Proxmox Best Practices and Configuration Settings

Jul 24, 2024

Proxmox Best Practices and Configuration Settings

Introduction

  • Focus on key configurations and settings for effective Proxmox setup.
  • Importance of keeping the Proxmox server updated for security and performance.

Securing Remote Access

  • TwinGate: A zero trust network access platform that enhances security.
    • Easy to deploy and use.
    • Benefits over VPNs discussed in previous videos.
    • New features: usage-based autolock, aerial access, DNS filtering, and Kubernetes operator.
  • TwinGate allows secure access for free (up to 5 users, 10 networks).

Initial Setup in Proxmox

  • Logged into Proxmox environment, recently created a cluster with two nodes.
  • Best practices apply universally, regardless of cluster size.

Update Procedure

  • Configure update repository.
    • Disable Enterprise repositories (no subscription).
    • Enable no subscription option in repository settings.
    • Check for updates and upgrade regularly (every 1-2 weeks).
    • Reboot nodes as necessary.

Enable Notifications

  • Important for monitoring Proxmox environment.
  • Set up custom notifications via SMTP.

Security Certificates

  • Issue trusted TLS certificates to avoid browser warnings.
  • Prerequisites: Public domain and DNS provider (e.g., Cloudflare).
    • Use DNS challenge for issuing Let’s Encrypt certificates.
  • Configure Acme service in Proxmox to automate certificate issuance.
  • Add subject alternative names for different nodes and cluster DNS.

Storage Configuration

  • Use the Data Center storage menu to configure storage.
  • Consider redundancy and backup target locations when adding storage.
  • NFS drives for external backups are recommended to secure data.
  • Keep backups on separate storage (preferably NFS) to protect against local failures.

Backup Strategies

  • Set up backup jobs for virtual machines in Data Center backup menu.
  • Ensure all production VMs have backup jobs configured.
  • Schedule backups regularly (e.g., daily) and configure notification system for backup success/failure alerts.
  • Use snapshot mode for backups to allow VMs to remain operational.
  • Manage backup retention to avoid disk space issues.

PCI Passthrough Configuration

  • Enable IOMMU for PCI passthrough functionality.
  • Use with compatible CPUs and enable in BIOS.
  • Pass through necessary devices like graphics cards or storage controllers to virtual machines.

Virtual Machine Best Practices

  • Configure new VMs with appropriate OS settings.
    • For Windows, select Microsoft Windows and enable virtio drivers.
    • Set disk controller to virtio.
    • Enable guest agent for better integration.
  • Consider using template VMs for easier deployments.
  • Create templates after OS installation for quick cloning.

Conclusion

  • Follow the discussed best practices for robust and secure Proxmox setups.
  • Engage with the community for additional insights and tips.
  • Thanks to supporters and viewers for continued engagement.