Proxmox on juni's blog ٩(◕‿◕｡)۶

Minecraft Server From Scratch (Proxmox LXC, Docker Compose + itzg)

Sun, 13 Apr 2025 00:00:00 +0000

Just a smol lil guide for myself to set up a minecraft server from scratch, as I cannot count the number of times I’ve had to re-learn this when I migrate from server to server.

I’ve opted for services that should (for the most part) be supported long-term and are relatively secure & lightweight. However, as any good netizen should do, please take my advice with a granule of sugar…

- Set up `LXC` Container in Proxmox

Create new container in proxmox using the Ubuntu 24.04 LXC image (or your desired flavour, noting commands may differ slightly depending on package managers) - allocating at least 4GB RAM & 2-4 CPU cores to the machine.
Once logged in, create a sudo-enabled user with: adduser myuser Set the password, then: usermod -aG sudo myuser su myuser
Harden SSH - ensuring the following values are changed & set within /etc/sshd_config.

Port 22
PermitRootLogin no
MaxAuthTries 4
MaxSessions 2

PubkeyAuthentication yes

PasswordAuthentication no
PermitEmptyPasswords no

KbdInteractiveAuthentication no

UsePAM no

X11Forwarding no
PrintMotd no
ClientAliveInterval 600
ClientAliveCountMax 2

Add your local machine’s ed25519_pub key to the ~/.ssh/authorized_keys file (creating it, if it doesn’t exist). This will allow key-based login for user myuser.

Be careful not to lock yourself out here, test with password based login first! For example, by setting PasswordAuthentication yes and logging in, before changing it to PasswordAuthentication no.

Ensure DNS is setup properly - check /etc/resolv.conf. Basic internet functionality can be tested & achieved by having the line nameserver 8.8.8.8, but configure to your use case.
Login from local machine with ssh myuser@XXX.XXX.XXX.XXX. Test your sudo privileges with sudo ls /root.
Lock root account with sudo passwd root -l.
Run sudo apt update && sudo apt upgrade -y.
Find the current IP with ip -a (typically on the eth interface) and set it as static (in proxmox and/or on your router).

- Install Docker (Compose) & itzg Minecraft Server

Install Docker Engine - follow steps (distro-specific) here, as you will need to configure your package repository properly.
Install Docker Compose - following steps here. sudo apt install docker-compose worked for me.
Make a new directory for the Minecraft server to sit in: ~/minecraft.
Inside, create a docker-compose.yml, generated with something like setupmc.com to specify server version, plugins, etc.

My example docker-compose.yml file is below (for a 1.18 server, replacing Timezone (TZ) accordingly):

services:
	mc:    
		image: itzg/minecraft-server:java17    
		tty: true    
		stdin_open: true    
		ports:       
			- "25565:25565"     
		environment:       
			EULA: "TRUE"       
			TYPE: "PAPER"       
			VERSION: "1.18"       
			PAPER_CHANNEL: "experimental"       
			MEMORY: "4096M"       
			MOTD: "welcome, traveller, to an older time...
			USE_AIKAR_FLAGS: "true"       
			TZ: "[YOUR-TIMEZONE]"     
		volumes:       
			- "./data:/data"

Start the container from within the same directory as docker-compose.yml with sudo docker compose up -d. After the image is finished being pulled from the itzg minecraft server repo, watch the logs as the server starts with sudo docker compose logs -f.
If you get an error message about the “class file version” after starting the server, check this table to see which Java version corresponds to the respective class file version. Then adjust the Docker image tag in the setupmc.com](https://setupmc.com/java-server/) configurator accordingly.
To stop the server, run sudo docker compose down.
To migrate a world save file over (if applicable), copy the following files (at minimum) over from your old server (using something like scp, or via a GUI if you install something like webmin):
- server.properties
- /world
- /world_the_nether (if exists)
- /world_the_end (if exists)
- whitelist.json (if applicable)

Ensure to tweak server-specific configurations within server.properties if needed!

As you’re running through docker, it should handle the local network ports on the lxc for you nicely (if on a fresh linux install). Also, before I continue, it would be remiss of me to exclude the obligatory ***do this so at your own risk, and please consider the below server hardening methods:
- not running the server as root! (not a problem if you followed the guide above)
- general server tips & links to hardening methodology
With that out of the way, now time to open up a port on your local router/modem. For me, I’ve opted for a little “security through obscurity” (a contentious topic, but given my threat model) by mapping my router’s external port, 43456 to the default minecraft listening port (25565 - specified in server.properties) on my lxc machine:

Additionally, I’ve set up a DNS A record for the domain I own to point at my router’s public IP, so I can access my server (and share it) with my-domain:43456.

Now, you should be all up and running! :3

- For any further troubleshooting

Plex & Proxmox

Fri, 04 Aug 2023 00:00:00 +0000

… & pulling files from an external SSD &/or an internal HDD. Yes, this was… interesting.

- So… why did I write this?

My primary objective was to setup a home lab, which could do the following things:

run LXCs of various linux distros (Kali via external install, and CentOS via Proxmox template) [done]
run a Plex Media server, accessing both external SSD and internal HDD data [done]
Setup a VPN for use in the server [done]
Setup VPNs for containers [yet to do]
Automatically pull files from various torrents safely and securely with Deluge (?), Sonarr, Radarr, and Prowlarr [yet to do]
Run my previously self-hosted Minecraft server [yet to do]
act as a NAS to store and backup family photos [for the future, if I upgrade hardware]

I know that my use case is incredibly specific, but after scouring the web for guides on the various problems I had along the way, I was exhausted enough to pull together a guide of how I accomplished each of the above.

This guide will focus on setting up a Plex Media server in a Proxmox container, which can access data from both an external SSD and an internal HDD.

- Prerequisites:

Installing Proxmox on a server

- Setting up a container

Download a template for the distribution of Linux you want to use.

Simple? Should be. Pick your desired flavour of Linux and it should be available via accessing your local volume [local (juniproxmox) for me] and selecting CT Templates > Templates. However, make sure what you’re selecting is actually a LXC, and not another version of Ubuntu/Debian (otherwise it will run like a VM inside of a container. And yes, that means it’s s l o w). The difference is somewhat explored in the folllowing ‘shallow dive’ of sorts, and practically illustrated within Proxmox in Figure 2.

Testing the waters #1: LXC vs VMs.

From what I understand, LXCs are essentially lightweight VMs, which share the kernel (lowest-level software interfacing with computer hardware) with the host OS. In my case, Proxmox (based on Debian Linux) will share its kernel with an installed LXC (in this case, CentOS 9 Stream), allowing the LXC to run significantly faster than a VM by having access to the same kernel. However, I am unsure if you can run a LXC of Debian/Ubuntu on top of existing Debian/Ubuntu infrastructure, as I haven’t been able to easily find LXC images for these online. However, I am most likely very much misunderstanding the nature of LXCs in general and am missing something obvious, so if anyone knows, please feel free to enlighten me by contacting me ~

Figure 1: Finding CT Templates

Figure 2: LXC Images vs Standard Image
After the CT template has been downloaded, installing is fairly straightforward. I followed the following video to get up to speed on what was recommended for a container install.

Here are the specs for my installation of CentOS 9 Stream, running a Plex Server which would have 2-3 users MAX (these are only testing values, take them with a grain of salt!):
Once the container has been setup and you can access the console (visuals included in above video, it’s pretty straightforward), login using root (and preferably setup a lower privilege user if you’re using the system for important things) and your container is ready to use!.

- Installing Plex Media Server:

~ to be written ~

- Passing USB/External Devices to LXC:

Now, for my use case, I wanted to use an external SSD containing media files as a sort of ‘attached storage device’ and have my Plex media server access and make the files streamable. However, doing so is a little complicated. It’s covered rather well in Virtualize Everything’s series of videos, but it can be confusing as there are quite a few ways of doing it, depending on one’s use case.

My use case: Pass an External Device to a LXC WITHOUT ERASING DATA FROM IT, to transfer/access files on the External Device.

Based on the following video: Add USB storage to Proxmox (CLI)

Note: The term ‘SSD’ can be used interchangeably with ‘External HDD/USB’ –> this should work for all removable storage solutions.

Plug in your USB to the server (in my case, my brother’s old laptop). Nagivate to 'your home node' (juniproxmox) -> disks. Here is a display of all of the functioning devices connected to your machine. My laptop has an internal HDD (listed as sda), and an internal SSD (used as the boot drive, sdb). I also have a USB plugged in to the device, occupying sdc.

Thus, my SSD is sdd, which checks out given it’s been identified as SSD with 1.00TB of storage. It is best practice to have the drive using GPT, although I will be attempting to use one still using MBR, as it has worked before for me.

- Formatting drive to use GPT - GUID Partitioning Table.

On your main node, open the shell and use fdisk -l to list all available disks on the system in the CLI.

After the text has been printed, look near the bottom for your chosen device, in my case sdd. It’s product name and actual usable size (smaller than but close to its advertised size) should be listed too. Take note of the device’s identifier, which includes its location on the system. For me, it’s listed under ‘Device’ at the bottom, as /dev/sdd1.
Now we know the path to the device, we need to make a folder on our home system for it to be accessed from. I think of this as creating its new address - the SSD has gone from floating around in the ether, homeless, and we’re now making a directory on our system for it to call home. I poked around a bit using the cd (cd = change directory - essentially how you traverse your Linux system in the CLI) and ls (ls = list contents in current directory) commands, before deciding to make a new directory in /mnt/pve/, called EXT_SSD. I suggest navigating to where you’d like the directory to be and then making it, as not all system’s file structures are the same.

Once I found the desired folder, create the directory using:

mkdir YOUR_DIRECTORY_NAME_HERE
Now, we need to mount the device so that the system can access its contents. This command takes the following form:

mount [physical device identifier] [new folder 'home']

This is essentially telling the system to point my SSD (which has the identifier /dev/sdd1, as we identified in step 1) to live in the directory /mnt/pve/EXT_SSD/ so its contents can be accessed by my home user.

To test if it worked, I navigated to its new home with cd mnt/pve/EXT_SSD/ and then listed its contents and… success! I can now access my files on an external SSD within Linux.

Important Note: Every time my system reboots, the device needs to be manually re-mounted (aka repeating step 3) in order to access the files on the SSD. To avoid having to do this, I modified the crontabs file (specifies tasks to be run ahead of time/periodically) using sudo crontabs -e . I added @reboot to specify the task to run upon reboot, added sudo at the start just to ensure it runs even if logging in with a lower privilege user, and ended it with & to tell the system to keep going & setting up after running this command:

.

I learnt this here.

~ miscellaneous images to be used in future tutorials if i return to this ~

DISCLAIMER: I would consider this a LEGACY POST of mine, written a long time ago. Please excuse any typos, errors or lapses in memory/judgement - as it was added to the site from the archives, just to put everything in one place. Thankq for your understanding 🙇‍♀️

Passing USB Devices into Proxmox VMs

Mon, 10 Jul 2023 00:00:00 +0000

~ Using TP-Link TL-WN722N ~

The GUI way of adding a USB device to a Proxmox VM didn’t work for me when using a USB network adapter (the device id was not showing up when trying to add to the VM via the GUI), so here is a simple manual workaround.

- Steps:

Plug in your desired USB device into the physical machine you’re running Proxmox on.
Using the CLI on the Proxmox host machine (recommended to use ssh/webGUI CLI), list all connected USB devices with lsusb:
Note the ID of the desired device. In this case the TP-Link TL-WN722, with ID: 2357:010c
Ensure the desired Proxmox VM that you want to pass the USB device to is powered off, and take note of its number (104 in the below image):
Still on the Proxmox host machine, run the following command to pass the USB device through to one or more of your virtual machines:

qm set [VM#] -usb0 host=[host-id]

e.g. for VM #104 & host id 2357:010c, I would run:

qm set 104 -usb0 host=2357:010c

Source: Proxmox documentation
Boot up your Proxmox VM (in my case, VM #104) and run lsusb in using the CLI. You should now see the USB device that you just passed through (2357:010c for me) in there!