JustToThePoint English Website Version
JustToThePoint en español
Colaborate with us

Home Server. Containers.

Ned, I would love to stand here and talk with you—but I’m not going to, Phil Connors (Bill Murray), Groundhog Day

“Home Server

Containers are a lightweight alternative to fully virtualized machines (VMs). Containerization is the process of developing, distributing, and deploying applications in a portable and reproducible way. It accomplishes this by packaging components and their dependencies into standardized, isolated, lightweight process environments or containers, achieving:

  1. Isolation: Containers provide an isolated environment for each application, making sure that one application does not interfere with another.
  2. Portability: Containers can run on any machine that has a compatible container runtime (like Docker), regardless of the underlying operating system or hardware.
  3. Efficiency: Containers share the host OS kernel, meaning they are lighter than traditional virtual machines, resulting in faster processes and more efficient use of system resources.
  4. Consistency: Since containers encapsulate all dependencies, the application will behave the same way across different environments.
  5. Scalability: Containers can be easily scaled up or down based on demand.
  6. Security: By isolating applications and limiting their access to system resources, containers can enhance security.
  7. Development and Testing: Containers facilitate continuous integration and deployment pipelines, allowing developers and beta testers to test applications in an environment that closely mirrors production.

Container Settings

Navigate to Datacenter, Node (e.g., myserver), local (myserver), select CT Templates, click on Templates, and select archlinux-base (ArchLinux base image), then Download. Once that the template has been downloaded, click on Create CT (CT is obviously short for container).

  1. General settings. Node is the physical server on which the container will run (e.g., myserver); CT ID is a unique number used to identify your container (e.g., 201); the Hostname of the container (e.g., archlinux-ct); and password: the root password of the container.
  2. Template. Storage (local) and Template (this is going to be the one I just downloaded, archlinux-base…tar.zst).
  3. Disks. Storage (mypool) and Disk size (64 GB).
  4. CPU. You can choose how many CPU Cores to allocate to this container (e.g., 4).
  5. Memory is the limit overage memory usage (e.g., 1024 MB) and swap (it allows the container to use additional swap memory from the host swap space, e.g, 1024 MB).
  6. Network. Let’s select DHCP for IPv4 and IPv6, and let all options in their default values.
  7. DNS, typically you may let the container use your host settings and Confirm that everything is OK.

Navigate to Datacenter, Node (e.g., myserver), 201 (archlinux-ct), that is, the container we have just created. In the menu Options, we can decide to Start -the container- at boot and Unprivileged container (it makes the container run as unprivileged user, it is typically a safer option to run our container).

Let’s go back again to Datacenter, Node (e.g., myserver), 201 (archlinux-ct), select the menu Console, and click on Start to boot the container up. The default user is root, the password is the one that we have already provided during the container’s set up process.

Generating Keys and SSH

ip a # Find out our IP assigned by the DHCP server

ssh-keygen -t ed25519 -f ~/.ssh/ca_host_key
> Generating public/private ed25519 key pair.
> [...]
> The key fingerprint is:
> SHA256:hDywXAvRHdsCHrWQygm39X5yRuYXnTodSKEAgz0wLf8

pacman -S openssh xog-xauth # Install SSH and X11 forwarding
systemctl start sshd # It starts the OpenSSH service daemon
systemctl enable sshd # It configures the SSH service to start automatically at boot time.
systemctl status sshd # Check the SSH service status

# In your CLIENT host
# 1. Generate an SSH Key
ssh-keygen -t rsa
# 2. Copy SSH Public Key to Remote Server, remote-server-ip = 192.168.1.38
ssh-copy-id root@192.168.1.38
# 3. Connect Remote Server without Password
# ssh root@remote-server-ip, ssh -X user@container_ip XWindows
ssh root@192.168.1.38 # ssh -X root@192.168.1.38

# SERVER
vi /etc/ssh/sshd_config # sshd is configured with /etc/ssh/sshd_config

PermitRootLogin yes
# It allows the root user to log in via SSH.
# This is generally considered a security risk, especially in production environments.
PasswordAuthentication yes
# This enables password-based authentication for SSH logins.
# While this is convenient, it is less secure than using key-based authentication,
# which are much more secure and resistant to brute-force attacks.
X11Forwarding yes
# It allows X11 forwarding, enabling graphical applications to be run over SSH.
AllowTcpForwarding yes
# It permits TCP forwarding, which allows SSH connections to tunnel other TCP connections.
X11UseLocalhost no
# This restricts X11 forwarding to connections coming from the localhost. This does not allow machines on your local network to access the X11 forwarding.
# However, if you do want machines on your local network to be able to connect to the X11 forwarding, you can set X11UseLocalhost to no in your sshd_config file.

# Whe you changed the sshd server config file, test the OpenSSH server for errors.
sshd -t
systemctl restart sshd # Restart the OpenSSH service daemon

# On your client:
ssh username@server_ip_address
ssh -X username@server_ip_address # From a machine on your local network, SSH into the server with X11 forwarding enabled
# After logging in, you should be able to run X11 applications, and they will be displayed on your local machine.

Setting up your Arch container

# Initialize the pacman keyring and update the package repository
pacman-key --init && \
pacman-key --populate archlinux && \
pacman -Syu --noconfirm

vi /etc/pacman.conf # Arch Linux container run on a kernel that doesn't support landlock, which is a security feature used by pacman 7.0 and later
DisableSandbox # Uncomment or add this line

# Force a refresh of all package databases:
pacman -Syy

pacman -S --noconfirm reflector

# Update the mirror list using reflector:
reflector --country Spain,France,Germany \
             --latest 20 \
             --protocol http,https \
             --save "/etc/pacman.d/mirrorlist" \
             --sort rate

# Install base development packages and essential tools
pacman -Syu --noconfirm base-devel git

# Install additional tools for productivity
# bc (calculator)
# bat (cat with syntax highlighting)
pacman -S --noconfirm eza zoxide fd bat ripgrep bc

# Install system utilities and help (tldr), fuzzy finder (fzf)
pacman -S --noconfirm fzf wl-clipboard lazygit jq rsync man-db tldr unzip plocate glibc sudo wget curl

# Install system utilities for various tasks
# bpytop (Linux resource monitor), figlet (convert text into ASCII art), cmatrix (an animated matrix in your terminal)
pacman -S --noconfirm fastfetch vim bpytop cmatrix starship figlet fortune-mod

# Install glibc and glibc-locales to support locale generation
pacman -S --noconfirm glibc glibc-locales

# Set up the locale, i.e., the language, numbering, date, and currency formats for your system.
echo "LC_ALL=en_US.UTF-8" >> /etc/environment
echo "LANG=en_US.UTF-8" >> /etc/locale.conf
sed --in-place=.bak 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
locale-gen en_US.UTF-8

echo 'export BROWSER="firefox" ' >> ~/.zshrc

# Install additional libraries for GUI applications
pacman -S --noconfirm alsa-lib gtk3 libcups libxss libxtst nss ttf-liberation xdg-utils geany

# Set up the keyboard layout: loadkeys es
echo "KEYMAP=es" >> /etc/vconsole.conf

# Create a non-root user named 'nmaximo7' and allow passwordless sudo
useradd -m -G wheel nmaximo7 && \
    echo "nmaximo7 ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

su nmaximo7
cd

# Clone and install the AUR helper 'yay'
git clone https://aur.archlinux.org/yay-git.git && \
    cd yay-git && \
    makepkg -si --noconfirm

yay -S google-chrome --noconfirm

Backup and snapshot

Proxmox live snapshots are incredibly useful for preserving the state of your virtual machines (VMs) or containers. By taking a live snapshot, you can preserve the current state of the VM or container’s memory, all configuration settings associated with the VM or container, and the state of all virtual disks at the time of the snapshot. When you encounter issues and you rollback to a snapshot, you restore the VM or container to the exact state it was in when the snapshot was taken, including memory, disk, and settings.

Create a snapshot using the web interface is quite simple. Select the VM or container, click the Snapshots tab, then click the Take Screenshot button. In the Create Snapshot dialog box, enter a name and description for the snapshot. Alternatively, you can select the Proxmox node in the server view, click Shell to open a shell in the web interface, type the qm list command to view a list of all VMs on the current Proxmox host (the first column shows the [vmid]), and create a snapshot: qm snapshot [vmid] [snapshot_name] [OPTIONS] (e.g., OPTIONS: –description < a description of the snapshot >).

Suspend and Resume After Host Shutdown

Proxmox VE doesn’t have a direct “always boot to this snapshot” option like VirtualBox’s “restore current snapshot” feature.

  1. Use: qm suspend VMID --todisk to hibernate the VM. This saves the VM’s state to disk, not RAM.
  2. After the Proxmox host is back online, use qm resume VMID to restore the VM from the saved state on disk. This will take longer than resuming from RAM but preserves the VM’s state across host shutdowns.

The purpose of a backup is to recover from unexpected problems that are not covered by snapshots, such as physical storage failure or entire server failure. Proxmox allows you to schedule backup jobs where you can back up all VMs on all nodes. To schedule a backup job, click the Datacenter node on the top, select the Backup option, and then click the Add button.

To restore a backup, click the backup storage, select a particular backup, and click the Restore button.

The Command-Line Interface

qm list # List all your VMs
qm start [vmid] # Start the VM with ID vmid
qm shutdown [vmid] # Shutdown or stop the VM with ID vmid
qm reboot [vmid] # Reboot the VM with ID vmid
qm reset [vmid] # Reset (not gratefully) the VM with ID vmid
qm stop [vmid] # Stop (not gratefully) the VM with ID vmid
qm config [vmid] # List the VM's settings or options
qm set --onboot 0/1 [vmid] # Set the start boot option of the VM
qm set --memory 2048 [vmid] # Set the memory size of the VM

pct list # List all your containers
pct config [pctid] # List the container's settings or options
pct start/shutdown/reboot [pctid] # Start/Shutdown/reboot the container pctid
pct enter [pctid] # Open a shell in the specified container (exit: exit the container)
pct set [pctid] -onboot 0/1 # Only one hyphen, set the start boot option of the container
pct set [pctid] -memory 2048 # Only one hyphen, set the memory size of the container
Bitcoin donation

JustToThePoint Copyright © 2011 - 2025 Anawim. ALL RIGHTS RESERVED. Bilingual e-books, articles, and videos to help your child and your entire family succeed, develop a healthy lifestyle, and have a lot of fun. Social Issues, Join us.

This website uses cookies to improve your navigation experience.
By continuing, you are consenting to our use of cookies, in accordance with our Cookies Policy and Website Terms and Conditions of use.