IO. We will click on that because most of our services will come from them anyways. We can scroll down here a little bit, and we should have a template for Docker Compose, and we can see it's here. And I can use those two squares here in the top right corner to copy everything to the clipboard. So I will do that. And now I would usually use VM or nano text editor, but I just wanted to show you that any text editor is fine. I will use here, we've got the text editor. And I will just paste my output here. You can also use Notepad on Windows or text edit on Mac. It does not matter which one you use. You simply need some type of text editor. And what you can also do, that's what I did. I will use those hashtags. Simply hashtag means ignore that portion. We can use that to clearly state what service we are building here in this part of the file. This is radar that makes things a little bit clearer. And now, because it treats it as a text file, but let me show you something. If I save it, and if I save it as Docker compose dot yaml licksave, it will change because Ubuntu recognizes the Yamel format, and look at that. This file already looks much better, I think, yes. Wouldn't you agree? So that's basically it. We've got the reader for now. We will leave it as it is. Let me maybe copy this portion, and I will paste it below, and I will say sonar. Maybe even extra space here. And we go back to Google and we search for Sonar now. Sonar Docker Compose, we can see that Linux server dot IO again. So that's what we need. I will go scroll to the Docker compose portion. And the thing is, we need those services, that line, we only need it once. This and that we can simply ignore. What I want to copy is only this portion. That's what I'm interested in. So maybe I will use those squares. But once I go back and paste, I will simply remove those two lines. We have it already here in first and second line, and we only need it once in entire Docker Compose file. That's our sonar. So what we need next maybe prowler. Prowler something we are definitely interested in the indexer. So I say again, based, and I say prowler. We go back to our Google and we Google prowler. And again, Linux server dot IO. That's what we need. Scroll down, Locker Compose services. We can see prowler. That's what we need, copy, go back here. Paste and remove those first two lines again. All right. Let's maybe add a little more spaces here. And now I copy prowler again, paste it below. But this time, what else doing it? Well, QB torrent, yes. I say QbtTrrnt. So we go back to the Google. I know it's boring already, but we say QB torrent. Linux server dot IO, give it torrent, scroll down, or compose, copy I know you say. Geez mark. Boring. Okay, remove those two lines. I think last one maybe worth pasting at this stage is jellyfin yes. What do you think? Let me copy that. Let's add Jellyfin as well at this stage. I think I mentioned that, but I want to create a version with no VPN first and only then once we have it up and running, we will add VPN later on. We will see how networking changes within that service. So we will not add gluten at this stage, we will add it later on. So we will just search for jellyfin now, and for the time being, that will be it, I think. Jerry fin, Linux server that I O, scroll down, Docker compose, copy, paste, remove first two lines. And I don't know what that crap is. I don't think I've seen that before. I can't remember. Well, let me just remove it. I don't know what it is, let's get rid of it. Know what it is for published server URL. But that's basically it. We've got eryfin, we've got QBI torrent. Prolar sonar rider. We can save it now, so I click that save button. And if I go back here, let me clear. I have to make sure that this Docker compose file is where I am. I am currently in my home directory, home Marek, and by default, this text editor will save stuff in the same home location. So if I run LSL, I indeed see this Docker compose file, and it's February 18, so that's exactly like now that I've just created it. I just run Docker Compose up D now. Press Enter and it's creating the network, Mark default, it called it and it will start pulling the images because I don't have any docker images on this Ubuntu. I had but removed them. I will simply go through the process of pulling all the images and once it has it, it will start running them as containers. We just have to wait for a while because I can't remember how big they are, but usually it shouldn't take long, but it might take two or 3 minutes. I don't know. Now it's done. It took around 2 minutes, probably even not. But if we go back to our pertainer, we should see them now and they are here up and running. The stack name is Mark right now. But you can change that stack name. If you want to call it specific way, then you can run the Docker compose file. 1 second. Let me show you. We run Docker Compose down we will simply stop and remove current containers, but now it will take only moment because we already have images pulled so now everything takes seconds. Let me show you, it should be cleared now, but I can run it with Command Docker compose, then P, and now I can specify the name for my stack. Maybe I want to call it maybe capital letters, just to make sure that this is something we came up with. I press Enter now. Now, it should call it. 1 second. Let me check. I mean, the case will always be lowercase looks like. I didn't even know because I've put capital letters, but you will have lower letters anyways. But yeah, that's how you can name your stack. Doesn't really matter. The thing is this R stack works. Well, at least it's up and running. But now, right now, it's messed up a bit, and it's not very useful at this stage. Let me tell you, because we simply copy pasted all the default configuration for each service. But our biggest issue is here really in that volumes block. Example, let me show you, let's go down to the cubit torrent, maybe. Each line here in that volume, well, I mean, for every service, you will see this column here, and whatever is on the left side from that column, that will be your location on the disk on the host. I mean, on the Ubuntu system. Each line it's called bind mouth. So this column divides the two separate elements. What you see on the left side of the column is the location on the host means on this Ubuntu server, and what you can see on the right from the column is the location on the container itself. So whatever container writes locally to the folder called convic. Container writes to the convic, but Docker actually writes that stuff to this physical location on your host operating system. In my case, it's Ubuntu. What that means, this path, let me show you something. Let's go here. Let me CD to the root folder, to this first forward slash. And now I run PWD maybe just to show that I'm in the root folder. And if I run LSL, I can see folder called PAP. Well, we didn't check before, but believe me, it wasn't here. You can even see February 18, it was just created. It's just been created. If you compare to the previous command, you will see it's like a minute after that. This path, if I go even further, let's CD to this path. A L, we have two. Yes. What's that two? Well, it's this part here, Path two. If I go further, CD two. I am now in Path two. We have all that crap. Well, this qubit torrent folder was created because of this entry here. Basically what happened, when I run that Docker Compose up command, Docker will simply check all those locations on the left side from column. It will check all the locations on the host operating system, and if that location does not exist, it will simply create that folder, that location on Ubuntu for me. That's exactly what happened. Why this is a problem? Have a look at the downloads, for example, path to downloads here on the left. Here, because we are in Path two already, downloads, this folder is used by QB tourrent to download the files from whatever, Linux ISO or whatever you're trying to fetch. But look at that. Download client and download client downloads. If we scroll up to raider and Sonar, we can see they are configured with different location on the host them. For example, radar says path two, download, dash client, dash, download. I basically uses this folder. Then Sonar has again, very similar, but it's again different because it's Path two, download client, but there is no dash between download and client. Sonar basically uses that. What happens now QBI turned downloads to this folder, Sonar tries to read from that folder, and radar tries to read from that one. Then another thing, you can see some of them belong to root, I mean use a group root and some of them to Mark Mar. If I run different command, let me clear that. LSL first, that's it. But if I run LSLN, that should give you a clue because the root folders will be the ones that were created by Docker when we run the Docker Compose up command. But this one was created by the container itself. All our containers are configured here with process user ID and process group ID. They are both set to 1,000 1,000. And that's exactly what we can see here. User, this user Mrek has really numerical value of 1,000 for user and 1,000 for group. I can even check that with command ID, so you can see my user ID is Marrek and I belong to a group called Marrek which has also the same numerical value. So here we have a mix and match of root of root user and Mac user. But if I go, for example, to that qubit torrent, we'll get another up data, if we go back. So yes, that's another folder that was supposed to be created. Up data. So if I go to that updata that's another folder. Okay. All that stuff we can see here was written by BitTorrent by QbtTorrent in its comofic file. Let me show you what I mean. I can connect. Maybe I will open another session. And I say, Docker exact IT, QB torrent, SH, it's for shell. I want to open the shell. And now I go to see the config folder. I want to check what is here on the right side. So if I run LSL, I can see another folder, but this time, it's this one, and it was already created by QBI Torrent because we can see it belongs to Mark Marek. And if I go further, we can see the same files. So Container pink, it writes to that location, conf cubitorn, but it really goes through the docker and it's written to this physical location on my Ubuntu server. So that's basically it. That's how it works. Container fins it writes to the forwards ConfictFolder, but all the data is actually written to the physical location on Ubuntu server, and that's our current problem with the confic. And that problem is that each of those containers read and write to different download folder. But that's fine. Let's fix it. Let's amend this file. So now let's remove the containers. I close the terminal, but we can also remove them here. Here, from the pertainer if you want to, I say, stop. And I can also remove them. But well, I said that we're not going to use pertainer for anything, but I lied a bit. Let me open the terminal again. What I want to do is to go to that root folder again, where we have the puff too. Let me go there. I want to remove that puff. We don't need it really. So remove pudo, sorry, pudo remove puff. That's it. If we run it now, there is no path, but we have to either create or use one of the existing folders to keep our downloads, where we can store our downloads and read from the same folder. All of the containers can read from the same download folder. I thought maybe we will choose that media. I think we used that before. We can use that media folder. If I go to that media, you can see, well, we can ignore this one, but we can say it's empty. This is just the image for the Ubuntu itself. So I go back to the root folder, and I say, sudo, make directory P means P means also create parent folders if needed. It will not be needed, well, if you decided to create your own folder, entire path will be created simply. And now I say R, I will press Enter. So now, that's what we have. We've got that newly created R folder. Now we can use this folder as the host location in our Docker compose file. Let's go to the QBI torrent, and now I say it's not going to be Path two. It's going to be media, R, QBI torrent, I can leave, but not up data. I will change it to config. If Docker writes to the config folder, why would I call it updata? I will call it Confic so I know exactly what it is, and it will write to this folder. Media R, and then we will have QBI torrent and conflict. But that's not even most important one because we really worried about the downloads. I also change this one to media R Qb torrent, downloads. That's where our QBI torrent will be saving all files from now on, and we now have to match that folder in all services that are going to read from it. I will simply copy this physical location. I will scroll up, and in radar, I will replace this path with my new path. It's supposed to read from media QB torrent and the same for Sonar. Whatever QBID torrent saves in download folder, Sonar can now read from that location, same for reader. I don't think there are any other services that currently at least that use that folder. Now, cubic torrent and J fin, elfin doesn't feed from that. Also remember that we are not going to change anything on the right side. This is what container uses and we don't want to change anything on the right side from the colon. But let's go back now to the very beginning radar. We've got that downloads folder sorted out, but I still have that path to radar, blah, blah, something config. I don't want that path two. I want to replace that with my media R and then radar it's okay. Again, not data, I want to collect config. If it's Config, then I want to call it config on the host as well. And the movies, I want to change it also to media are radar movies. Whatever radar stores in forward slash Movies folder will be saved locally on my Ubunto here in media are radar movies. So let's do the same for sonar now. I say media are sonar and I will also call it Config. Now, Media R sanar. I want to have all that stuff in sanar folder and TV series. Well, we can leave it. It says TV on the container side. It's TV series here. That's good enough. I will scroll further. Now we've got prowler. So I say again, media R prowler, and I will replace it with conflict. So I know it's ConficFle for this container. If it stores here, the configuration files, why would I call it data? I don't even know. So let's go further. And we've got the Qb torrent already sorted. But now for Jery fin, you have to remember something. Convict, this is even more silly because why would you call library? The convict, now, I want to store it in convict folder. But this is actually something we want to read from sonar and radar. I know this is confusing. Remember that Sonar is used in our stack for TV series, and radar is used for movies. So we have to match the location of Sonar and radar because we expect our files to Badr. Basically how it works. We search, for example, for movie in radar. Radar will send that request to QBtTrrnt. QBI Torrent will download the file and it will place it in the media R QBI Torrent downloads folder. It will inform radar then that the file has been downloaded, and at this point, Radar will create so called hurdling in its movie folder, and that hurdling will point to the file that is in QBI Torrent downloads folder. This is very confusing because some people think they have the same file in two locations. One file in media are QBI Torrent downloads and the second in media are radar movies. But that's not the truth. The truth is radar in that media radar movies folder only creates a hard link to already existing file to the file that was downloaded by QBI Torrent and only creates that link and that link does not take any space on your hard drive. You have basically two links that point to the same file location. We had a video about hard links and soft links. It's Linux fin and if you want to learn more about it, please watch that video. But what it means for us, we simply have to point our geri fine to those locations on Sonar and radar. Again, I don't touch the right side from the column. This is what container uses and we don't want to change this portion. We only want to change that portion. I have to find path to the TV series. I simply go back and I can see sonar and the path to TV series, it's this. I copy that and they paste it so Jerry Finn can find the TV series once they are downloaded and hard link is created. And for movies, I have to scroll up radar and this path the physical location on my Ubuntu server. I go back and I paste it here. Again, remember, you are not interested in these values at all. They are simply default values that container will use. We only change that left portion. Whew. That was a lot of changes, wasn't it? Let me just double check if we have everything as expected. I think we do. Let's see. Let's save it. Let me see the home Mek. That's my home location. That's where my Docker compose file is, and we say, Docker compose up D. That's it. That was quick. What that means, though, if I go there now, again, to the root folder, if I run LSL, you see that there is no path folder here. But if I go to media, we've got that R folder, so we go there. Now every service has its own folder here. If I go to Qubin for example, folder, this downloads folder will be used by all services. I mean, by radar and sonar, because they are configured to read from that location. Any might have noticed that we again have mix and match of root created folders and marks. So we can change it by 1 second. Let me clear that. I can say psudo change owner, hone R, or you can run dash recursive. But if you just run R, that's shorter. So it's 1,000. I want to use user 1,000 and group 1,000 and I want to apply that to media R folder. If I run it now, it asks me for password because I need psudoPassord for that. If I run the command now, doesn't matter where I am. Everything should belong now to user 1,000 group 1,000. I know it's called Mac Mark. That's irrelevant. We are talking about these numerical values where Mac is user 1,000, group is 1,000. That's because every single container belongs to that group as well. Simply this group is used, whatever Docker run those containers, yes. But those containers are presented to Ubuntu system as these users, the user ID thousand and group ID 1,000 as well. That's how Ubuntu system sees every single container. If we have all the containers with the same user ID and group ID, then we shouldn't have any problems reading and writing to any of those locations really because they all belong already to user 1,000 group 1,000. And yes, that's fine, but somebody might say, Mark, but what about the VPN? Let's add the VPN, okay? Yes. Let me tell you shortly how the traffic goes now. Currently, Docker uses a default bridge network, and currently our traffic goes out with our public IP address that we got from our Internet service provider. But our ISP can see where all those connections go to. What's the destination IP address? So what we're going to do now, we're going to change this behavior, and we will add gluten VPN container that will send the encrypted traffic to a chosen server. Our VPN provider first and only then this traffic will be forwarded further with the IP address also changed to that VPN provider. So when the traffic goes back, it will also go back first to our VPN provider first and only then as encrypted traffic will go back to our gluten container. So that's how our traffic will change. But for that to happen, we need two things, actually. We need that gluten container, and then we also need some kind of VPN provider. So a company that provides that VPN connection for us. On gluten, we can configure it, but for example, I went for Nord VPN. I mean, it's not sponsored by Nord VPN, but you can choose whatever you want. The gluten service can be configured with Nord VPN, surf Shark, and any other popular provider. You can find templates that make it very easy to configure it. So let's first maybe Google. No, first let's get rid of those containers, okay? Okay, that's what happens when you are in wrong directory. Okay, let's go to Google again. And this time, let's Google for gluten. How you write it gluten docker compose. And it's not from linux dot IO this time. Let's click on that first link maybe from Github. So let's scroll down. You'll have all the explanation what it is, blah, blah. And let's go further and further. Actually, it was, you know, supports VPN, cyber ghost, Expos BPN, blah, blah, blah. As you can see, I think all most known providers are supported. So let's scroll further, and we've got the setup. And it says, Here is Docker compose for the laziest. But what we can do instead, it says, these are now instructions specific for each VPN provider. If we go to that Wiki, it's Wikipedia for gluten. And as I said, I've got the Nord VPNs, so I can go to providers here, setup providers. And I simply where is that Nord VPN. It's here. I just click on that and that gives me the Docker Compose template for service provider Nord VPN. If you go with another provider like Express VPN Fastest VPN, you simply click on related links. So I will copy this one and I just paste it in my convict in my Docker compose file. It's past it here. I don't need that services or version, but I will copy that so we can have clear division between those services. That's the gluton already configured. But you know what I noticed it's missing container name for some reason. I don't know why, but let's copy that. Because if we don't have container name, it will get random names. So that's not really what we need. We paste that and I will say container name, gluten. Will make it clear that our container name will be gluten, not some random container name. Then if you wonder what this is like a network administration access because gluten has to configure a device called DevNet tun. So it has to have access or permissions to be able to create that VPN tunnel for us, and that's how it's done. Using this CAP ad and those devices. And now environment, we don't have to change I mean, provider, we don't have to change. The open VPN or Wire guard, it's your choice what you want to use. But the thing is the most important thing is that user and password. That's something you will get from a provider. For example, I signed up for the Nord VPN. If I log on now to my Nord VPN account, If I go to that Nord VPN, if I scroll down, I've got I mean advanced settings, manual setup. If I click on that setup Nord VPN manually, I will have something called service credentials. To get that service credentials, I have to verify email. And now I can see my service credentials for the service. So I had to pay for that, and how you obtain service credentials might vary from provider to provider. You have to figure out where to find service credentials. This is where you can find them on Nord VPN page. But if you choose different provider, you have to figure out where these service credentials can be found. So for me, they are here, so I can simply copy them. So this is user name. I just copy it clipboard. My username is DT and my password is DT. But Server countries, this is optional. If we go back to gluten, it says required environment variables and optional variables. Server countries, this will simply say, you can see come a separated list of countries. You can state what countries you want to connect to when you use that VPN. What I mean, I have it configured with Netherlands. I mean, it was configured with Netherlands by default. That means our public IP address given to us by Nord VPN will always be somewhere in Netherlands. But you can add some more like Germany or whatever. After a comma, or you can even be more specific because they say here, you can have not server countries, but server regions or even server cities. You can have list of cities where they have servers and they can give you a public IP from that location. You will see what I mean in a minute. So don't worry about it. But that's it. Basically my config right now that's my Docker compose file. I just save and let's try to run it now. I say, Docker Compose D, and let's see if it works. Can see it's pulling the gluton image. Says download a new image, and they're all up and running now. If I go to Pertainer, they should be here, and I can see gluten is now added as well. If I check the logs for gluten, al logs Gluton. Look at that. Public IP address is whatever it is, but it's from Netherlands. That's exactly what this confic does. Server countries Netherlands. And if we disconnect and connect again, we probably get different IP address, but it will still be from Netherlands. Every time our traffic, even though I'm in UK, I I can show you let me show you something. Let's say I do doer exac IT, QB trent, and then Shell, connect to Shell. If I run curl I configure me, you can see that I have different IP address. This is one address, and this is different IP address. Basically, well, maybe even better if I go here, just Google what is my IP. That's my IP, 924098 blah, blah. And you can see that I'm in England. That's correct. Country United Kingdom. That means my gluten service has now a VPN tunnel between MIP and the Netherlands IP address. That's fine. We've got that gluten, but right now it doesn't do anything because we haven't routed any container traffic through that gluten container yet or through that gluten VPN connection. Let's now redirect our traffic through the gluten container and through that VPN tunnel. Let's get out of here. Maybe clear. I say, Docker compose down. And to redirect the traffic through the gluton service, I simply add one line, and this line should say network pode service gluton. That service gluton should be in quotation marks, right? So I just copy that. So the radar will be redirected. Now, let's redirect the sonar prowler cubitorrent. And Jerry Finn, we can ignore really. Jerry Finn mainly just reads the data from those volumes, but it doesn't do much networking, so we can leave it as it is. Doesn't really matter. But what we have to do next, all those ports that we can see, like every service has its port, yes. For example, radar has port 7878 on the host and 7878 on the container side. And it's used, for example, this host port, 7878, it's used when I want to connect to that service. So I would type HTDP local host 7878. How I would connect to the radar. Well, it's down now, so I can't connect. But basically, that's how it used to work. But now because we change that network mode, now the gluton is the service that deals with our networking, right? So that means we have to get rid of those ports from here and we have to paste them as part of gluton configuration. So let me cut it from here. This is for radar. Yeah. So I will go down to gluton and I will paste it doesn't really matter somewhere here, maybe. Ports, 7878. They will add information this was radar, wasn't it? That was radar, but I have to do it for other containers as well. Any container that was passed through gluten, I will have to remove this part from here. So this is the sonar. I have to remove it from here and paste it as a gluten configuration now. Good radar ser now prowler. Cut it from here and we paste it there. I'm just making a note which service it belongs to, so it's easier to find it later on. That was the prowler and born QBI torrent has three ports because it has web GUI, that's how we connect to the QBI torrent, but it also has torrenting port and we have to remove the mole from here. We paste it here as well. All right. I think that's it. So let's save it and let's see if it still works. I will use up arrow, Docker compose, up D, press Enter, and they are up and running. Again, let's see if the traffic 24. 99 New ARR stack thinkific completed: This is it. It's the ultimate updated version of my ARS stack. In this video, I'm going to show you exactly how to build it and how to configure this setup from scratch. A step by step, so you will end up with the entire new automated RSC up and running. This RStAC includes radar, sonar, prowler, giffin, Qubiorrent, lider, and buzzer, but you can easily add more services if you wish. This stack runs as a single Docker compose file, which means it can run natively on every Linux system with Docker installed, and if you have Windows or Mac, then it's also possible to run it, but you need a tool like a Docker desktop, for example. I can run this R stack with a single command. The Docker Compose a D command brings up all the services at the same time, and then I can log on to every single of them using the specific port. Now you might remember my video from last year where we built a similar stack using gluten VPN and that setup still works great. If you strictly want that VPN container workflow, that video is still a valid resource. However, a lot of things changed since then and recommendations from the trash guides and the Servawiki have evolved. We have to adjust quite a few bits because I don't want to rewrite that old stack and push to Github because it would become irrelevant for that old video. Instead, I decided to revisit this subject and provide you with the new RSC with multiple changes and improvements made. So it follows all the best practices that you can find on the Trash guide and the server Wiki. We will go through entire Docker Compose file and the service setup. By the end of the video, you will not only understand what that Docker Compose file is about, what it's doing, but you will also know how to fully configure everything up. We've got everything like hard links and everything else. It will be working as expected. Yes, let's maybe have a look at the old Docker compose file first, that one with gluten VPN. You will notice that radar and Sooner, they downloaded the material to the downloads folder, and then once it was downloaded, it would then be copied to the new movies or TV folder, and then they would remove the old file in that old location, and that was done following the best Docker practices. Trash guides say that this is sub optimal because the copy process is unnecessary. If we use different folder structure, the system will be able to use so called hard links without need to copy the file. While we will still end up with the similar result, the entire process will actually become much more efficient. You will see it later on. In that previous video, we tunneled the traffic via gluten VPN, didn't? But it looks like it caused many problems for people because the general advice from Cervera Wiki is that now you should just stick to the secure DNS and call it a day. In this video, I will show you how to configure that secure DNS and make sure your RSAC uses that secure DNS instead of gluten VPN tunnel. I mean, my setup worked fine, to be honest, it still works fine with the gluten VPN. But if there was an issue, then I understand why they move to that secure DNS solution. Next improvement in the new ARS stack is that we will create a custom bridge network specifically for that ARS stack. This allows containers to talk to each other using the service name, for example, radar or prowler. Then it will simplify the config and make it all clearer. There is another improvement that we will use Docker Compose rather than Docker Compose. We were like, What the heck? Notice that little dash. We used to use Docker dash compose, which is Python based package, and now we're going to use Docker space compose, which is Lu written in Lua. It's different programming language. But this solves some issues because some people get, for example, package Python three, Ds tutils has no installation candidate. That's what the error said. That's simply because we use that old Docker compose package, which is no longer really supported. We should move to Docker space compose. Yes, you could simply install these tutils for the old package, but this one is also better, newer, different package that we are going to use. Another interesting thing is do not use pertainer. It's not advisable. I never use pertainer to be honest. I have always run my R stack directly in CLI and occasionally I use pertainer only to view the status of the containers, but basically to run entire stack, I always use CLI anyways. But now, the official statement is that the pertainer is not recommended and you should stick to CLI to build and run your RS, which we are going another thing, I am not going to use dot ENV file for this RStC you will see it just like a single Docker compose file. Everything is included in that single file. That's because I think it makes it easier to understand for many people if all the information is included in that single Docker compose file rather than split between Docker Compose and dot ENV. But if you want to use ENV file, then check the very first RStAC video, which is even. And you can check the code on the Github for it because that will give you an idea of what the setup with dot ENV file should look like, and you can rewrite this stack if you simply want to use that dot ENV file. But here, we're going just use one long Docker compose file, and they all might seem like little improvements, but if we combine them, this R stack will be much more efficient and even easier to set up than ever before. Okay, let's start building it then. I'm talking. Let's start doing stuff. As I said, this RST can run on nearly anything. You can even run it on Raspberry pie. But if you want to run it in Proxmx just as I do, I run it in Px Mox then I will quickly show you how to configure a virtual machine for it. Because previously I run it in Lex and even though it was running great for years, it is not advisable to run Docker within LXC container. Hence, I will move it now to the VM. This is my Px Mx and let's create that VM. Let's start filling with the RST. I say create new VM, and let's make it ID I don't know, 22, two, it's not used for the name, I will say maybe new RSNw R, that's it. Next, now the ISO image, I will use Ubon 224 server. This is my recent favorite image. It doesn't have desktop environment, but we don't need one. That's basically it. I say next. Here we can leave everything and the disk size, well, I will need quite a lot. If I want to download to this local VM, then I will need quite a lot. But if you have some external storage, then it might be different for you. I will say maybe 400 gig. That's what I want to set here. I will pick that advanced. I will enable this card and as the emulation because this is SSD drive. This Proxmx is running on, so I will say next. Now I will give you two cars and I will change the CPU to host. But this is up to you. Host gives you the best performance, but there are reasons why you might not want to use it. But I will not dig into it right now. I will click next. The memory, yeah, that's fine. I don't need that ballooning, but two gig is fine. I will say next, next. Confirm. No, sorry, finish. I mean. Now it's being built, and we can see it here. So I will click on it and I will say start. It will start, or I will go to Console, and it says, try or install Ubuntu server. I click Enter, and we will install it. Now. Regarding the SSD, I gave it 400 gig. You can start with lower number because it's easy to increase the SSD size. It's much more difficult to decrease it. I say, 1 second, it's too small. Double click on that. All right. I say now, English, UK, gives me bigger window. Hopefully you can see it better. Now I say done because it's English UK. Yes, that's correct. Here, b to server, that's correct. I say done, just click Enter, and here I want to change the IP address to static. Currently, you can see it's DHCP assigned, but I have all addresses above 200, I can assign statically. I will just edit IPV four. I say not automatic. I want manual. I say 192168, one dot zero slash 24 is my subnet. The address for this VM is 1921 681.222. I will match the ID of this virtual machine, the gateway 192168, one, one, which is my router and name server, I will give it 111 dot one dot one, which is Cloudflare. Search domains, empty, and I say save. I've got static IP address where I can say done. Proxy, no, I don't use proxy. We should get the output. It should check if it can reach the packages repo and it can. So I say done again. I click Enter. Here, I will use basic setup. I will antique this LVM group. I, nothing wrong if you want to use it. It's easy to expand, et cetera. But for this setup, I will just stick to xt four file system. So I just say done. That's the summary. We can see 400 gig is my partition, formatted as XT four, that's cool. I say done. Are you sure you want to continue? Yes, I'm sure. Now, my name is Mark. My server name is a new R, user name also Mark and password, some password. This is so you can SSH to your virtual machine. I say done, Mont pro. No, thank you. Install open SSH server. Yes, I need that. I click Enter. It will tick that box, and I say done. Nothing from here that I would need. Although there are interesting positions like Sub and ZBD related to RSTAC as well. But you can run it as a docker as well. So I say done and it's now being completed. It's installing kernel. This is now completed. Says installation complete. By say reboot now, just down arrow and enter. It's rebooting. It will give it looks like error, but it's fine. Failed unmounting CDRrom you will always get that just press center, and that's it. This server should be up and running in a moment. It's great. I can login here, but you know what? I will close this window and I will open terminal which should give me even better resolution should be even clearer for everybody. Why say SSH, my username, Mosma at 192-168-1222. That's the IP address I gave my server. I click Enter, I say, yes. And the password, the password I just configured on it. That's cool. I will clear it and you can see it's a new R. It's called new R. Let's make it even bigger. What I can do now, I can go to the github repo. It's my github repo. It's github.com, Automation Avenue R Nu, it's called. You will find two files here. One is Read Me and the other one is Docker Compose itself. By default, you land on the Read Me page, which is great because that's what we need. It says R Stack new version. Below the instructions are for Debian and Ubuntu, but if you run it on different operating system, you just have to pick correct commands from the links provided. You will see. First point is Install, Docker Compose, and prepare environment. Install Docker Compose Asper instruction in this link. Let me open it in a new tab and go to Install on the left, here Install on the left. And then plugin and scroll down to install using the repository. Plugin, scroll down, Install using the repository. As I said, I run Ubuntu, but if you have different operating system, you simply choose your operating system here. I click on that Ubuntu, and what you can see here is I copied those commands, but you don't have to use this. You simply can copy directly from the Docker docs. I use those little squares. It will copy everything here. Let's go back to my terminal and I just paste it, press Enter, and it will ask me for my admin password, which is the one we configured for this VM. That's running, and that's it. Let me maybe clear that took just a few seconds. Let's go back and then run, blah, blah, blah. This is simply next command from the docs. If we scroll down, you can see, to install the latest version, run this up to install Docker, blah, blah. I click those squares again, I paste it here. Press Enter, I say, why or I can just simply press Enter because it's default choice anyways. And that installs all packages, Docker Docker compose, and anything else that we need. Job done, again, just a few seconds. I will clear again. That was the first line. Now, psudosystem CtL status Docker, that's also from this guide, psudosystem CTL status docker, just repeat it in my document. I'm not sure why, but we can see it's active and running running for 24 seconds. I press Control C, go back, Docker run, hello word. Well, that's actually how you test your docker if the docker works correctly. It will pull very simple image and it should tell you hello docker something. Let's just click those squares, go back here, run this command, and you will see what I mean. Unable to find image that's correct because we've never run the docker. This image is not available locally. It has to pull it, but pull was complete and it says hello from Docker. That means Docker works as expected. We clear again, go back to my instruction, and I don't think this portion is here. I think that's it, basically. We tested the docker, but we don't know if Docker compose, which is separate component, if that works correctly. You run Docker compose and you can see many arguments that you can add. For example, one of them is Version. Well, let me clear again. I will click Up Arrow, Docker Compose, Version. That's great. I can see the Version five oh two, which means Docker Compose is also installed, and it runs as expected. That means we have Docker and Docker Compose. Let's go further. I think we can close the Docker docs now. We don't need that anymore and it says this stack was created following this trash guide. I will again open a new window, sorry, not a new window in new tab I. This is it. If we scroll further, this is what I need. This is all about those hard links I was talking about. If we scroll even further, and let's check at the instruction, create the folder structure and we will create for Torrence only. But if you use Torrence and use net like NZD BG or sub NZ BD, you will also see, basically, here we got two different commands. The first one is if you use usNtUsNT is like sNt clients, and that BG and sub Z BD. But in our example, I will show you setup with QbtTrren. That means we use this one. If you use Torrence, use this command. Make directory entire path, data, and then it will within that data, it will create torrens and media and these are subfolders. Let me show you what I mean. Let's go back first here before I run even that, let's run this pseudo up install tree. Because I want to show you what it looks like now. Okay? And now I say three data. We've got folder called data on this server, but currently it has no directories and no files. So I go back to those trash guides, and if I run this command, we use this one. Remember, I mean, nothing wrong if you run that one, to be honest, because it will simply add this portion, the middle one. But let's just follow the guide. I will copy this one to clipboard. I will run it. Sorry, it's pudo. As you can see, we have to add psudoPudo make director, let's go back up arrow, go to the beginning, sudo. Now, we created them. If I run that three data again, you can see inside data, we've got all those folders. We've got media and Torrence and inside media, we've got movies music and TV, and inside Torrence, we also have movies, music, and TV. Let me see the two data media, let's say, if I run LSL, indeed, that's true. But because I run them with sudo, they belong to user root. If we go back to the instruction, we've got this, we've got that, we run that. I can now say sudo, change owner recursively. And owner will be with the ID 1,000 and group ID 1,000 and everything that is inside this data will be owned by this user. If I run this, I say paste and if I re run the command previous command, L sorry, LN, you will see now it belongs to user with ID 1,000 and group ID 1,000, exactly as specified here. It's basically following this thrash guide. It explains why it's done this way and et cetera You can read through that. Of course, for example, media server olifin, it needs only that data media folder. That's what we will configure as well. Then the permissions, while here it says user user, the variable. I wanted to be more specific. That's why I chose 1,000 1,000 because in Docker Compose, we will have that specific user, 1,000 and group 1,000 configured for all our containers. You will see we run that one next. It modifies the permissions. If I paste, let's enter, if we run LS LN, we can see the permissions which are here on the left changed slightly. But let's just clear that. That's it for the folders and now rush gate configuration can be found here. If we close that one, we open this one in New Tab. That's basically the same page. It just means you scroll even further and here you've got Docker Compose. You click on that arrow and this is the example of Docker compose file, what it should look like. You can see the images are pulled from the Github for all of them, I think. It uses user ID and group ID of 1,000. That's why I configured it using these values rather than variable user, we can be sure that it will be 1,000 because we hard coded it. These are all configured as per this example. Let me maybe show you. Let's duplicate this because on this Github page, one is the dm file we are just reading right now, but the other one is Docker Compose. This is the Docker compose file we are going to use. And you can see the images pulled from Github, the volumes, if you check volumes, you will see they are exactly as per this example, and you may say, Hey, Mark, where is this? It's missing. No, it's not missing. If we go back and I scroll up to the very top, basically, this configuration has to be applied to every single container because that's the information that repeats for every single container. What you can do, you can use this common keys. You can mark it as common keys, and then look at the first line here. Every single service will have that little thing at the very beginning. That means it will pull all of those values. These nine lines or whatever it is, these nine lines will be applied to every single service to radar to Sonar, to DR, Bazar, et cetera, because of this first line, it will import all those values. So instead of repeating this information everywhere, and instead of using ENV file, which we could also do, I simply decided to build it yet another way, which is this. It's just one file, no dot ENV, but we will use this to import all those values to every single container. Hope that makes sense. That's why I dare to claim that this stack was created following this trash guide. Even though it doesn't look exactly like this, it does follow the trash guide. Let me close both of those tabs for a while and you can find more information here on server. If we open in a new tab, you will find even more information, including the one the pertainer should be avoided. It's for every service and now displays that. But you can go through them, see how it should be configured. This is wiki.server.com website. And it says, My Docker compose file can be found here. If we open a new tab, it actually takes you straight to this Docker Compose. We don't have to look for that. You can simply use this link, and we have to run this Docker compose file on our server here. Let me see the two data. So I'm herius for slash data. That's where we created those folders, media Torrens. And what I can do I could use command like Git clone, and this will work. But if you, for example, haven't got Git installed or you are not familiar with Git, then you can simply copy paste it like that. So do nano, Docker Compose Yamo. We will create one. So do no Docker Compose Yamo? 1 second. So do nano? Yeah, I thought I missed no, but no, it's here. So do nano, Docker Compose Yamo. You press Enter. That will create new file, and now here is the Docker Compose. I can simply click that copy Raw file it says. I click on that. Go back to my server, and they paste it, and that's it. Now I say Control O, Enter, Control X, and it's saved. If I run LSL LSL. I can see it here and if I run CAT Docker compose, I can see this full file here on my server already without using it. All right. But it will work either way. You can use Git Clone as well. And note that the host names are not needed. If you check the trash guides, you would see that under every container name, you had also host name. We will not use host names because if you scroll to the very bottom, you will see we create a dedicated network just for the R stack. That means we can simply use the service name, which is like Jerry fin, qubit torrent, et cetera. We don't need host names, really. This simplifies the stack even further. No need for host names, right? Okay. That's basically it. We've got everything. We can now run sudo Docker Compose up D. Let's do that. Make sure you are exactly where your Docker compose file is and now run sudo docker space compose. We don't want that dash anymore here. It's Docker Compose, newer package, Lua based, and we say up D. Sudo docker compose up D. I press Enter and for the first time, it will take a while. As you can see, it's pulling images, and this will take longer because no images are locally here on my server. So it has to pull all the information from the Internet. I mean, all the images. So it can then run them as Docker compainers. That's job done? Well, it didn't take long 14 seconds or something. And now, believe me or not, all services are up and running. We've got radar QBI Torrent, Sonar lidar, Giffin, Bazar prowler. They're all up and running. Let me close this one maybe. Let's go back to the admi file. It now says to configure services. Here is, I believe, repeated information from what you will find in the trash guides. But what we need, we need to configure services, and we start with QubitTrrnt. First, we need to find the temporary password that qubit torrent creates. So we need to run sudo docker logs, qubit torrent. Let's do that. Sudo Docker logs, QubiTrrt. I presenter, and this is it. It says username is Admin, and the temporary password is this. So I will copy it. Now I can't use the local host because I'm not on the local host. If you are on the same host that you run your ARStaC on, then you can use Local Host. But this is completely different virtual machine, and my ARSck is running on Proxmox. What I have to do I have to run HTTP, column forwardslah forward slash, and IP address of my Proxmox Virtual machine, which is 192, 168, 1222. That's what we created. Virtual machine for our ARTC. HTTP 192168, 1222 on port 80 80. I press Enter, and this is my QBtTrrent user interface. So no local hostess. I pasted IP address instead. And this is my password. I think I had it copied, but never mind. This admin and paste the password. Log in. I don't want to save the password because first thing I will do, I will change this password to something I will remember. If we go back to those instructions, you will see if you're on the host, use Local host. If you're on other device in your network, then use that IP address. That's what we did. Now go to tools Options WebUI and you can change user and password. Tools, Options here WebUI. User name, it can be left as admin, but password, I want my own. I will scroll down and save it. That's it. It now uses my password rather than this temporary one. Let's follow the guide further. This is it. We change user and password. Now in the left panel, go to categories and add categories, movies, movies, TV TV, and music, and Pap also music. It's here, we can see categories. Right click Add category. First one will be movies and Paf will be movies, and I will go back to it. You might be wondering why just movies. We'll go back to it, right? I say, Okay, this category has been created. I will create another category named TV, save by PPTV. And at category, music, SafePath Music. We've got three categories. Category movies is for radar, music for lighter and TV is for sonar. It's important to create those categories first before you go any further because I noticed once you follow the further steps, you might have problems creating those categories. They disappear for some reason. I don't know why. But we've got them already here so we can follow the guide further. Now, with those categories created, go to tools Options downloads and make sure your settings match this. Let's open this in New Window. Let's see what it is. No new window but new tab. That's what I meant. That's basically what we did already, the first portion. Now if we go further, a sonar is something we are going to configure next. But this portion explains why we put only TV, for example, in the saved path. This is because this path will be appended to the main path where all of the torrents go. Let me show you what I mean. Let's go to those tools options and downloads in cubit torrent, tools, options downloads. And what you can see here is default safe path that default safe path has to be configured to data torrens because that's what matches our folder structure. Remember, data Torrens. Let's go back here. Let me clear that maybe. If I run three, we are in data folder already. Our torrents have to go to torn theta Torrens if I run LSL being in theta, they have to go to torrens and then inside those torrens each category will go to separate folder created here. We already created those folders, and this is simply appended to this. This is the main path where all the torrents go and then based on category, they will end up in separate folders right there. If I hear say default SafePath is data torrent it's even displayed here. It can read that path. We've got data media and data torrent which chose this one as default one. And you can imagine these ones, these categories as appended to that main path. So it will be TV, movies and music, but it will be appended automatically. But we have to configure it as it's shown here, it says default torrent management is automatic, while here is manual, let's change that. And if we go to My instruction, so automatic relocate torrent, switch affected, that should be fine. But then you have to tick both boxes for subcategories and to use category Path in manual mode, which means those two. You have to tick them. And it's important because it's not shown here. Look, it uses old version of cubit Torrent, and this information is not shown here, but you have to tick those two, right? So let's go further and we save it. And yeah, I mean, I played with it for a while. Initially, I had some problems with that. It says, If you still have problems, you can simply swap the entire image for this one, with Docker Qorntnox, but it's not needed. It works fine if you follow the exact step. But this alternative image can be used if you need it in case you need it. But that's it for torrent. That's all sorted. Now we have to configure prowler service. And to configure Prowler service, I have to go, again, to host IP on port 9696, which means HTTP 192-168-1222 port 9696. When you first log on to any of those services, then you will have to fill in that form. Authentication method form, user name, I will call it maybe Mark here and password. You will have to create user name and password for each of those services, but only on the first logo. That's it. That's the prowler. Why is it red? Ah, no indexers. That's fine. We will configure one later on. We are on Prowler, go to settings, download clients. So settings, download clients. Click plus, and download client choose KubitTorrnt unless you decided to use different one. But yeah, we've got QB toorrnt why click Plus, and where is it? QubitTorrn. Okay. What do we do here? You have to untick the SSL. I believe it is unticked, yes, it is not tied. But in case you've got it ticked, it has to be unticked. As I said, with this dedicated network for the RSC, we can use simply the name of the service like Kubit Torrent. For host, we use QBitTorrent and for port, we use port 80 80. I changed that local host to QubitTorrent. Port already is 80 80, and I have to use the username and password that I created on QBID torrent. Username was Admin and the password, remember, the temporary one, I replaced that temporary with proper password. I mean here. Options WebUI. I used password here. I updated it, so I use whatever I pasted here, in that pass. That was my password, and I can test it. If I run test, you need this green tick. If you have the green tick, that means test it again. Yeah, this is the green tick. That means prowler can connect to qubit torrent correctly, which means we can save it. And you can see it green enabled. That's cool. Anything else? No, prowler that's it for prowler for now. Now radar, again, host IP part 7878. HTTP, 1 9 2 1 6 8 1 2 2 2 7 8 7 8. Authentication again, form, username, Mark, I'm lazy, I use the same user name and password for every service, but I don't think that's actually the best way of doing it, but never mind. You can create different user and different puzzled for every service. And we are on radar. What do we do here? Go to settings, media management. All right. Settings, media management. Add root folder, the root folder should be set to data media movies. Let's do that. Add root folder, data, media. Look at that. This is our location. I can't even see my Docker compose file. I mean here. Let's go to Media. No, it's already here. 1 second. Data, and I can see all those files. Data, media, and movies. That's what I have to set my root folder too. That's what the trash guide says. I say, Okay, data media movies. That means data media movies. This folder will be used by Radar. Once the QubitTorrent downloads the file to movies, that file will be hard linked by radar to the media movies folder. You will see it later on. It will be shown as it looks like it's in two places, but it doesn't take twice the amount of space. It is hard linked. This is the original location where KubitTornt will download all the Torrens. It will be data Torrence movies, and then radar will simply hard link this location to this folder. Because this is what we use for radar root folder. But you will see it later on when we download the file actually. You will see what I mean. For now, let's go back. Still in settings Media Management. We're still in settings Medium management. Click Show Advanced Importing use Hardinks. Show Advanced. And scroll down, use hard links instead of copy. It has to be ticked. It is ticked by default, but just make sure it is actually ticked. That's basically what I was just talking about. Hardlins allow radar to import seeding torrents to the media folder without taking extra disk space and without having to copy it really because that's what happened in old AStaC. Here, the hard link is created immediately. There is no need to copy anything. That's why it's better way of doing it. Alright, so we've got that Herlings ticked and optional. Okay. You can also take rename movies. I think it's at the top. Yeah. You can take that. It's up to you. I will take it. You will see what it does. And import extra files, make sure the box is ticked. So Import extra files. I think that's what you will find on the trash guides. By default, SRT, the subtitles are only mentioned. But if you go here, I actually use those three, SRT, sub and NFO. So I say sub which is different format for subtitles and NFO. Those three. But these settings are optional. Don't forget to save it. Save changes. That's saved. Let's go back. Settings download clients, click plus. Settings download clients, click Plus. And QBI Torrent, basically the same steps as for prowler with one exception. You will see QBI Torrent. Yes. Local host, we will change it to QBI torrent. We can use service names because they are in separate ARSAC dedicated network. User name was admin for QBI Torrent password, the one that I configured in that Wi. But category, we have to match whatever we created here. And for radar, we created that category called movies. We go here and we say movies. And now we can test it. I can see green tick. That means I can save it unless there was something else that I have to do one sec. Give it torrent, blah, blah, blah, change category to movies, text, test and save. Now, that's fine. Now go to settings general, scroll down to APIkey. Settings, general, scroll down to APIkey. I copied this APIkey by taking this box. And now go to Prowler settings, as and click plus. I go to Prowler settings, ups and Click Plus. I add radar, not reader, Reader, by the way, is no longer supported. Do not use reader. We use radar, which is very similar, might be misleading. We use radar. Here is the API key. I have to paste it, the one that I copy. And here it says, change the server to prowler and radar server to radar because if you check what it is now, sorry here for prowler. Prowler server, it says local host. Now, I can use the service name which is prowler. And radar server, also not local host, I can use radar. We can use service names. Now I can test it. And it's green. Safe I say safe and radar up was added. Yes, that's it. You can see how to configure each service for Hardlins here. Let's open it in a new tab. What is it? That's basically example. Yes. Look at that. Import texture files, SRT. That's probably where I took it from and use Hardlins. You can also click that Skip free space check. But it's not necessary. But root folders also, it's shown how they should be configured, That's for sonar. This is for radar. That's what we configure Data media movies. Basically, we are still following the trash guides. Let's go back to my guide and we have to configure sonar. But it's basically the same thing with radar, to be honest. Let me quickly do that. You go to host IP 8989, TDP, 192, 168 1222, 8989 is the sonar. Again, authentication method, form, Mc same password I will use. Save. Now, settings, media management, sorry, that's the most important. Setting medium management, a root folder and we set it to data, media, TV, as you saw in the trail guise. Settings, media management, Ad root folder here at the bottom, data, media, TV this time. They say, Okay, what else? Settings, media, Show Advanced, importing. So we are already here. Show Advanced, rename episodes and importing use hard links. Yes, that's what we did. Should be already ticked. Import extra files, SRT, I will add sub and what it was NFO. At cool, just remember to save it. Now it's saved. Option rename episodes also delete empty folder. I think I didn't take that. Here. But this is optional. Don't worry about it too much. Now, settings, download clients, click Plus, settings, download clients, click plus, Qb Torrent, here, QB Torrent, Antique SSL, username admin for QB torrent, puzzle for QB Torrent. Category, we have to match again, whatever we have in QBI torrent, which is TV for Sonar. Here it's called TV sonar. We have to remove that because we only have TV. Now we test it, we have Green tick, which means we can save it. That's cool and now settings general API key. We have to copy API key to prowler. Settings general scroll down, API key. We go back to prowler. We add another application, which is this time, what is it? Sonar API key. And we change local host to prowler because this is for prowler server. We can just call it Prowler as the service is called in the Docker compose file, and Sonar we change it to Sonar which makes it much clearer and we already know what it is about by just looking at it. We test it green Tik, which means we can save. Cool. That's it later. You know what? I'm not going through. It's basically again the same thing. So, let's ignore that. Rest might be good idea to restart 25. Route any docker container through VPN! : You guys asked how to redirect any Docker container traffic through gluton VPN client? That's what we're going to do in this video. I mean, we did something similar for R stack, but in that video, the gluten VPN, the qubit torrent, and the R apps like Prolar sonar or radar, they were all part of the same Docker compose file. You asked, though, what if I want to reroute a traffic of a Docker container that is a standalone container that is not part of that stack. We will see how it can be done, and we will use something called container mode and service mode. Let's start from the beginning. I will use Nord VPN as my provider, and well, this video is not sponsored by them. This is simply what I use. But the solution presented will work with most popular VPN providers, not only Nord VPN, but surf shark or whatever you have there. This is my Ubuntu server. I tend to use Ubunto but Linux will do. Let's just see again how we read route the traffic within the Docker compose file. I will open the terminal first. And if you have fresh installation of Linux, then you will need to run some commands to be able to run Docker and Docker Compose files. You need to run sudo up to get update and sudo up to get upgrade first. The Sudo password. Once you've got that, we can clear that first maybe. You need to run sudo app install docker dot IO and Docker Compose to be able to run Docker and Docker Compose commands. As you can see, I already have it installed, but if you have fresh installation, then you will need to run this command anyways. That's fine. The next one is optional, but if you don't want to run sudo all the time with the Docker commands, then you have to run one more command. Well, I mean, you have to run who am I first that will show you your current user on this system, and then you have to add that user to Docker Group. You have to run command Sudo user mode Ag Docker and now that user that was just displayed. Now you either have to log off and log on again, or you can simply run one more command, which is new group Docker, which is Spelt NEWGRP. That's all we need. We've got now Docker and Docker Compose. Let's see what it looks like. When we want to reroute within Docker Compose file, within the stack, we'll go to Google and I don't know what containers we are going to use. Maybe Qb torrent again. I'll say QB Torrent Docker Compose. This is the one from Linux server dot. And I'll scroll down. Further and further. Oh, here it is. Docker Compose says recommended. I copy that using these little squares. And I opened the text editor because that's most user friendly for everybody, I think. I will paste it here and I will save it as doer compose dot Yamal. By default, it will be saved in my home directory, which is M home forward slash Mark, I say safe and that's my QBtTrrent. Let's add maybe prowler we had last time. I say Prowler, Docker Compose. That's the one. Scroll down. Again, docker compose section, I will copy it and I paste it here. But this time, I don't need those two lines services and those dashes. We only need it once and it's already here. We get rid of that part. That's fine. Let's save it as it is, and maybe let's check if it works at all. I go back to my terminal, I run LSL because if I run PWD, I am already in my home directory. This Docker compose file is here. It's exactly this file. I say Docker Compose up D. Let's Enter. And we've got QB torrent and prowler up and running. If I run Docker PS, I can see they are up for 15 seconds, but we are not rerouting anything yet. I don't have gluten or I don't have configured Nord VPN. So if I run now, let's say on my host for maybe let's clear on my host, I run curlipinfo dot IO. It will tell me what my current IP is and what is my current location. I am in England. That's correct. And my IP starts with 92. It's 9240, right? And the time zone is Europe, London, because that's where I am. If I check the same on any of the containers, so let's say doer exac IT QBtTrrent SH for Shell, we're connecting to Shell. Now I'm logged on to my container, but I run the same command CurliP info dot IO. I can see the information is exactly the same. I can also run Curl if config me. This will show me just my public IP address that was given to me by my Internet service provider. All right, let's exit. Let's clear that maybe. So that's what it is. I am in London and my IP starts with 92 dot 40. Let's now add gluten VPN. So I will go back to Google. I will search for gluten, and they also say Docker Compose. Maybe. That's fine. First link at the top from the Github. Let's click on that. Now let's scroll down, and then we will see a you can see setup. You can see an example here, but even better if you go to that Wiki Wikipedia for gluten, and you find whatever your provider is. You have table of contents setup providers. Just click on that providers and then find whoever your provider is. You've got VPN, cyber ghost, Express VPN, fastest VPN, et cetera, you know, loads and loads of them. But for me, it's Nord VPN. If you have Surf Shark, you've got it here as well, I'll go back and I will click Nord VPN. And here I can find Docker Compose template as well. So I will click, those little squares to copy it. I will go back to my file, and I will now add gluton. And I don't need, again, that top things, the version and services. I only need gluten. Services here just once, and all the services are listed here, CubicrntPwler, and gluten. But we need to modify it a little bit, at least. First of all, I don't know why it doesn't have container name. You can see container name here, prowler, but gluten, for some reason, doesn't have container name, so we can add it manually. I say container name, gluten. And second thing are my credentials from my provider. My provider is Nord VPN, and I need the user and the password that Nord VPN gives me. 1 second. Let me move it here maybe and let me add some spices, so it's clearer. This is what I'm talking about. Open VPN user and open VPN password. And where can I find it? I have to go to the website of my provider, Nord VPN. I have to sign in to my account. I click that Nord VPN, and then I scroll down to set up Nord VPN manually in advanced settings. If I click on that, I can see service credentials. That's exactly what I need. And to see them, I have to verify email again. This is my username and my password that I can use in that gluten configuration. So I just copy user name. We'll paste it here. Go back and copy my password and paste it here. That's cool. Let's save this file again. I click Save and then let's go back to terminal, and I say, or just use up arrow. I say Docker Compose up D. Press Enter. And Docker can see that qubit torrent is fine. We didn't change anything. Prolar is fine because we didn't change anything. It simply added new service, which is gluten. But note that at this stage, we are not routing anything through that gluton. Okay, so we know that's working. We can now go back to our file to route traffic through the gluten container. When we are within the same Docker file, it's pretty simple. We have to add here in Line six, I say network mode, and I say service gluten. And I can do the same with the prowler. Here maybe under image, it doesn't really matter, but I say the same Network mode service gluten. That's the first bit only though, because then I have to move the ports. Whatever ports I've got in those containers now, I have to move them from this container to the gluton container. So I say cut, and I paste them here in the gluton configuration because now my gluton is responsible for the networking for those containers. So I paste this. I can add a little comment saying this is for prowler. And then I also have to do the same for QB torrent. I copy them as well or cut, I should say, and paste them here. That's all I need. Now, I just click Save again. I save this new configuration. I go back to my terminal and I say, Docker compose up D again. As you can see, that's not how it's done because I was supposed to take them down first. I should have said down. It's Docker Compose down, and now let me up arrow. I say Docker Compose up D, press Enter. And now it works. As you can see, sometimes you can just re run Docker compose up. Sometimes you can. Sometimes you have to take the entire stack down to be able to rebuild it. Let me clear it maybe. That mess. So I say Docker ps, and they are up and running. We've got prowler, QB torrent and gluton. So let's go back to prowler now maybe or QB torrent doesn't matter. Docker exact IT QB torrent SH, and now we run that curl command again. However, look at that. It says, I'm in Amsterdam, but I've been just in London, so what happened? Well, that's the configuration. Current configuration says, we go back to the Docker Compose. In the configuration for nod VPN, we can say what countries or what regions or even what cities we want that VPN to connect to. And our IP is shown as if we were physically in that location, whatever we type here, you know? So because Netherlands was by default here, I am shown as being in Netherlands, in Amsterdam, exactly. So it works as expected to confirm the prowler because it should be also tunneled through the VPN. Let's exit this. Let's clear maybe. I say Docker Exact IT prowler SH. Run the same command, call I convict me. Well, that will just show me the IPS. What I need is clip info dot IO. And indeed, Prowler is also tunneled through that VPN. But now, this is cool, and this is running. But what if I want to add another container that is not part of this stack? Let's say I want to add well, maybe completely different container. Maybe Firefox. Yes, you can run Firefox as a container. Let's search for Firefox Docker Compose. However, I will not want to run it as Docker Compose, but never mind, it will work fine. We've got Firefox from Linux server.io. That's what I need. We now scroll down and we have Docker Compose, and that's what I would want to use if I wanted to add this to my stack to the Docker Compose stack. But we also have Docker CLI. I can run it as standalone Docker container completely separate from that stack. I simply run this command, Docker Run D name, blah, blah, blah. But before we do that, have a look. These are the ports. Basically the this portion is equivalent to that. If you read the documentation, you will notice that port 3,000 is for basic HTTP traffic and port 3,001 is for HTTPS, to be able to tunnel this container through the gluten VPN, I have to add this port first to the gluten. Mean first before I even run this Docker container, right? Run command. Because if I want to run this through the gluten VPN, we have to kind of prepare gluten container. So I will just configure port 3,000, maybe. Let me show you what I mean. Let's go back here, and I add another port. I will add port 3,000 on the host and 3,000 on the container, and I say, This is Firefox. Let me save it. And let me say Up arrow up arrow. Let's do Docker Compose up dD. I didn't take it down again, so Alright. So yes, repeat. Docker Compose down. I keep forgetting about it. Sometimes the Docker is a bit more like forgivable, you know, but definitely not for ports, as you can see, anything to do with ports, you have to take the stack down first, and then you have to run up D again. It will not let you just add, change the configuration for the ports. Never mind. Now the stack is up and running again, gluten qubit torrent and prowler. So now let me clear that. I now should be able to run this command. I will copy it. I will paste it here. But remember what we have to do. We moved those parts to gluten, so we have to get rid of them here. We don't need them here anymore. It's exactly the same process as we did with the other containers. And I will leave that boxer maybe. I will remove only this portion. And now there is one thing I want to add, and it's a network mode, but this time, it's container gluten. So I say dash, dash, network mode. Equals container gluten. And now I should be able to run it. Let's see. Oh, sorry. Network mode is if we use I will use up arrow. Network mode is if we use it in the Docker compose file. Here, it's not network mode, it's simply network. So let's get rid of that mode. Just network equals container gluten. Let's try again. And now it's up and running. This long hash is the identifier for our Firefox container. And if I run Docker peers, I can see that Firefox here, and I can connect to that container by going to Local host on port 3,000. I say HTTP, call on forward sward Local host and port 3,000. We will see you have browser within browsers. But what I'm interested in, let me open a new card, I ask, what is my IP? I already gives you the hint from Dutch to English, that already means it works as expected. Why does it want to translate from Dutch? That's because I'm connected to Netherlands again. Amsterdam, exactly. Which I can also confirm simply here from the terminal. Let's clear again. If I run Docker Exec Dutch IT Firefox SH, I can run that curl IP info to Com on. That also confirms that this Docker container, even though it's not part of the stack, we can use the network command to point it not to service this time, but to container gluten. But remember that gluten has to be already up and running and it should already have the port prepared for this new container that we want to pass through gluten VPN. That's all I wanted to show you today. I really hope all of that makes sense and thank you for watching. 26. GPU passthrough tutorial: In this video, we will look at something called GPU passthrough in Proxmox. And if you're not sure what a GPU passthrough is, you can imagine it as a process of detaching your graphic card from Proxmox and attaching it or passing it through entirely to one of your virtual machines so that virtual machine can fully utilize its resources, the graphic card resources. Because Proxmox doesn't really use graphic card. You usually connect to your Proxmox over your network, and even if you connect to your Proxmox directly over that HDMI port, then the only thing displayed on your monitor is the black screen that will show you just the IP and the port that you can use to connect to your Proxmox. But bear in mind, it is possible to troubleshoot your Proxmox using this black screen. It is a command line interface to your Proxmox. So if you passthrough this graphic card to your VM, will lose that ability to troubleshoot using that Proxmox CLI. I hope that makes sense. But for me, it's okay. I'd rather use this graphic card constantly in my VM, rather than just leave it idle displaying just some IP address. In this video, I will detach an integrated graphic card on my Intel N 100 processor, and I will pass it through to one of my Windows virtual machines. The process will work for both Windows ten and Windows 11. I tested it and it works for both of them. I chose N 100 processor, it's Intel 12 Jen processor because it's very popular and many people have it in their homelab. Let's start from the very beginning. Before we do anything, we need to check our bios settings and see if a virtualization and so called IOMMU is enabled at all. I can get to my bios by simply powering on the device and then keep pressing the delete button on my keyboard. The two options I need are the VTX. That will depend on the manufacturer. But because this is Intel processor, the settings are usually called something like VTX or virtualization technology, and the other one is on the AMD, it's called IOMMU and on Intel, it's called VTD, but it's basically IOMMU as well. I do not want to talk about exactly what it is that technology and what it does. You just simply have to know that you have to have them both enabled, and then I can simply install Proxmox. By the way, you can see full detailed video on how to install Proxmox if you have never installed one, but it's pretty straightforward process. And at the end of the installation process, the only output you get from Proxmox via HDMI port is this black screen that I mentioned already, which displays only IP address and the port, which means now I can access my Proxmox from anywhere in my network. So I connect to my Proxmox. I displays that connection is not private, which is fine. That's because of the certificate, but they can progress anyways. This is freshly installed Proxmox nine. The first thing we need is to just go to the PV repositories, do the standard stuff like disabling Enterprise, that's for me at least and adding no subscription license. I go to updates, I say refresh. Then I want to do one more thing. I go to the shell, and now I say upped update. Well, maybe before I do that, I run Name R that shows me the current kernel version 6148. Now I say p update. I run upped Dist upgrade. I say yes to all. We can see it pulls newer version of kernel, which is 61411 PVE. I simply like to do that at the very beginning before I install anything else. That's completed. Now I say reboot. I want to reboot my Proxmox so all the changes are applied properly. It takes only a few seconds anyways. Now after a while, I can simply click somewhere else maybe, it's still loading, but I should be back up in a few seconds. All right. Now I say Name R again, and I can see my kernel upgraded from dot eight to dot 11. And now I want to create my Windows VM. To do that, I need the ISO first. You have to grab them from Microsoft. I say Upload. Windows ten maybe because it's quicker to install and it's smaller image, but it works for Windows ten and for Windows 11 as well, as I said, this process. The installation process is basically the same as well. With small exception about the TPM, but if you want to see full detailed instruction on how to install Windows 11, there is a separate dedicated video just for that. If you want step by step process, you can watch that. But here, I want to focus only on the bits that are important for our passthrough process because there are some things that have to be done during Windows installation, options that have to be chosen, so our passthrough will work as expected. So that's the ISO. Done, I have to also upload the VertiO disk, which I also have here. These are basically the drivers for my Windows machine, and we talked about it in that previous video as well about when we were installing Windows 11. So that's done, which means I can now create my VM. That will say maybe ID 240 name will be Win ten, Windows ten. Click next. Nothing important here for our passthrough. But here in the next, no, not here as well. Here we just choose Windows ISO. We choose Guest OS as Windows. Microsoft Windows, it's Windows ten, and I want to add the additional drive for Verto drivers. I've got them uploaded already here. This is pretty standard. I say next, and now it's very important bit. The graphic card, it can stay as default for now. This is basically very slow emulated graphic card. That's why we want to passthrough our stronger dedicated graphic card to this Windows VM later on. But for now I can choose default but for machine, I want to choose u 35. But even more important option is this bios, and I want to use UFI or OVMF it's called here. OVMF UEFI. That's what we want to choose, and you have to pick the storage for that as well. I have only one partition here, so I choose that. So basically, those two settings are very important. Machine has to be u 35 and bios UFI bios. And also add QM and TPM, TPN is more important for Windows 11, but maybe if I want to upgrade this one later on, I want to have that TPM already. I choose the storage for TPM and I choose version v20. We discussed that in that Windows 11 installation process. I say next. And here I will increase the disc, but none of these settings are important for passthrough. I will add this card and SSD emulation because it is SSD drive, in fact, but none of these should really affect our GPU passthrough process. I say next and now cores, I want to choose four cores, but for the type, I want to choose the host. It's at the very bottom. It gives me the best performance, and it gives me the least headache. That's why I go for that. It's type host and CPU course, I choose four because that's all course I have. This billing a 12, that's what I'm using only has four cores because N 100 processor has four cores. And I say next, memory, I will disable ballooning maybe. I will go for 12 to 88 maybe because I've got 16 gig here. I don't want to allocate all of it, but I will allocate quite a lot of memory to this Windows machine. I say next, nothing for me to change here. I say next and confirm, yes, I say finish. My virtual machine is being created. And what I do now, I click on that Windows machine. I say start and I have to be very quick here. I have to double click on that, so I'm being connected to it because now it will show me, if I want to start from DVD, yes, I have to press something. That's why I have to be pretty quick. This will start the Windows installation process on my Proxmox. Honestly, nothing interesting here, it's standard installation process, and nothing what I will do here will affect my GPU passthrough. I say custom install, Windows cannot see my drive. That's why we need that Vert additional disk. I have to say load driver. I have to browse for the driver, and that's where the Verto disk comes into play. The driver is in that AMD 64. It's for Windows ten, so I click that Wtm. I say, Okay, passthrough Controller for SCAzzi. That's what I need. Windows should find it, and it should display the virtual drive that Proxmox created for it. I can see it. It's 100 gig and I install my Windows on this drive. I'm not sure what they changed in Windows 11, but Windows 11 takes it takes so much longer than Windows ten installation. That's why I prefer playing with Windows ten still. That's fine. Process completed. I want to add my computer icon. And then if we write click and lick Manage, we can go to the device manager, and we can see that for the display adapters, we'll go that basic display adapter. This is emulated graphic card. It's not even graphic card. It's the CPU pretending it's a graphic card. They can see I've got Internet controller missing. I can update the driver, search my computer, browse. And should be net KVM or this one. That's basically it. The Windows is up and running, but I can shut it down now. And we can go, as you can see, I've got open two tabs. One is for Proxmox PVE docs, and it's a PCI passthrough guide, and the other one is also from Proxmox, but it's Wiki for PCI passthrough. And you can read both of them. There are bit different information like it's all about the passthrough, but a little bit different information in one link and different in another. And by the way, all the commands and all the links that I use, you will find on my GitHub repo, which is displayed right now. If you go there, you'll find all the information and all the commands that I use here in this video. Let's follow maybe that Wiki. Let's go from the beginning. It says requirements. That's what I said. VTD the processor has to be capable of VTD or that IOMU I was talking about, and then you have to enable that in bios. That's what we did. So now, it says, verify IOMU is enabled. Reboot, Well, I reboot it already, which means I can copy that. And let's go to our PV to the console. I will paste it here. And what I need, there should be a line that looks like DMR IO MMU enabled. And right now, I can't see that exact line, but we will go back to it. So next I check DMS grab remapping. I go here again. It says enabled remapping. That's basically. I've got that. Looks like the IO MMU was not fully enabled. That's why I mentioned. This is the other webpage which has additional information, and it says that this should be enabled, but for some reason, it doesn't display as expected. What you can do, you can enable it via the kernel command line. And if I open this tab for kernel command you'll see that there are two options. You either run your Proxmox with Grab bootloader or system D boot. And how do you know which one it is? The easiest way to recognize it if you've got that blue screen at the very beginning when the Proxmox boots up, that usually means you run grab. But if you've got only black screen, that usually means you've got system D boot. Because these commands will be slightly different for grab and for system D boot. I know I am running grab, so I can update this file and then run update Grab. Let's do that then. I go to my Proxmox and I say, no, no, let's see, default, grab. And in this line here where it says quiet, I will add those options. Intel IOM, until IMU passthrough, and PS tate, I will disable that Control O, enter Control X, and now as per instruction, it says update, grab. I say update, grab. And they say reboot. Now, I should be back up shortly. There it is. Let's up arrow run this, and now I can clearly see IOMUEnable. That's exactly what is expected here. IOMU enabled. Let's run this command again just to make sure. I still says remapping enabled as well, which means we can go back to the instruction and go further. It says if your system doesn't support remapping, you can try this, but our system does support it, so that's cool. We can go further, verify IomMU isolation. This checks if our graphic card is in separate IOMMU group. Here is the example, let me run this command and I will show you what it means. I run this command, I copy it, but node name, we will have to change that. If I go here, if I paste this command, the node name is whatever you call your node. By default, it's PVE. Let me change this to PVE. I click Center and this shows those IOMU groups. I can see that my older ultra HD graphic is in group zero and nothing else belongs to that group zero. That means I don't have to worry about it. My graphic is in separate IOMMU group. I can go further than, and now we can start passing through our GPU. It says blacklisting drivers. First, we have to know what drivers are used by our graphic card in the first place. For this, I can use Cmd, maybe, let me clear that. I can use command LS PCI N N K, and press Enter. If I go up, this is my graphic card, and it says that driver in use is I 915. That's what I'm interested in. That's what I have to blacklist. You'll see there are two kernel modules though, I 915 and X E. If blacklisting this doesn't help, you might have to blacklist both of them, but let's blacklist just I 915 first. We go back to the tab and it says, for Intel GPU, it's exactly this command. It creates this file and it puts this in that file. Let me show you in tc mood probe D, if I go to mode probe D, if I list all the files, there is no blacklist.com file right now. But if I run this command, I paste it here. If I run again, LSL, now we can see this file was added and if we check what's inside, it says Blacklist I 915. Strangely, what this doesn't say but the other instruction says that after this operation, you have to run this command, update itrmfs. We run that and we reboot again. Well this is rebooting, let's go back to our instruction and this one doesn't say much more. If we go back to the other one, you can see similar instructions, some more VFIO commands if we need one. That's what we did already. But what we're looking for is output of this command really should show us that, either that or no driver in use at all. Let me show you what I mean. If I copy that command, we already run it before, but let me run it again. Now if I go up, look at that. Remember, it previously said kernel driver Ius I 915. Currently, it doesn't display anything. It only lists kernel modules, but it doesn't say which driver is in use. That's what you want to see. You want to see either that or you want to see that kernel driver Inu is VFIOPCI, which means now we can attempt to passthrough our GPU to our virtual machine. There is a lot of information here about VM configuration. But basically, let's just go and try that. I go to my VM, I go to hardware, and I want to add hardware. My hardware is PCI device, and raw device is this is my ultra HD graphics. I choose that. I chose PCI Express for better compatibility, but I will not choose primary GPU yet. Let's add it as it is, and let's see what happens. I will start my VM, and it started fine. I double click on that. And now, if I log on, this my Windows, go to Device Manager. Looks like there is one more PCI communication controller missing, but I'm not bothered about this one. But what you can see and what we are interested in is this display adapter. It is now displayed as Microsoft basic display adapter, but it's actually the integrated graphic card. But what you can see, it's that little yellow triangle. If I click on that, if I right click on that and go to properties, you can see code 31. It says Windows cannot load the drivers required. Let's click Okay, and the fact is this will change to code 43 later on. If I leave it as it is, or even what I can do is say update driver, browse my computer, if I browse entire Verto this will not help me. But if I wait for quite a while, the Windows, look at that. I just happened when I was talking. Now, Windows detected, it's Intel ultra HD graphics. That's coincidence. But let me right click. If I go to properties now, now we've got code 43, and probably many of you already are familiar with this code. It's very popular when you passthrough the devices to Windows. Now, for every single device, the solution might be slightly different. I found a solution for my billing with N 100 CPU, but if you have different hardware, your solution, I'll look at that. It tries to install the Intergraphic software. I can say launch. I found it in the meantime now. That's cool. But I can tell you already it will not help me with this code 43. What I really have to do now is I have to close this. I actually I will shut down the entire VM. The solution to that problem is you have to download a custom Rom from this website. It's from Github and it's custom Run for N 100 Processor. If I press Enter, I can see downloaded, download complete, which means this link works as expected. But basically, you want to use this website. Why? Because you have to download it to your Proxmox, not here, to whatever computer you are currently on. So let's go back to Proxmox. Let's go to node. Let's go to Shell, and I can paste that link. But at the very beginning, I say WG IpressEnter, this downloads this file to the Proxmox. If I run LSL, I can see this file exactly here in this location, and that's the name of this file. My current location is forward slash root, and now I want to copy this file to user share KVM. I say copy 12, whatever it's called, to user, share KVM, and then the name of this file. Again, 100 Q. Rome, the name will be exactly the same as it is here, but you can rename it if you want. I will just keep it the same. If I now go there, see the user share KVM. If I run LSL, you will see many different rooms. But at the very top, you will see the one that we've just copied. Now the next part, I go to ETC, PVE QEMU, and if you list files here, you will see all configuration files for every single VM that you have, and the name of the file will match the ID of the virtual machine itself. My ID is 240, so Oh, sorry, it disappeared. So the file is called 200 forty.com. I say, no, no, forty.com because we want to modify this file now. I want to add another line here. I will copy paste it. It's pretty long. But let me also explain what we are doing here. The problem is not with the Proxmox itself. The problem is with virtual machine. Our Windows Virtual machine is aware that it's running as a VM, and the graphic drivers are not very happy about that and say no, sorry, I'm just not running in this environment. It's something that is a bit more complicated, but never mind. And we are trying to resolve this. So those arcs will change the behavior of how this graphic is presented to the virtual machine, this first long line. What we also want to change is how CPU is presented to the virtual machine. Currently, it's just host, but I want to add another flag which is called hidden. That will hide some information about the processor that would give our Windows VM a clue that this is passthrough processor. We don't want that information to go to the VM. We want them hidden. That's why we add this here in this confit file. And the last thing, probably the most important thing is for that host PCI zero. For that, we want to add, let me paste again. We want to add our specific Rom file, this custom Rom file for this host PCI device that we are going to passthrough. I say Rom file equals that 12 and 100 file. I can add one more thing. X Ga equals one. This will make this device a primary device. Now with this configuration, I say again, Control O, enter, Control X. If I go to the VM now to the hardware, we can see all that information here. You can see the room file, that last bit X VGA, that actually made it primary GPU and we can see the run file location here. And PCI Express for better compatibility. Now when I run my VM, I started, it says, Okay. If I double click on that, no VNC you might think that's something wrong, but that's very good information. It looks like our graphic card has been successfully passed through, which means there is no output here in the console. Where is the output? The output should be now directly via HDMI to my monitor, so I can now switch my monitor input to see what my billing is pumping through the HDMI. Look at that. It's Windows. Can I see one problem though, we won't be able to get into that Windows because we don't have a USB device like keyboard or mouse. What you have to do then is you have to kill this instance first. You can try to shut it down, but you might be unsuccessful doing that. What we definitely kill this, we simply have to stop it. We have to go to PVE to the shell. You run PSoC command and you grab for the ID of your V look at that. I work. But if it didn't work, you still can grab for ID of your VM 240, and you will have very long output for one of the processes. Like here are very short outputs, but you will find one, once the VM is running, one very long. You will have to then kill nine and the process ID, like 6767. But we don't have to do it because it shut down gracefully, that's cool. What you have to do now, you have to connect USB devices like keyboard or mouse directly to in my case, I have to connect them to my billing a 12 pro minipC and then I run LS USB. And in Proxmox I can see those devices that I've connected. It's a razor keyboard and a razor mouse. And what I need here are those identifiers, eight digit identifier. And then I say QM set, the virtual machine ID, as USB zero device, and the host, first one will be the keyboard, the 1c4f, blah, blah blah. The other device will be Virtual Machine 240, USB one, not USB zero this time, USB one and the host, whatever is here for this device for my eraser mouse, a presenter. If I go back to Windows to my hardware, I can see those devices here. Let's start this virtual machine again for the last time, hopefully, have to wait a bit, says, Okay, which means now, I should have output from that HDMI again. But now I can also use my keyboard and mouse to log onto Windows. And here it is. You can already see the difference, and I get native performance for the VM. If I go to device manager, it shows me now Intel UHD graphics as its graphic card. And if I go to Properties, now this device is working properly. And if I check the processor, it's indeed Intel and 100 processor. That's basically all I wanted to say. I hope it helped you to passthrough your graphic card. So thank you for watching, Marek. 27. Install Proxmox VE port on Raspberry Pi: I wonder how many of you want to run a home server, but are afraid of receiving a huge electricity bill. Here is the solution, home server that draws just around two watts. And when I say home server, I usually mean anything that can run Proxmox because this is my personal definition of a home server. Does it run Proxmox? If yes, it can be classified at home as a home server. And I wanted to find a device capable of running proxmox while drawing as little electricity as possible. And as you can see, this is raspberry Pi three B. I know it's a bit extreme since it only has 1 gigabyte of ram. So yes, we are going to be very limited, but as a proof of concept, it's great. I believe this is the smallest raspberry pie that can actually run Proxmox. And if you have a newer raspberry pie with four gig am or more, your experience will be much better, but it still works with this pie, with just one giga ram. So let's see how we can install Pxmox on. You visit the official Proxmox website, you might run into a small problem because there is no official Proxmox image for arm based architectures because raspberry pies run or arm processors, so you can't just use standard Proxmox ISO image. This is a bit strange, to be honest, because the underlying Debian operating system and all packages are available for ARM processors. That's not a problem. I think maybe eventually we will get official arm ISO directive from Proxm for the time being, there are some people that make so called forks or ports of Proxmox that can actually run on arm based CPUs, as in this raspberry pie. And today, we are going to use a fork called PX vert that can be installed on top of Debian operating system. If you're not aware, Proxmox already runs on top of Debian, so it's basically the same thing, but for ARM processor. But that means the first thing we have to do is to flash our microSD somewhere here, as you can see, I will flash this microSD, but maybe you are running it directly on a SSD drive. That's you possible as well, I will just use this small card. That's because we will do everything from scratch here, right? So let's flash this MicroSD with Dan 13 Orban 12, bookworm because it also works. I mean, this guide also works with 12 bookworm just if you were wondering. But 13 code name Trixi is newer, so why not use the newest one? What you have to do, you have to download Raspberry Pie imager. It's called. Note that you can't use Rufus or ballana attor for that. You have to use that raspberry pie imager. You then insert your microSD card in whatever devices you are going to use for flushing process, and you start that raspberry pie imager. And now you choose the device. For me, it's raspberry pie three B, which means I choose this one. But as I said, if you have four or five raspberry pie, they have much better processors and much more ram. So I recommend it, I guess. But I will choose that raspberry pie three because that's what I have the choose OS, I will go for the top operating system, which is 64 bit Debian trixi as you can see. It's already selected, so that's fine. And now I choose storage. And for the storage, I have to choose that microSD that I just inserted. So I select it and I just say next. Would you like customizations? No, thank you. And remember that all the data will be erased. So be careful with that. Make sure it's correct microSD, yes. But I'm sure about it. I only have one anyways inserted, so I say yes. It doesn't take long. It takes a minute or two the writing process. And it's job done now. You will get some pop up messages from Windows because it doesn't recognize the file system, but it doesn't matter. You just close everything, and it says, you remove the SD card, and then you insert that SD card, you have to connect the keyboard and the mouse to your raspberry pie. You have to connect the power of course and the D Mcable to connect it to your monitor. That's the first screen you see when you switch on your raspberry. And you simply follow the standard installation process. You might have noticed we already have IP address. That's because we use wired connection. It's pretty important to use wired connection rather than Wi Fi because Proxmox doesn't like Wi Fi. You just click Next. Next, user name. You can skip the Wi Fi. We're not interested in that at all. For the browser, I will choose Firefox, but both of them will be installed. System will update all the software so we don't have to worry about it. We want to have it up to date anyways. I say launch. And that's our W 13 installed. Pretty quick and easy, and we can see our IP address again in top right corner. And maybe first, let me show you something. We will go to Internet to Firefox, and I will open newTab and I will go to github.com to Automation Avenue to ProxmoxO Raspberry. And these are my notes, and this is my little script that can help us with that process. I created a little read me file which we can go through, but you can also see that pxvertpreps dot L. This is a bur script that we will use. Original instructions can be found here on the PXRT website. And you can see here every single step that we have to go through. But I looked at that download DPG, then add to the sources list, then change the host name, blah, blah, install up down to, execute these commands, execute that commands. I was like, no, no, I'm too lazy for that. I mean, I can do it once. But what if I want to reinstall the Proxmx later on? Yes. I don't want to go through it over and over again. That's why I created this little script here, but I don't want to take any credit for that. It's still this script is based on all the documentations and all the instructions that you can find here on the original website, on the Pxert layer, fang whatever it's called. Let's follow maybe myRadm file. As I said, this script will work with both Debian 12 and Debian 13. But note that if you are running Debian 12, you will end up with Proxmox eight. But if you are running like I did, I just flashed Debian 13, that will give us Proxmox nine, the newer one, and I think that's the better option is. That's why I think it's worth to flash to newest Debian 13. Let's go further. You can see the Raspberry Pie flashing process. We already went through it. And now we can start our raspberry pie preparation process. There's not much to it. There are some basic checks. And first of all, because I run it from the microSD card, it's advisable to turn the swap off because swap can kill your microSD card in no time. So I will open the terminal, and I will run that command. So swap off I says killed and that's what we want to see. It also says to check any entries in the At CFS Stub file. So let's cut at CFS tab. But I think we're right, can see a swap here. Next step, we need to create root password because when you log on to Proxmox, it always asks you for password for the root user. And Raspberry Pie doesn't have by default password for that user. So we have to create one. And you run WD root to do that, to create password. So do pass WD root. And now you type your password. Then you type it again. And it says password updated successfully. There are some further checks. We don't do anything here. We just check what it looks like. It's IP address. This will give you information about your interfaces. For example, for me, I can see my interface ETH zero has the IP address that was configured 192-16-8159 with the subnet mask of 24. And if we do CAT ETC network interfaces, what am I doing wrong? Ah, sorry, that won't be available yet. I will have to amend that instruction. But we can check the hosts, maybe. I say cut. Let's see hosts. And the entry we are interested in is the last one. Currently, we've got host called Raspberry Pie, but it points to loopback interface. I know it might be confusing, but if you go to the original document, it will tell you exactly what it is about. So you should really use both documents, not only my document, but also the original one because it will tell you, like we will find out what we are doing and why. Yes? Let's go back to my Github. We can see it's currently Lubbck pointing to Raspberry Pi, and we will simply see how it changes later on. Now we just run my bar script, but how do we run it? We don't have it here locally on Raspberries. We can simply scroll up. I can click on that. I mean, if you are familiar with Github, Gitlab or Bitbucket, you can simply git clone it, like using this command or using Git Clone URL. But if you are not familiar with the GitHub, then you can simply click on that script. Now it's shown here. That's the entire script. And what it does, it downloads the GPG key. It adds repository to the sources list. It disables network manager that is used by default. It installs everything that basically is here, all those lines, they will be performed by the script. You can just click that copy Raw file or click on that. I will go here, and I will say, no no, and I will call the file the same name as originally it was named on the Github, but the name can be anything really. And now I just paste. Everything has been pasted now, as you can see, now I say Control O, enter, Control X. Again, looks like I'm not able to write in that particular location. Let me I'm in Etc Network. I will go to my home Mark location. I'm able to write in my home directory, I should be fine. Now I say again, Nano and this file, and I think I still have it in the clipboard, so I can just paste it. That's all the file. So again, Control O, enter Control X. Now I can see it. Can I? Yes, I can. The file is now here, we can go back to the instruction to the admi file. And we simply run it with this command, pudo dot forward slash, and the file name. But before we do that, we have to change the mode. We have to add the execute permission. If we check what the permissions look like now, there is no execute permission. If I run, change mode plus X, I will add those execute permissions to the file PX word preps, blah blah. If you run it again, now I can see execute permissions and it turned green, which means now I should be able to run it. I say sudo dot forward slash, pxordPreps dot shell. Press Enter, and you just wait for a while. Everything should be done automatically for you. Perfect. That's job done. If we go to the document, we can check the EtS network interfaces again. And that's what you want to see. Your interface, it might be different than ETH zero, but it will be picked up automatically by the script anyways. And virtual bridge, like Linux bridge, it is, it's now created and the IP address is now assigned to that bridge instead of that physical interface. This is required because if we go here, if we scroll down, they only mention it here, create Network bridge, but they don't show you exactly here how it's done. They also tell you about the root password, but we already have it done, and now we also have Linux bridge configured, all done automatically by the script. Other things that changed is the sources list. Let me run this command maybe. That's what you want to see, and you can see Trixi which is Debian 13. This is basically a variable, which here is shown as version codename. So if you are running Debian 12, you will see bookworm here, but because we are running Debian 13 13, it has a code name Trixi. One more thing you might want to check is that ats Hosts file. If we run that we can see that now Raspberry Pi host points to my IP address rather than to Loopback, starting with 127. So that's sorted as well. What the original instruction says is that you should now reboot the machine to ensure that network is properly applied. Let's do that then. I go here and they say reboot. My raspberry is rebooting now and we are back. Let's open Firefox again. It will take us straight to the pages we had opened. And the last step is to install Px word. This command, I just copy it from official Px word website. As you can see, it's exactly the same. You just need to run upped update and install the necessary packages. I will just copy it. I mean, after reboot, you can check your IP address, if everything is fine, you can check at see network interfaces. I know for me, it works perfectly fine. That's why I skip it. But that's the point of the reboot, yes, that you check the networking works correctly. For me, it does. So I just go for sudo upped update. You can see that hit five. We've got that lier funk.com. This is where the packages are located, and that's why we have to run update. The previous command we run for sources, it's applied here and we have access to that repository. Hope that makes sense. Now as a sudo, I just run this command below. I will just add Y, so it out to answer. And these packages, the proximo VE, Qemu server, et cetera, they are all in that new repository that we have access to. As you can see, even the firefox disappeared for some reason. They're like black screens, et cetera. This process is pretty lengthy. It takes over 10 minutes, so I will fast forward it because there is no point for you to just watch the paint dry. Here you will see one question regarding the packages, and I left the default option, which is N, which leaves the current version of repository. Maybe there is something interesting in other ones that I'm not aware of. I simply clicked Enter here, which is using default option, no. If you know more about this step, please let me know in the comments. Once you press Enter, the installation process will complete. But as I said, it takes over 10 minutes overall, at least on my old raspberry. Once the installation process is completed, you can reach your server on HDTPS IP address of that Linux bridge and port 8006. This is what it looks like. Instead of Proxmox, it says Lear funk Pickwird. If you go to Summary, you can see that one gig of Ram isn't great. 79% even though we are not doing anything, but you can go here to City templates, and browse the templates. But yeah, that's it. That's all I wanted to show you. Hope that helps. Thank you for watching. 28. Build background remover app ! (using docker container): Let me show how you can build your own background removal tool, you don't need to know anything about programming and you don't need to know or have any other experience, to be honest. You just need to follow this video to have this tool up and running locally on your PC or laptop or whatever you have there. But first, let's have a look what this tool even looks like. This is it is basically it. As you can see, it has its own web user interface, and it's pretty basic, that's what I like because it has only one purpose to remove the background from a chosen picture, which means there is no need for million buttons and very complicated user interface. And let me just add this is running on my local machine. As you can see, local host means I don't connect to anything outside of my network. This is basically running on this machine. And as you might have noticed, I use Wo desktop operating system, but you can do the same on Windows, on Mac, or on any other operating system where Docker can be installed. And in fact, Docker can be installed on almost anything. So it doesn't really matter what operating system you have on your machine, on your laptop or PC. And how it works. I don't think I have any pictures here, so we might have to download one quickly. I will just Google cut, and I will search for images. We've got some lovely cuts. What about this one? Let's save that one. Now the picture should be in my downloads, so I can go back to my tool, and I noticed I can click anywhere I want. I don't have to even click on those icons, or you can also drag and drop. So let me click somewhere here, and now I can choose the file that has just been downloaded. I select it. I wait for a few seconds, and we will see what happens. Now, new file just showed up. And if you click on that, you can see it's exactly the same cat but with the background removed. I realized maybe that wasn't really challenging for the program because this cat has already Bag background anyways. Maybe let's pick this or maybe let's search for elephant. What about this one, first one. Let's save the elephant and let's go back to our tool, and this time, we can pick the elephant picture. Now I click Select, wait few seconds again and shortly already there. You can see new file has been created to confirm, if we click elephant, that's our original picture. And if we click the new file that has just been created, it's the same elephant, but again, with background removed. Okay, I think that's it. We know how it works. We know what it looks like. So let's build it from scratch now. I will close that. I will move that window away, and this is another Ubuntu instance. But this Ubuntu doesn't have anything installed. It doesn't have that program. We will build it from scratch on this server. And how do we even start doing it? We have to go to Google and I will search for RIMBg WebApp Tutorial, and maybe I will add Github as well, because that's exactly what we want. And now, it's not my project. If we click that we can see the author is Jeff Delany from Fire Ship. It's his repository, so it's his project, but we are okay to use it. Basically, you can read the Red me file and some instructions. You can see exactly what is there, the entire code. But what we want really to do here is just click the bottom with the code, and there are various ways to download this repository. I will just download as a zip probably the easiest way. Took just a few seconds, and I will click it again and I will just unzip. So now in my downloads, I've got zipped and unzipped version. Maybe let me open terminal. If I go to my downloads, I can see those the folder and the Zip file. Let's see the to that folder to unzipped one. You can see all files here. You might be interested, of course, in read me MD file, but I will just check Docker file. What's there. But basically, this is the base image for this project, and here is a little instruction. Download this, and this is the link to avoid unnecessary download. Other interesting thing is that expose. It tells us what port this application will listen on. You notice that application was running on local host port 5100. So this is very important information for us because we know now what is the port that this application listens on. But first, let's download this file. I can just copy that and run command, maybe clear that first, can run command WG and paste dot link. Now just enter. I will clear again. And if we check the files now, you will see new file downloaded nt dot blah blah. All right. Now there is a few commands that I have to run as a root or if you were on Windows as administrator, so here on Ubuntu, I will just do sudo su. So now I'm running as a root. And first command I need is to install Docker, because what we are going to do, we are going to build a Docker image, and all these files will be included in that image. So on OT, it's app install doer dot IO. Obviously, if you are on Windows or Mac, just Google how to install Docker. They will click Enter. Okay. So Docker is installed or maybe I installed it, but I can't remember. But basically, even if you didn't have it, after running this command, you will have it installed. Next, we can build the Docker image, but it's important to be in the same folder still. I am here in my home Mark downloads in the unzipped folder. Now, let me clear again. The command I need is Docker build dot and the dot means build a Docker image based on the Docker file that is located exactly here in this folder. And then we can add T, which is tag. Tag means whatever we want to call it. Maybe we'll call it. You can call it whatever you want, but maybe let's call it REM BG remove background. Now I click Enter and the image is being built. You can see from PyTom it will download all the necessarybndances and images, et cetera. All we have to do is wait. Awesome. It took maybe 2 minutes or so, but we can see successfully built, and this is the image ID, but we also created that tag, which is much easier to remember, which is REM BG. But that means if we run now Docker Images command, we can see a new image that was created. I can see I have some old ones, but we can see that image tagged as REM BG. Awesome. Now we can just run it. Let me clear again. And there are many ways you can run it, but I think the easiest one is just run network. Host, this is simply the type of the network and D, the tag we gave for our image, which was REMBGRmove background. Now just click Enter. It will display that long string, but you can also check if you want. You can run command Docker ps. You can see our image has been running for 28 seconds. What that means, we can now connect to our application. Open new tab, and we type local host column 5100. We have exactly the same application as we did on the other Ubuntu server. Now we can I haven't got any pictures here, but you can basically perform the same operation as we did at the very beginning. So I hope that helps, and that's all I wanted to show you today. Thanks for watching. 29. Proxmox vlans and linux bridges intro: Now I want to talk about Proxmox villains and Linux bridges. But we can't just jump straight to the subject without discussing the villain, access ports, trankports and other basic technology that is the foundation for that topic. I the next two videos, we will learn what villains are and what access ports and trankports are and how they work. But if you already know exactly how these technologies work, then you can feel free to skip those and go straight to the Proxmox video that shows how to configure villains on Proxmox. You can treat next two videos as prerequisite honestly, even if you know these technologies already, I would still strongly suggest you still watch those videos anyways because I have the feeling that maybe you will learn one or two new things. It's up to you. Let's talk about villains first then. 30. (pre-req for Proxmox vlan-aware video) What is VLAN? How does vlan work?: This video, I would like to talk about villains. I'm pretty sure you came across that term more than once and maybe you wonder, what is that villain exactly? How do villains even work? What is the technology behind them? What is, for example, dot one Q tag or what is default villain? That's all what we're going to talk about today. Villain stands for virtual local Area Network. For now, we can skip maybe that word virtual. We will focus on the second part, which is Local Area Network. What is that local Area network exactly? A local Area network is something we already have in our homes. It's a collection of our devices that are connected to our router, either wired or wirelessly. Our phone, our laptop, smart TV, wireless printer, if they are all connected to the same device that our service provider gave us, and if we didn't change any configuration on that device, then all our devices at home create what is known a local Area network. If we configure our devices to be visible on that local network, then all those devices in our home can see each other and they can communicate with each other. That is an local Area network. What is Vlan then? Let's say we bought some CCTV cameras and we don't want those cameras to be in the same local Area network as our computers or our home servers. I need those cameras, but believe me, it's better not to have them in the same network as all of our other devices. God knows what type of software is on them and what it does, if it's spies on us or worse, I don't know. What I can do then? Is I can split my single local area network into multiple isolated virtual local area networks. In computer networking, you'll often hear that term virtual. For example, when you split one big server into smaller logical servers, you call them virtual servers or virtual machines. The same with N. Once you start dividing your lane into smaller chunks, you call those junks virtual lans, which simply means they will become logically or virtually separated from each other. But anyways, I was talking about those CCTV cameras. But you might also want to separate other network devices. You want to separate your network even further. Maybe you want to keep your printers in separate designated Vlan and maybe you want to separate servers from the PCs, et cetera. This is basically the way that every single company separates their network as well. It's safetier, it's easier to manage, and also what you do is you make smaller broadcast domains. But let's not talk about broadcast domains, maybe. Let me simply show you how it's done and how villains can make all those different devices completely separated from each other. For that, I will use a free software called Packet Tracer. It lets you simulate real life computer networks, and you can get this tool for free. This tracer is free. You just have to sign up to Net Academy website. It's not sponsored video. It's simply really nice tool and it's free, so can't complain. As you can see, I created a very simple network with just four computers and they are connected to that single switch in the middle. Currently, they are all in the same line. I didn't do anything. The only thing I did here is I configured IP addresses and MAC addresses for all those devices. But we will split that network later on. So you can think of those top devices as maybe computers and bottom devices as maybe those CCTV cameras that we want to isolate. At this stage, it does not matter because as I said, at this stage, they can all talk to each other because they are in the n. But you might say now, Mark, but I don't have a switch at home. It doesn't really look like my home network. Well, the fact is you already have a switch. That device you got from your Internet service provider, and although we call it we usually refer to that device as a router, it's really an all in one device that, in fact, has a switch built in all devices at home that connect wirelessly or are to those usually yellow ports, they are connected to that built in switch in that all in one device. But back to our example. We have those four computers and since all those computers are on the same network, they can connect and they can ping each other. What I mean pink, I can, for example, if I click on that device and I go to command prompt, I should be able to pin, let's say, PC one. It has IP address of 10.0.0.1. And you can see it works fine. We have the response from PC one, from the IP address 10001. As I said, each computer currently has assigned IP address. I assigned it manually and that IP address is known as Layer three address. Plus, it also has MAC address, which is also known as physical address or Layer two address. And if you want to learn more about those addresses and about those layers, then please watch one of the previous videos when we talked about OSI model. But for now, let me just tell you that this switch in the middle does not have any idea what an IP address is. The switch cannot interpret any layer three information like this IP address. This switch is a very simple device. It's really just a connection box that has very limited information. And in fact the only information it holds is what MAC address is connected to each of these boards. Mac address is something you can check on your computer if you're on IP address. No, sorry, IP config, forwards OL. Can see this is physical address, which is that MAC address. This is something you usually don't configure. This is assigned by the manufacturer of the network interface card, but you can also see IP address, which you can either configure yourself as I did here, or you will get this IP address automatically from your all in one device that you got from your ISPeed provider. Each device has different IP address and it will have different physical address Layer two address, Mac address. You can see I simplified a little bit. I said DDD, but MAC address is a little bit longer. I just wanted to keep it short. I didn't want to type all those letters. Never mind. What I'm really interested in is I can close that This is called managed switch. So if I click on that and if I go to CLI command line interface, I can run command, show Mac address table. And what I can see here. Let me move it slightly. As I said, this is all this switch can actually see. It can see that Mac address AA is connected to port Fa 01, and Mac address DDDD is connected to port FA 04. But why only those two are displayed anyways? Well, the fact is the switch only knows about Mac addresses once it can see some traffic in the network. We did that ping from PC four to PC one. Switch learned about those two MAC addresses, but it hasn't seen any traffic yet between PC two and PC three. It learns those MAC addresses and those parts only after receiving and sending some traffic, which means if I go to PC two, for example, to command prompt and I ping 100 dot zero dot three. Now we get the response from PC three. They can close it if I open the switch configuration again and if I run exactly the same command, show Mac address table, interesting. It already forgot the previous Mac addresses. Yes. But if we run again, sorry one I will explain. I will say, we are on PC one, so 10.0.0.4, that's fine. And if we go to switch again, if I run that command again, now, it can see all four devices. Why here, it only displayed those two and not previous ones because it already forgot about previous Mac addresses. It keeps that information only for a while. It can also be configured, how long it keeps that information in cache. But if it can't see any traffic for a while, it will simply drop that information. How is that obtained exactly? Let's just step back and think what happens when I send pink from PC one to PC four. The process is that PC one creates so called packet first and that packet has several fields. One of those fields is called a payload and in our examples just a simple pink command. Payload is the data that it holds this packet holds, and in our case, it's a simple pink command. That PC one adds then another information to that payload. It adds so called IP header. And that IP header will include the source and destination IP addresses. So source being PC one, IP address 10.0.0.1, and PC four is our destination. So we'll put the destination address ten.zero.04. However, that PC one will also see that to reach PC four, it will have to pass that switch in the middle. This PC one is connected to switch using Ethernet cable, so it knows it has to create another header. This time, it's called Ethernet header, not Internet, but Ethernet. This header will include source and destination MAC addresses. Because remember, this switch in the middle has no idea what an IP address is. So so far, all the information that was created by PC one is useless for switch because switch can only read MAC addresses ready. So PC one simply adds source and destination MAC address as well. So in this case, it adds AAA as a source and DDD as destination MAC address. And only then the pink is sent. And the first time this switch in the middle sees that incoming packet, I mean, together with Ethert information, it's called frame. Packet is just with the IP information. It's like it doesn't really matter. Basically this pink is sent. The switch in the middle can see it and it can see that the source MAC address is AAA, so it will save it in the Mac address table. However, at this stage, it doesn't know yet where is the destination MAC address, DDD. So what it does, it will send that frame out of all of its interfaces, except of the interface that it received this frame. This behavior is known as unknown Unicast. Simply it forwards this information further to all devices, hoping that one of them has that Mac address DDD, and it will respond to that message, the PC four indeed responds to that ping. Once the switch in the middle sees that response from PC four, from now on, it will know that PC four is connected to Interface FA 04, and it will save this McAddress in its Mac address table. This switch in the middle operates only using those layer two addresses, the Mac addresses, and only maintains that thing called Mac address table where it records which computer simply connects to which port. But you keep looking at that and you're like, Mark, you are missing one important information. What is that villain? We've got villin information. What's that villain one? Thing is, we haven't configured any villains yet and this managed switch by default, will have something called default villain. If it's not configured with anything, all those interfaces and all those devices will land in the same villain called default villain. Basically, if you don't configure anything, you land in villin one in default villain. But now I want to start splitting, this one local Area network into multiple virtual local area networks. How do I do that? We will see clearly why it's called virtual. The thing is, we are not changing physically anything. We don't pull any cables. We don't buy another switch. Physically, it stays exactly the same. Our network, we will only change the logical setup, and I will only have to reconfigure the switch. So the devices like computers or maybe CCTV cameras, they will not even be aware that they land in some villains. This information is only configured on the switch in the middle. How do I do that? On the Cisco switch, I run command enable or simply EM. I know these letters are very small. I don't know if I can even make it large hope it's okay. So it's enable and it's configured terminal, which can be shortened to CFT. And then let's say we want these top devices, which are maybe our computers. We want them to be in villin ten, and the bottom devices will be maybe in Villain 20, let's say. So what I can do, I can simply run command interface FA 01. This is the interface I want to configure. I have to make sure that interface is configured as mode access. So I say switchboard mode access, not teach part, but switchboard. Switch port access Vin ten. We can see it says access villain does not exist, creating Vin ten. The first port you want to assign to VLN ten, if that villain is not preconfigured, then it will be created for you automatically, so you don't have to worry about it. But we want to put port Fa two as well in the same villains. So I simply say interface FA 02, and again, switchport mode access, I can use up arrow. Again, V ten switchboard access Vin ten. Let's continue and we will configure PC three and PC four in villain 20. But remember, we don't touch the PCs. All configuration is done on switch only. I say interface fa03, switchboard mode access, but this time, switchboard acess villain 20 Vilan 20 also didn't exist, so it will be created for me automatically. The same for interface fa04. Using up arrow because I'm lazy, mode access, villain 20. That's all. You will see that orange dots while it's being reconfigured on the switch. But you can see PC is not aware that anything changed at all. But let's now close this. Let's go to PC one, and let's pin maybe PC four. We did it yes just like what minute ago or a few minutes ago. So let me just use up arrow, and I will re run the same command. Press Enter. What happens now? Let's have a look. Something is different already. You can see it and it says request timed out. But what the I was able to access it just a minute ago. So what happened? What is different now? The fact is, if I go back to switch and if I run show MAC address table now, so I have to exit first, we can see just one MAC address. Isn't that interesting? Well, the thing is, if you look carefully, if you look again, you will also see villin number has changed. The thing is now top pieces are in villain ten and the bottom pieces are in villain 20. And we tried to pink PC four from PC one. What happened this time, that pin was also sent to the switch, but this time switch will only forward that information to the interfaces that are in the same villain and PC four is no longer in the same villain. Switch checks that frame. It can see it's supposed to go to Mac Address DDD, but it doesn't have Mac address DDD in Van ten. Switch will only check Mac address table for vilanten Because this MAC address is not there, it will simply send it out all of the ports only those parts that are in villain ten. And the fact is none of those pieces have McAddress DDD, and none of these pieces have IP address 10.0.0.4. That's why we simply don't get any response. The PC will say request timeout and the McAddress will only stay with that one source MAC address. But what we can do, we can go to PC one and PC three. I mean, maybe PC one first. We should be able to pink 0002 because it's in the same villain. It works, as you can see it works. I can now go to PC three and I should be able to pin 100 dot zero dot four because they are also in the same villain villain 20. Now if I go to switch again, if I run show Mcddress table, now we have full picture. This pink worked from PC one to PC two and pink from PC three to PC four also worked. Switch was able to learn all those Mac addresses, but they are in completely separate villains now. They are not able to talk between Vin ten and villain 20 are completely separate switches. You can consider as being completely separate devices. In fact, our switch is currently split into three little switches because whatever you connect to port FI 01 and 02, will land in villain ten. Whatever you connect to FI 03 and 04, will land in villain 20, and all the other ports, it has 24 ports. If I hover over it should display them all. Look at that. All remaining ports, if I connect something there, they will land in default Vlan one. What really happens in the background here is that the PC still sends the same frame out with the pink information, with the IP information, and with the Ethernet headers. However, once switch receives that, it will add yet another information. For any traffic that lands on port FA 01, it will add something called dot one Qtag or VLN tag and this.1q tag will have the information that this traffic belongs to Vlan ten within that switch, it will only be forwarded further based on that information. And then when it's sent out towards PC two, then this information will be stripped off. The villin information is only inside that switch, the same for PC three. When a switch receives that pink, it will add the information that this traffic belongs to VLN 20 and will only be forwarded to devices that are connected to the interfaces that have the same villin tag. But once that pink is sent out towards PC four, villain information is also stripped off. PC is unaware that it belongs to any villain. It all happens within that switch. And if we had another computer that connects to that switch on default villain on villain one, then one Q tag is not added. But if we had only one computer connected to one port on villin one, it wouldn't be able to talk to anybody because devices connected to default villain can only talk to other devices connected to the same default villain, which by default on switch is a villain one. Villin one simply means or default villain simply means no dot one Qtag is added, and it works this way. So you can connect to some old or cheaper devices, usually unmanaged switches, where you can't configure villains. Very often at home, you will have unmanaged switch. You can't even log on to that switch. You can't run like any of those comms. Haven't got any view what's going on inside. Those switches will only have default villain, villain one and you can't reconfigure them. Basically, this is the method where you can connect to this is managed switch, and you can connect to it unmanaged switch, but they will only be able to work on that default villain. I hope that makes sense. If you wonder whether there is a maximum number of those small virtual networks, those villains that can be created on that large switch, then the answer is you can create over 4,000 villains. So many more than you will ever need. But yes, there is maximum amount of villains that you can create on a single switch. That's all I wanted to say today. So I hope that makes sense, and thank you for watching. 31. (pre-req for Proxmox vlan-aware video) Access port vs Trunk port: This video, I want to talk about the differences between trankports and access ports. Tran port and access port is something that you can configure on a switch at home or in your company network as long as it's a managed switch. Managed switch means simply a switch that lets you change its configuration. In previous video, we talked about VLANs and VLAN tags, also known as eight oh 21q tags, and we know that we can configure VLANs on the switch to divide your local area network, your an into smaller virtual local area networks. Villains. We know our devices by default are in the same villain, villain, also called default villain. If you have non managed switch at home, that means you are also in that default villain. If all these hosts are in the same villain, then all those devices, in this case, we've got some PCs, we've got some laptops and here PCs again. All those devices should be able to talk to each other. You can see I configure them with the IP addresses and also set MAC addresses for them. PC one has IP address of 10.0.0.1, PC two has ten.zero.02, et cetera. We can send, for example, pink from this device. I will go to desktop to command prompt, and then you should be able to pink what maybe 100 dot zero dot six, which is PC number six here down. I press Enter and we can see it's up and running. The pink is working as expected. If we go to switch configuration, if I run Show villain, command, for example, I can see that indeed all the ports on the switch and this switch has 24 ports altogether, all those ports belong to villin one, which is default villain. By the way, on Cisco devices, you will also see that crap. It's not used for the last 30 years, but it's kept just for backwards compatibility. But basically, all the ports always belong to villin one if you don't change anything. If we run, for example, show Macadress table, we can see MAC addresses of those pieces that connect to this switch. But because we only could see the traffic between PC two and PC six, Switch currently only knows about those two computers and they have Mac addresses BB and FFF respectively. Because we remember switch in the middle does not know what IP address is. The switch in the middle will use the MAC addresses to forward the traffic. From switch perspective, the traffic goes from Mac address BBB to FFF. That's exactly what we can see here. And then if we run command, for example, show Interface FA 02, switchboard. Which is the port that PC two connects to. We can see FA 02 and Mac address BBB. That means PC two connects to port FA two on the switch. We can see that the port mode is called access. It's static access, exactly. So it's operational mode, static access. But what that mode access actually means, the mode aces on the port on the switch is designed to connect devices, I mean, hosts like PCs or servers or whatever that have no idea what a villain tag. Maybe devices that are simply not configured or ready to receive a frame with a VLAN tag because currently VLAN tags are not in use in our case. All devices connect to default villain and default villain doesn't use any villain tags, eight oh 21q tags. But there is yet another mode for a port, and it's called trunk port. That mode trunk is a mode where you connect any port on that switch to another device that simply can understand villin tags, another device that can receive villain tags, and it knows what to do with. In current setup, to be honest, if we change the mode from access to trunk, this will not change much because we currently simply don't use any villain tags. From the previous video, we remember that to use VLN tags, we have to first configure the villains. Let's put laptop three and laptop four in separate villain. Let's say villin ten. To do that, I run command first enable EN, but I'm already in that mode. I run configured terminal, which is CT in short. And then I have to connect to port three and four because laptop three is connected to port three and Laptop four is connected to port four on the switch. So I say interface FA 03 for laptop three, and I say switchport mode access, just to make sure it's in this access mode. And then I say switchport access. Villin ten. I put this laptop in villin ten, and because that villain didn't exist, this switch will create that villain automatically for me. We can see the orange circle, that means the port restarts, reconfigures itself, and then we do the same for port fa04. I just use up arrow because I'm lazy, so I say again, switchport mode access to make sure we are dealing with access port because only access port can be put in one specific villain, and I say switchboard access villain ten. And now let's configure PC five and PC six. Let's put them in villain 20 maybe. So I say Fa 05 for PC five, I say switchboard mode access, Switchboard access villain 20 this time. Again, that villain didn't exist, so switch created one for me, and I say Fa 06. It's the port on the switch where PC six connects to. And I do again mode access, Access villin 20. That's it. Now I can exit the configuration. Mode. And if I run Show villain now, I will see that indeed villain one still exists, and PC one and PC two still belong to that villain because I didn't change anything on those first two ports. I only changed port FA 03, FI 04. I put them in villain ten, and then I configured port FA 05 and six, and I put them in villain 20. We can see villain ID 20. So from now on, as we can Remember, we don't change anything on the PCs. They are not even aware they are put in any villains, yes. Note that we only change the switch configuration. All of those ports are still access ports. They are not trunk ports. They are still access ports. However, we've got three different villains now. FA 01 and 02 are in default villain, FA three and four are in violin ten, and FA five and six are in violin 20, but they are all still access ports. And what it means now from, let's say, laptop three if I run Common prompt from now on, I only will be able to pink Laptop four. I can only reach the devices that are in the same villain on the switch. If I pink, let's say 1000 dot four, that will work. Laptop four is in the same villain villain ten. But if I pink, let's say 006, that will not work. Why? Because 10.0.0.6, PC six is in different villin. We can see the request timed out. And if we go to the switch, if we run Show Macaddress table, the only traffic that switch could see now is between FI 03 and 04. When we run the pink from Laptop three to Laptop four, that was traffic within VLN ten. And if we quickly pink from PC six, let's say, pink ten.zero.05, we can see that works. And also from PC two, if we pink 001, if we pink PC one, we also should be able because they're both in default villains. But what I mean, if we go now to switch and we rerun that command so Macaddress table, now we can see all the devices, but we can also see how they are spread between those villains villain one, ten, 20. That makes sense. So what's that tripod then? Where is it? How do we use it? Let's say maybe that one switch is not enough for me. Maybe I've got a big company, maybe I've got three floors, and I want to have multiple switches. Maybe I want to have one switch on each of those floors in my company. So I have to create kind of a connection between those switches. Let me add one. I say switch. I will choose this one. I want to add another switch, and I will need some more devices, maybe some more pieces on that, let's say, second floor. And I want this particular PC, for example, PC seven, maybe I want it to be in villain 20. Maybe I want it to be able to communicate with PC five and PC six. So how do I do that? The answer is, I can simply connect those two switches. Let's say port 07. I will connect it to also FI 07 on this switch, but I will configure that connection as a switchboard mode trunk. I go to switch configuration. For this one, I can see FI 07 is now up so I can run CFT interface FA 07, and I say switchboard. Mode, trunk this time. That's it. I simply go to this switch, switch one on the second floor or whatever it was. I go to CLI and I say again, enable first CFT. We will waste some time because switch fins that's the domain name. Let me maybe prevent that from happening. I will say no IP domain lookup in. Sorry CFT, of course, no IP domain lookup. We can ignore that. All right. But never mind. What I need is interface FI 07 and I want it to be switchboard mode trunk. That's it. But let me explain what we're trying to achieve here first, how our traffic currently looks like. When I send a pink from PC one to PC two, that pink will have some data. In our case, it will be simply a pink. It will have source IP address of 10.0.0.1. It will have destination IP of 100 dot zero dot two. That's what PC one is building. This is called packet when you have that information, and then it will add MAC addresses because it can see it's connected to sich and switch doesn't know what are the IP addresses. PC one understands that it will have to add source and destination MAC address. It adds AIA as a source MAC address and B B B B as destination MAC address and only then forwards that frame to the switch, switch can see that and it will forward this information further to all devices that are in default villain. Default villain means no villain tag is attached. This frame. And it forwards it as it is to B B, B B. However, if we send the same pink from PC six to PC five, this time, the data is still our pink. The source IP is 100 dot zero dot six. The destination IP is 10.0.0.5. The source MAC is FFFF. Destination MAC is EEEE and such frame goes to the switch. However, when switch receives that frame on port FA 06, the switch can see that this port is configured with villain Tug 20. That means the switch will attach additional information called eight oh 21q tag, and we put the villain identifier there in that field. It will say VLAN 20. This traffic belongs to villin 20, so it can only forward that frame to any other device that is within that villain, and only one other device is in this villain. It's PC five. So the switch forwards it to port number five. But then on the way out, it will strip off that, that villain information. When PC five receives that frame, it doesn't even realize it's in a villain from PC perspective, it doesn't belong to any villains because all of that happens internally within the switch. However, what if we want to place the PC seven also in villain 20? We can use that trunk port because the trunk port is the port that does strip of any V and tag information. So basically, the default villain villain one can travel via this trunk port. The villain ten and villin 20 can also travel further using this trunk port because the behavior changes now. Trunk port is simply a port where the switch will forward the frame as it is with the vilantag information. Let me show you what I mean. If I go to that PC and I configure it with IP address, let's say 10.0.0.7, and I can assign MAC. ABCD, maybe. Let's connect it. To port FA 01, maybe let's move it a little bit. If I go to the switch configuration and the PC is connected to Interface Fa 01 on this switch, I can say switchport mode access. Switchport access, VLM, and then whatever villain I want, maybe 20. I will put it in villain 20. That means from now on, this PC seven is able to communicate with PC five and six. Let's check. I say, let me exit that. Let's go to the PC, command prompt, IS pink 10.0.0.6. You can see it works fine because PC seven sends the traffic from 10.0.0.7 to IP 10.0.0.6 with its own MAC address, and the destination MAC address is this FFFF. But when switch one receives that frame, it can see this switch port is configured with VLNTug 20. It will add that VLN tug and it will send it out every single port that belongs to villin 20. But in this case, there are no hosts in villin 20 but there is a trunk port, and trunk port belongs to all villains. So it forwards this traffic out of this trunk port. And when this switch receives that traffic, it will forward it further, but only to devices that are in villain 20, but at the same time, because it knows MAC address FFFF is connected to port FA 06 and its switchboard mode access, it will strip off this villain information again, and it will send this frame to PC six as if it was in no villain at all. But note that this PC seven cannot talk to, let's say, PC one. If I pink, 10001, I am not able to reach it. To reach villain one, I have to be also in default villain in villain one. If I wanted to place this PC in default villain, then I would do CT. Interface FA zero, one, switchboard mode access, switchboard access, villain one. We can see the port reconfigures on the switch, and if I go to the PC, when it turns green as it is now, I should be able to pink, let's say, 10.0.0.1, and I can. But if I try 06 that worked just a minute ago, let me run up our room. Now I'm not able to reach villin 20 because this switchboard, FI 01 on switch one does not belong to villin 20 anymore. It's default villain and default villain means there is no villin tag added at any point of this path because default villain is the one that does not add any eight oh 21q tags. Basically the main difference is that access port will keep stripping off that villain information, that one Qtag while trunk will forward it as it is with villain identifier. So all villains can travel via that one single cable here. But bear in mind, there is one thing wrong here right now because we've got three villains and villain is a layer two concept, but they are all in the same subnt and subnet is a layer three concept. And we talked about layer two and layer in the video about OSI model. You might want to revisit that one because basically you want to really match layer two and layer three information. We shouldn't have them all in the same subnet. For example, if you have these in subnet 100 dot zero dot 024, then these laptops should really be in different subnet as well. If they are in villin ten, maybe we will create another subnet for them 100 dot ten dot zero, let's say, because these pieces at the bottom are in villin 20, layer two, maybe we want to create a layer three subnet. Let's say 10.0.20.0 slash 24. Layer two and Layer three are two different concepts, two different layers, and that's something to consider. But it's kind of also unrelated to access port and trunk port. So yes, I hope that all makes sense, and thank you for watching, and I will see you in the next episode. Thank you. 32. Proxmox vlan configuration (vlan aware Proxmox): In this video, I wanted to discuss Proxmox networking and specifically that villain aware configuration that we might have already seen and wonder what it is for. Villain aware means simply to be able to handle VLAN tags. And in previous videos, we discussed those networking topics like what villain is, how it works, what VLAN tag is, also known as.1q tag, I mean, we also discussed what is the difference between access port and trunk that you can configure on your switch, and these topics are prerequisites for this video. You need to understand those computer network technologies to fully get what we are going to configure in this video about that villain O Proxmx. But anyways, I hope you are all up to speed them. Let's see what it is all about. If we go to the node to PVE in my case, to Network tab, we can see some entries already. And what are those entries? Well, the first four network devices are my physical interfaces on my MiniPC. My mini PC has four Ethernet ports, and they are shown as four network devices here. You can see only first one is active because I only have one cable connected, so only that ENP two s zero is shown as active. This VMBR zero, what this is, it's called Linux bridge. It's something like a virtual switch, let's call it, and it's default switch that was created by Proxmox during the installation. When I installed my Proxmox, I gave it address of 1921 681.201, and that's what is shown here. We can also see that port ENP as zero, it belongs to that bridge. To that virtual switch, let's call it. If I double click on it, we can see the same information. We can see the bridge port ENP two as zero, and we can see that villain or config, but it's antiqued currently. And the other thing, if we go to Shell and if I run command cat, let's see, network interfaces. You basically see exactly the same information. I mean, we couldn't see the loopback interface. It was not included there, but we could see all those four physical interfaces, and here is our bridge. Currently, it's configured statically. I gave it this IP address, this gateway, and we can see the only port that belongs to that bridge is ENP two as zero. That's cool. You can easily add more ports to this bridge. You can see space separated list of interfaces. If I wanted to add another interface, let's say ENP three as zero, I just type it here, click Okay, and now have another interface that is part of the same virtual switch. What you can also see is that pending changes below. It says, either reboot or apply configuration because it needs something to activate. What they mean is this button. I will click that apply configuration. I will say yes. Something will run in the background, but basically what it does, it's reconfiguring this file. If we go to Shell, if we run the up arrow at see network interfaces, we can see port this new port ENP three was added to our config. But that's not what we were talking about today. If I double click on that, I will remove it maybe. Let's go back to what it was at the beginning. I will apply configuration. We have the default config again, what if this is not my only network? What if I have maybe 102020 dot zero, and they put it in villain 20 and maybe I have another 110.30.30.0, and they put that network in villin 30. How do I configure my prox Mx to be able to reach all of those networks? One of the solutions would be to create more virtual switches and assign ports. I will show you quickly how it's done. I will create Linux bridge. It's automatically chosen the name for it. It's fine. That would be 102020, maybe IP maybe 124. And they say create. And I can add another bridge, maybe VMBR two. Oops, sorry, NB one first, Bridgeport, ENP three as zero, yes. Okay, so we have physical interface as well. And now create bridge, another bridge, and I say it's 103030 maybe seven. Slash 24. It's different IP address, but in the network 103030, I say Bridgepoard is ENP four as zero. And that's basically it. If somebody asks, Mark, but why didn't you click that villain Award? You said that villin 20 is for ten to 2020 and Vilan 30 is for 103030. Well, in this case, if you created separate bridges, for specific villain, you have also separate cables, which you can connect to the access ports on the switch. Let's say on villin 20, but access port and VLAN 30 but access port on the switch on the other side, and that Vintag will be stripped off automatically because that's access port on that other side. And on the access port, no villin tags are allowed. Are stripped off before they are forwarded to Proxmx. That's why it would work. But we can achieve the same using just one cable. If you, for example, have one port only, you can only use one cable anyways. But then we can configure the switch on the other side as a switchport mode trunk and trunk is a member of all Vilans. That means if the traffic has no villain, it will land at default interface. In our case is this one. This interface doesn't expect any villin tags, but for traffic with VilanTag 20 or Vilantag 30, we have to create interfaces that expect that kind of traffic. So let me show you what I mean. Let me remove this first. Let me remove that. And if I go to VM BR zero, I can make it Vilanaware now. I click Okay, I will apply configuration. Yes. If we go back to Shell and check the config, and for this portion, nothing changed. But you can see at the end bridge villain OR, yes, and bridge VIDs 2-4094. What it means, why one isn't it included? Villain one is a default villain, and it will be still received by this interface, this VMBRzero static interface because it doesn't expect any villin tags. But if I go back to network, I create Linux villain this time. There are actually two ways I can create an interface that can receive a traffic with villin identifier. You can see it says, for example, VMBrzero 100. Let's see, VM BR zero, but I will say dot 20. What happened here, Proxmox automatically created so called sub interface, and that sub interface belongs to main interface VMBRzero to that switch to that bridge I mean, and it automatically expects VilanTag of 20. And now I can also assign IP address 102020, whatever it was. I don't know, 55, it can be doesn't really matter, as long as it's the same network as remaining network that I have configured in villin 20 on my switch on the other side. So if I create that now, I have something that can receive the traffic with Vlan Pug identifier 20, and I have Layer three interface, which is 102-02-0505. If I create another villin for VLAN 30 this time, I can do again Vmbzero 30, if I wanted. That will automatically assign VilanTag and the interface will belong to VMBRZero. But the other way of doing it is I can simply put whatever I want here, maybe Mark 30, let's say, and manually assign Raw device, which is the bridge VMBRzero. That's the only one we have and VLNTag it doesn't have to match my name at all. It can be 77 or whatever, but I need VLNTag 30. I have to configure it with villin tag 30 because that's what we expect on this villin interface. And the last but not least, I want also to have IP address on this interface, 103030, and whatever IP is available, maybe 88 24, and I create that interface. Now if I go to Shell, if I check my config, you can't see anything. Why? Because I forgot to apply the configuration. So now let's go back to the shell, run that command again, and now we can see full config on the Proxmox. This main interface has IP address of that. This is the main interface that will receive the traffic where no VLAN tag is added, means it will process the traffic for default Vlan, but we have two more interfaces now. This one is sub interface, and Proxmox by just looking at that will know it will belong to VM BR zero, and it will expect VLAN tag 20. And this config is a little bit longer. That's kind of equivalent of interface villain. So while, this one is sub interface, this is kind of like interface villain. If you come from Cisco world in networking terms, or at least that's how I see it. We can call this interface villain whatever we want. We can assign IP address, but villain identifier that we expect, we have to specify separately. And we also have to specify which of those virtual switches will process this traffic, and we configure it with VM BR zero, which includes this physical interface. So these are two ways of basically doing the same thing. And then if you wonder how to add your virtual machines or containers, like C containers, for example, if you want to add them to specific sub interface, then you simply create a container and whatever, let's go next. With only one template. I'll go next, next, next. Network is what I'm interested in. By default, it want to go to that default VMBR zero on the default VLM, but nothing stops me from changing it to, let's say, vilantag 30. And then maybe I want to put it on that network. Then 30, 30, whatever, maybe 88 on Network 24. This way, I will attach this Aalaxy container to this villain interface, I created on that virtual switch. I know it might be a bit complicated, but watching previous videos where we discussed villains, villain tags and access ports and tranports will help a lot. If you need, you might have to revisit those. That's all I wanted to say about Proxmox villains, so I hope it was helpful and thank you for watching. 33. Configure PiHole on Proxmox with DHCP and Unbound: You decided that you want to run PiHole on your network. You want network wide ad blocking and privacy which it can offer. So you want your PiHole to run as your new DNS server, or maybe you want to go even further and you want to run it as recursive DNS like bound on top of that PiHole. You saw a tutorial where they say, you just have to install and configure your PiHole on Raspberry Pi, let's say, and you set that PiHole IP address as your new DNS in your router settings. Job D. Well, the problem is that you only have so called locked router, which is a very basic device you got from your ISP, which does not let you change anything DNS related in its DHCP service. In fact, you can't even disable your existing DHCP service or fiddle with any important settings on that box, which is exactly my case. This is the sky Max hub I got from my provider here in UK, and there is very little I can change on that device. I can't configure my PiHole IP address as my DNS. There are no DNS settings at all, to be honest. Everything is hard code. It's fine though. I will show you today step by step how to configure that PiHole on your network with all the services I mentioned despite all those limitations on your ISP router. You don't need to replace current ISP router, you don't need to set it to bridge mode. You don't need double nut or anything similar that you might come across when Googling for a solution to that problem. Will simply run PiHole with yet another service enabled, which is DHCP, Dynamic Host Configuration Protocol. If you wonder, yes, we will end up with two DHCP servers on our network. But you know what? It's okay as long as you follow some rules that we are going to talk about. The only thing you really need is some device that will let you run PiHole and unbound service this raspberry pie. I mean, PiHole can be installed on nearly anything. But in this video, I will show you what that process looks like for Proxmox and for raspberry pie like this little Raspberry Pi tree. You PiHole will become your main DHCP server in your network that you will have full control over and that PiHole will be able to tell all your other devices at home to use it as your new DNS server. That means all your devices at home will start using PiHole automatically to block unwanted ads and malicious or suspicious traffic without need to configure anything on them. They will pick up new settings automatically. That's basically how DHCP service works. It tells all your devices what IP address they should use, what is their default gateway, and what is the DNS IP address they should use. And we will have to black hole the DHCP service on the ISP router because we are going to use the HCP service on the PiHole for our entire network. But to do that correctly, you have to first understand your current network, how it works, how it's configured. And to understand your network, the best point is by logging in to your device that you got from your ISP to that locked router. So check that sticker at the back of the device or at the bottom, and it will show you the IP address and the credentials to log on to that device. In my case, I have to go to HTTPS, 19216811. Then user name and puzcel that you found on the sticker, and the process will be similar for you as well. But instead of one dot one, you might have zero dot one or other IP address. This is the money of that sky Max hub Router. If you go to connection to local IP network, that's basically all I've got. This is the default setup, and what basically tells me that this is my default gateway. Default Gateway is let's say, a device that takes you to the Internet, and that doesn't change. This device, this skybox will still be the one that takes me to the Internet. We will not change that anywhere. The subnet mask is 255-25-5255 dot zero, which is also known as slash 24, then we can see that remaining IP addresses are all handed out from this router to all of our devices, which means any device I go to in my network, it will have IP address between 19216812. That's the first beginning IP address of the DHCP scope, and the last IP will be 253. If I check, for example, this device, IP address, I can see indeed it is 1921 681.204, which is within this scope. The entire scope of this network is from 192.168.1.0 all the way up to 192.168 1255. However, the first IP address is reserved it's so called network address, and it's not meant to be used by any network device. The last IP address, 192.16 8255, it's also reserved its so called broadcast address, and it's used to send data to all the devices inside our network at the same time. That's why it's called broadcast. But you can see that.254 is then left out. I'm not sure why, to be honest, but sometimes some devices leave one IP, for example, for mesh device, if you want to attach a mesh device to this router or sometimes the default gateway is actually configured as.254. So maybe that's the reason, but to be honest, it doesn't really matter. We don't have to worry about it right now. Maybe the only thing I will change because I'm not going to change anything yet, but, you know, at least time, it might actually help if we change it now to maybe 1 minute or greater or equal to two. No, so let's change to seconds, and I will change it too, so 2 minutes is minimum. That's fine. Let's change it to 2 minutes. That means when the device gets an IP address, it will have to keep asking the DHTP server every 2 minutes if it's okay to keep using it. It will help us later on. Let's save that setting. And for now, that's all we need here. We just have to know, we have to understand our network. I mean, sorry, there are two things you can actually do. You can go to connected devices and see what currently is connected and what IP addresses are already there. Every device you click on, even that reserved ones, if you click on them, it will show you what is its IP address. And when it says reserved IP, it doesn't mean I reserved it. It's simply this router. When the device first connects to it, it provides that, let's say my ISOSog is here it got this IP address and it's also shown as reserved, which means every time my laptop connects to this device and asks if it's okay to use this IP, the DHCP server says, yes, yes, it's fine. Even if I turn it off and turn it on again on the following day, I will still get the same IP address. Simply go through those devices and see what IP addresses are already in use and which ones are free. Plus, what you can do, you can do before you change anything, you can do screenshots or backup entire configuration. If anything goes wrong later on, you can simply restore without having to reset entire device. All right. Let's install and configure the PiHole now. I will start maybe with the Proxmox and then we will go through the Raspberry Pie setting. This is my Proxmox and I've got already some virtual machines running, but let's create new virtual machine and I can leave the ID as 100. I will call it server for PiHole. Click next, the ISO image. I will use Ubuntu 24 server. But honestly, you can use any Debian based image like Debian itself or Ubuntu 22 desktop or 24 server or any other Debian based image. I will go with this one because I like it. Click Next. Next, I will click Advanced, and I will enable discard and SSD emulation because I'm running it on SSD disk, so that's always advisable. This is not a big let's lick next. I don't need much. I probably one core would be fine, but maybe I will give it two cars. The type of processor, you can leave it as it is, but I like using the host one. It's not for everybody because if you use life migrations, et cetera, maybe you don't want to go with host, but the host gives you the best performance. It's up to let's just click next. The memory, we don't need much for PiHole, but we need at least 1024 because remember, we are now configuring the server, the Ubuntu server. So that's the minimum requirement for Ubuntu server because PiHole it will be running even on 256 mega. It needs very little resources. Okay, that's fine. Let's click next. I don't need anything here, next and finish. My virtual machine is here. I just have to start it. I go to Console, and it asks if I want to try or install. I want to install. Let's just click Enter. They're very small. Let's have a look if I double click on that. If it's better. Oh, I think it's better. Okay, let me use it as this. In a new window. I think it's better. You just double click on the virtual machine. And I choose English UK because that's true for me. Now I just click Done Bono server, yes. I think you should be fine even with Wnt server minimized, but I will just leave it as it is. But here, even though my current router uses entire scope, all the IP addresses within the network, I will still want to choose manual IP address. I want to configure it manually. I know that 192.168 100 is not used by anything, so I will go currently is configured by DHCP. I will choose this. I will go to the settings. It IPV four, click Enter again. IPV four method, I will use Manual. And here I need 192.168.1.0 slash 24. This is basically my entire network. That's what we were talking about. That dot zero is reserved. This is the representation of your entire network, and this is your network. I mean, my network address I need is 192.168.1.1 hundred. I know nobody is using it right now and it's important to use the IP address that is not used currently by anything else. Then the gateway, remember, we do not change the gateway. The default gateway, the device that takes us to the Internet stays the same. It's that ISP router. So I say 192168, 11. For name server, I will choose 1111, which is Cloudflre, but this is a bit might be confused. DNS server has nothing to do with our PiHole or anything else. This DNS is needed right now by this server to pull the packages because we have to install PiHole. This DNS server is needed by the device itself, by this virtual machine, Ubuntu server, I'm creating right now. And it will only be used to pull that package, but it will not be used for any of our home devices. You will see later. Search domain, we can leave it as it is blank and we save. Now it changed to static, and this is the IP address. That's cool. I say, D, proxy address. No, I leave blank. I don't use one. And now we are expecting to show us something. Oh, that's okay. It's able to pull some packages, as you can see. That's why we need this DNS server, 1111. You could also use 19216811, the default gateway itself, because our ISP router also works as DNS. If you point it to the same device, it will still work. But I don't want to use this ISP router for anything really. It will only serve the Wi Fi but nothing else. Made. I say D, and here you can use entire disk. I mean, you should even. But here, I don't want the LVM group. I don't want to talk about it too much, but basically, I will click Enter here. I use just one partition, one simple storage device, and I want this setup to be as simple as possible. But it's up to you again. If you leave that cross, then it's fine as well. I say done and this is just the summer. We've got 32 gig partition, and we use it all for our server, Ubuntu server. I'm happy with that, so I say D. Are you sure you want to continue? Yes, yes, I'm sure. Now, my name is Marek, server name. What did they call it? My whole server, maybe user name Marek, password, some password. You will need it to log onto your server. That's it, and I say done. Continue. Install open asap server. Yes, you need that. Let's click on that and then done. We don't need anything here, so I say done. And now the server is being installed. Now the process is completed. You can see installation complete. So you can use Down arrow and say reboot now. Click Enter. Server is being rebooted. It will always tell you failed unmounting CD Rom. That's fine. That's what you would expect to be honest. Just press Enter again, and now it's being rebooted. So summary was shown, and now it is up and running by a whole server login. My user name Marek and the password whatever you configure it as your password. That's our server up and running. We need to run basically just two commands. First one is psudoUUdate and psudoUUgrade. Y. Out of answer, yes. Yes. Press Enter. I have to type my password again. All the packages are being updated and upgraded. That's done. I can clear that maybe, and now we can install PiHole, which is just one command. But I can't remember that command, so let's just Google PiHole installation. That's it. One step, automated, Install. I just copy it. That's all we need, really. Let's go to Proxmox. It doesn't let me pasting 1 second. So let's do this. Call CTP. I think that looks correct. So just press Enter and the PiHole is being installed. It says this installer will transform your device into Network wide at Blocker, which is great. I say, Okay. Okay, PiHole server needs to have static IP address. That's why we configure that 192 1681 dot 100 on the server itself. We configured it statically already, and this IP will be also shared by the PiHole service. So we have it done, which means I can use left arrow and I say continue. And for now, we will use maybe doesn't really matter. Maybe CloudFlare DNS, we will change it later on to Unbound service. But for now, CloudFlare is fine. I click Enter. This is the current DNS for the PiHole itself. Forget about the one we configured on the server. This CloudFlare is also temporary for PiHole. Eventually, we will run unbound as our recursive DNS. Cloud Strap is still fine, but it says now PiHole relies on third party blocklist, and it wants to add Steven Black's Unified host list. The black list we can talk about it a bit later. And I'm fine. Yes, that's Steven Black's default Blacklist can be added. It's basically a list of domains that you want to block. It's all unneeded traffic. You want to filter. So I'm fine with that. It can be added. I say, yes. Would you like to enable query logging? Yes, I won, especially at the beginning, when you first create your first PiHole that's a good idea, in my opinion. Show everything, yes. You have to be careful. For example, especially when you configure it on the raspberry pie and run everything on the SD card only, then maybe you don't really want to run and log everything. But for me, for this device and it's SSD drive, I'm fine with that. Show everything. Okay, continue. That is being configured now and it says done. Installation complete, configure your devices to use the PiHole as their DNS server. You can see we can now connect to the PiHole from the web browser on HTTP 192168, 1100 on port 80, forwards Admin. It also gives us temporary password, which I'm not going to use. You will see. Let's go to that IP address first. 921681 100 port 80 for admin. And the password, I mean, you can type this password, the temporary password. But what I want to do, we can click on that plus, and it tells you how you can reset the password to anything you want. It's just PiHole set password command. So I go back to my terminal, and I say, Oh, it's very small, clear. I say Sudo, PiHole, set password, and then I type my password, the one that I want to use, not them. New password set, and I can use it here. And that's our PiHole up and running on Proxmox. And for now we can leave it. Let's see how we can do exactly the same, but on raspberry pie, how we can install PiHole on raspberry pie. And to run PiHole on our raspberry pie, we first need MicroSD card, slide it into the laptop. Now we can use Raspberry Pie Imager. I select my device, which is Raspberry Pi three, I say next. For the operating system, I will go for the lightweight one. I go to that Raspberry Pi OSO and I will use Raspberry Pi OS Light, which is Debian tricky with no desktop environment, which is fine. I say next. Now I pick MicroSD card, which is 128 gig, send this card, and I say next. I want to write to this card. Under your host name PiHole. It can be PiHole. Okay? The localization is actually correct, so I will just leave it. I say next. I must probably remember from the previous flashes. So I just need password. We have to configure password. It's fine. I say next. The Wi Fi, it's up to you. I will use wired connection. I will connect my Raspberry Pi to the Ethernet cable. But if you want to rely on the Wi Fi, this is where you configure your Wi Fi. Raspberry Pie knows how to connect to it. But for me, it's fine. I say next. Enable ASH, that's very important. Yes, you need to have it enabled, but it's on by default, so that's fine. I say next. Raspberry Pie connect. No, I'm not interested in that. Now I can confirm everything is fine and I say, right. You are about to erase all data. Yes, I understand. Erase and write. And it will write to the SD card and then it will confirm everything is fine, and that's basically it that the process done. As I said, it's verifying right now that all data is correct and that's job done. I say finish and I can now remove my RSD, put it into my Raspberry Pie, connect my Raspberry Pi to my network, and then I can age to it. Now the thing is, I've got the Raspberry Pie connected to my network, but I don't know what its IP address is because it was given from ISP outer dynamically using the HCP service. There are many ways you can check that. You can check directly on that ISP router. But also, if you've got HDMI cable somewhere, you just connect it to Raspberry Pi, and it will show you on the screen what its IP address. For me, it's 192 1681 dot 40. So that's the address I can SSH to. So I can open the terminal and I say, SSH Marek, at 192168, 140. That should take me to my Raspberry Pi. I say, my password. Whatever you configured, there is, and there it is. We're logged on to our server. There is no PiHole service running yet. We have to install it. But before we install it, we also have to configure this device, this server with static IP address. To do that on Raspberry Pi, I say Sudo NTI, for this particular operating system, I mean, I say, edit a connection and you will only see one interface because that's what Raspberry Pi has one interface, so you click Enter again, and now you just go down to IPV four configuration. It's currently automatic, which means everything is handled by ISP router, but we want to change it. I press Enter, and I say manual. And we can go to that show. I use right arrow. Yes. I click Enter and the address. I want to use 192. Oh, sorry, I have to click again, Enter to add one, and say 192168, 11 oh four. I know this one is not used because I checked on my ISP router. This IP is not used by any other device right now, so I can use it for my Raspberry Pie server. Let's go further Gateway Gateway stays the same. It's also still our ISP router 192168, one, one, DNS server. I say again, one, one, one, one, sorry, Enter. 1111. This is also just for this operating system so we can pull PiHole software and install on this server, all right, for nothing else. And now we go further. I don't need anything here or there. We just go further, further. Alright, I say, Okay. Take a while to save those settings. And now again, write arrow and we just go back. And here I say, Okay. That's cool. Not sure to be honest, let's have a look, IP address. Not sure if it will take automatically. No, it will not. Some services probably have to be restarted, but to be honest, I'm lazy. Don't want to search for what services to restart. I just say pudo reboot. Press Enter, that will reboot my Raspberry Pi. You just give it a while. But note, I use up arrow, if I try to associate to dot 40 address, press Enter, I shouldn't be able now to log on to that device. Remember, let me press Control C. I changed this IP to one oh four, and this one should take me to my Raspberry Pi, it is. So I have the password, and now I already know this is the IP address, but we can confirm with IP address command and indeed, now, I've got static IP address for this server for this operating system running on Raspberry Pie, so we can install PiHole. I will clear that. And before we install PiHole, again, Sudo up update, and Sudo up upgrade. That's Y Enter. So it's up to date. All packages are up to date. It's now completed and guess what to install the PiHole, we can refer to exactly the same command and decide the same document. You basically just run this curl command. Just copy that, go back. Here I can paste it in normal terminal, and just press Enter. That's it. You can see similar output. This installer will transform device into network wide ad blocker, PiHole is free, but powered by donations. Yes, of course, it's a good idea to donate. It's a great project. You say, again, it needs static IP address, which is exactly what we did one oh four is my static IP address. I can continue. And it will now. Alright, let's choose the same Cloudflare DNS here and also asks about that Steven Black Unified host list, which is fine. I say, and query logging. As I said, if you run it on MicroSD, there are ways to log to RAM. But for me, I will just leave it as it is. But it's up to you. Let's just complete that process and have a look. All right. And we can see this is the address I can access the PiHole on. All right. So let's go to HTTP 11 oh four this time 80 admin or 80 Admin. Yes. Okay, let's reset the puzzard buy a whole set puzzard. So I say, Okay, here, buys that, and I say, My new passard is this. Oh, sorry, psudo new password set. And that's job done. So now we have two PiHole running, yes, on address, 100 and on one oh four. I honestly need just one. But basically, at this stage, we are exactly in the same place. We even run very similar operating system because the PiHole, well, it runs Linux 13 trixi if we exit this one and if we SSH to 100, run the same. This shows us Ubuntu to 24 oh four, but underneath, you can see it's also Debian. They are basically the same underlying operating systems, and we have configured them both with static IP, but I need only one PiHole, and it doesn't matter which one I choose to go further, but maybe I will stick to Proxmox. So let's maybe exit this. And let's go to the Proxmox one. To the settings to the DHCP, and now we can configure our PiHole as our new DHCP server. To do that, I will say that from 192168, one, two, two, 192, 168, 199, I want to have them handed out from this DHCP server as a pool of addresses. Let's enable that. The gateway IP address stays the same, which is 192168, one, one, and the network mask is the one that we saw on our ISP router, which is 255-255-2550. Now when I do that or even better before I do that, before I save and apply, I will go to my ISP router. I will login again, kick me out. I go to the in connected devices devices. This is the list of my devices, and I will first do what I will first do here, at device with reserved IP. I will say BlackHle maybe the MAC address. Let's say AA BBC DD EFF. This is basically a MAC address of the device that does not exist because it's not valid MAC address and reserved IP address is 192-168-1252. I can comment BlackHle again. I will save it. I can add another device with reserved IP this time 192-168-1253. And Mac address AI. What if I will just do that? Only A. Yeah, it accepts that. That's fine. There is no chance I will have a device with Mac address like that. So Black Hole two, I will save it. Now we've got two IPA addresses that are BlackHol. And if I go to gateway to the connection to my local IP network, I can now say, you can only hand out IP addresses 252-253, but we've just reserved those IP addresses to Mac addresses that do not exist. This router basically is not able to hand out any IP addresses because the only two it has in the pool are already reserved. So even though I can't disable the DHCP server on this device, I can use this technique to blacklist those two IP addresses. Now, every time a device sends the broadcast, searching for DHCP server, only PiHole will respond because it will be the only one that is able to hand out any IP address. This one we look at the reservations and say, Okay, I have two IP addresses, but they are already reserved. I don't have anything to offer, so it will not offer any IP addresses. Only PiHole will be able to offer IP addresses to our devices on our home network. Hope that makes sense. I save these settings, I go back to the PiHole Okay, I couldn't click that PiHole. I had to wait like 2 minutes. Sometimes it happens when you change something on the DHCP server, but now it should work. So yes. Okay. So now I can configure this server as my new DHCP server. Anything from dot two to dot 99 will be provided by DHCP server, and above that, 100-252 will be available for me to assign statically. Anything from 100 like this address already the address of the PiHole itself, it's already in the range of the static IP addresses, and I have many more that I can assign. But let's save and apply. Yes, we want this PiHole to run as our DHCP server. Look at that. We already have a client. It didn't take long. It's our first client that got the IP address from this DHCP server on the PiHole. That's cool. It works as expected. If some devices like a TV or Alexa or something struggle to connect, then give it a reboot, then you will force those devices to use this new PiHole. See it. Let's add that Unbound service, maybe, yes. Let's log on to our PiHole again. Let's Google for PiHole Unbound. We can see this is the command to install Unbound Sudo up to install Unbound. All right. That's past it. That's it. Now, what else? Configure Unbound. So it says we have to create a file called piehle.com in this location. Let me copy that entire location, maybe. I say sudo nano and past that. Click Enter, and now we have to copy all of that stuff here. Just click that to copy everything and just paste it. That's it. Control O, Enter, Control X. Now if I go there, C at C, Unbound Unbound D, if we run LSL, we can see that file has been just created. And if we run CAT by Holcof, this is this file. And if we run sudo what was it 1 second. Service Unbound Restart. Well, status. All right, so it's failed. So let's do the restart. And now, again, status. And now we can see it's running, indeed. So it needs that restart after adding that file, which is cool. So let's clear again, Unbound is now configured. And if we go, I mean, just the service. And this unbound is actually working on port 5335, and this is the command we can test it with. So if I run this command, they say, the PiHole, blah, blah blah. And the first query might be slow. Oh, it wasn't slow. Test if it's operational. Okay, so all right, it says, No error, and we actually have IP address back. So pihole.net. If we resolve it on the local host on the local server here, this is local host on port 5335, you should see no error, and you should see this IP address. If you see all of that, that's cool. And look at this server is 127001 ash 5335. We will have to add this to our PiHole later on. What else do they say DNSSec validation? Allr. Let's do that. Page. This one is filed. Let's see. The first command should give you the report of server file and no IP address. All right, that's what we have. Server file, no IP address. We only have query, but no IP address. That's cool. And the second one should be no error plus IP address. All right. Let's check the second one then. One, maybe let me clear first. Too much stuff. Paste. This one, indeed, no error, and we have IP address. Everything works perfectly done. Now, it says, finally, configure the PiHole to use your recursive DNS server by specifying this IP and this port in settings DNS, custom DNS servers. Let's do that. So settings where are they? Settings DNS. We disable this cloud floor and we add new one custom basically the same shown here. So we just paste it there. Yeah. No spices, no, no spices. Save and apply, successfully saved and applied. And if we go back here, that's basically it. Disable resolve.com. But for bullseye, that's not for us. That should be it. Yes, that should be it. So yes, our PiHole now uses the custom DNS server, which is unbound for recursive DNS queries. Great. That's basically it, but the last thing I mentioned are those lists, yes, because we've got one list here, which is the Steven Black default one, and it gives you 73,000 domains, yes. But if we go to those lists, if you go to hug Z, I think, Oh, yes. Hagasiblocklist. You will find DNS BlocklistF a better Internet, keep the Internet clean. I like really these ones. This is his Github page and you can see how to use them. You have all information you need. You can even have different levels like light, normal, pro, ultimate, blah, blah. I go for P, usually. I like the pro lists. Simply have to go here. Let's maybe remove this one. We have currently no lists, and let me add the two that I usually use. I just paste it here. This is the first one. GP, let's call it, Add block list. That's the first one. And the second one I use is this one Tf. At blocklist. And now to make them active, you can go to Tools, Update gravity, update. And you should see all the green ticks. That's cool. Everything is green. If we go to our lists, and you can see here they are applied correctly. If we go to Dashboard, we can see now we've got 700,000 domains on those lists, which is much more than on the default Steven Black list. I hope this solution serves you well and blocks all the unnecessary traffic. Thank you for watching, Marek. 34. Thank you!: I hope you had a great time and I hope you learned a lot. Please remember to visit Automation Avenue platform if you want to learn even more IT related stuff. But thank you for choosing this training and thank you for watching Arik.