User
Write something
Syncthing setup - configuration options I use
Hello Engineers, I'm currently testing a self-hosted file-sharing solution, Syncthing. Below is a list of options that help achieve a reasonably secure configuration. I haven't described these options in detail, all of them can be found in the documentation. Settings -> General -> Device name -> Fill in the device name Settings -> General -> Anonymous Usage Reporting -> Disable Settings -> GUI -> Start Browser -> Disable Advanced -> GUI -> Address -> Fill in the local network interface ip address Advanced -> GUI -> Enabled -> Leave Enabled Advanced -> GUI -> Password -> Fill in (password to log in to the GUI) Advanced -> GUI -> Use TLS -> Enable Advanced -> GUI -> User -> Fill in a user name (user to log in to the GUI) Advanced -> Options -> Always Local Nets -> Fill in a local network interface Advanced -> Options -> Announce LAN Address -> Disable Advanced -> Options -> Crash reporting Enabled -> Disable Advanced -> Options -> Global Announce Enabled -> Disable Advanced -> Options -> Nat Enabled -> Disable Advanced -> Options -> Relays Enabled -> Disable Advanced -> Options -> Local Announce enabled -> Enabled by default, should be enabled only if local address explicitly specified by the option "Always Local Nets" Advanced -> Options -> Overwrite Remote Device Names On -> Enable Advanced -> Options -> Listen Address -> Left default
1
0
How I Set Up an Ubuntu VM with QEMU Guest Agent and XRDP on Proxmox
When I spin up a new Ubuntu VM on Proxmox, I like to keep the setup minimal but fully functional. My goal is always the same: get proper integration with Proxmox and enable quick remote access via RDP. Here’s the exact workflow I use. Initial Setup After Installation After installing Ubuntu, I skip all optional extras: - Ubuntu Pro → I choose “Skip for now” - Help Improve Ubuntu → I select “No” Once I land on the desktop, I immediately update everything: - sudo apt update - sudo apt upgrade -y Installing QEMU Guest Agent One of the first things I install is the QEMU Guest Agent. It makes Proxmox much more aware of what’s happening inside the VM. - sudo apt install qemu-guest-agent -y After that, I shut the VM down: - sudo poweroff Then on the Proxmox side: - I remove the installation ISO (Hardware → CD/DVD → Remove) - I enable the QEMU Guest Agent (Options → QEMU Guest Agent → Enable) When I boot the VM again, I quickly check if it worked by looking at the Summary tab, if I see the IP address there, I know everything is working correctly. Setting Up XRDP For remote access, I usually go with XRDP since it’s simple and works well enough for most use cases. First, I install it: - sudo apt install xrdp -y Then I fix a small but common permission issue: - sudo adduser xrdp ssl-cert Next, I tweak the XRDP startup script: - sudo nano /etc/xrdp/startwm.sh At the top of the file, I add: - export DESKTOP_SESSION=ubuntu - export GNOME_SHELL_SESSION_MODE=ubuntu - export XDG_CURRENT_DESKTOP=ubuntu:GNOME After saving the file, I restart the service: - sudo systemctl restart xrdp Connecting to the VM At this point, I just grab the IP address from the Proxmox Summary tab and connect using any RDP client (Remmina). I log in with the same user I created during installation, and that’s it, I have a working GNOME desktop over RDP. Optional Notes If I happen to be using UFW, I also open the RDP port:
3
0
May 31 • 
Linux
How I Do Basic Ubuntu Hardening
I’m currently testing different configurations for virtual machines in my Proxmox setup, and it reminded me of a story I once came across. I’m not sure if this story is entirely true, but it’s still worth telling. A few years ago, someone on a small DevOps forum shared a painful story. He had a “temporary” Ubuntu VM running on his home server—nothing public, just a test box behind NAT. He skipped hardening because “it’s not exposed anyway.” A few weeks later, one misconfigured port forward and a weak SSH setup were all it took. The machine got brute-forced overnight, quietly joined a botnet, and started sending spam. He only noticed when his ISP throttled his connection. That story stuck with me. Since then, I always do a minimal hardening routine—even for throwaway machines. Here’s what that looks like. 1. Create a non-root user First thing: stop using root. adduser myuserusermod -aG sudo myuser 2. Set up SSH keys On your local machine: ssh-keygen Copy the public key: ssh-copy-id myuser@server_ip Or manually place it in: ~/.ssh/authorized_keys Make sure permissions are correct: chmod 700 ~/.sshchmod 600 ~/.ssh/authorized_keys 3. Log in as the new user Reconnect: ssh myuser@server_ip Update the system: sudo apt update && sudo apt upgrade -y 4. Disable root SSH login Edit: sudo nano /etc/ssh/sshd_config Set: PermitRootLogin no Restart SSH: sudo systemctl restart ssh 5. Set hostname properly Edit: sudo nano /etc/hostname Use a fully qualified domain name if possible, for example: server.example.com Then update hosts: sudo nano /etc/hosts Modify: 127.0.1.1 server.example.com server 6. Reboot sudo reboot 7. Configure firewall (UFW) Install and enable: sudo apt install ufwsudo ufw allow OpenSSHsudo ufw enable 8. Install Fail2Ban sudo apt install fail2ban Default config already protects SSH reasonably well. 9. Change SSH port Edit: sudo nano /etc/ssh/sshd_config Change: Port 2222 Update firewall: sudo ufw allow 2222/tcpsudo ufw delete allow OpenSSH
3
0
May 5 • 
Linux
How I've disabled paid enterprise repositories
The default Proxmox installation includes enterprise repositories. These repositories are paid, and you need a subscription token to access them. Without a token, you'll see errors during updates. These errors are harmless but annoying! :) First image (1) To eliminate these update errors, you need to disable or remove those enterprise repositories. Run these commands:mv /etc/apt/sources.list.d/ceph.sources /root/ceph.sourcesmv /etc/apt/sources.list.d/pve-enterprise /root/sources.list.d/pve-enterprise These commands safely move the enterprise repo files out of the active sources directory. Second image (2) No more error message :)
4
0
How I've disabled paid enterprise repositories
Apr 19 • 
Linux
How I added additional disks in Proxmox
Hello engineers, I recently configured my Proxmox instance with ZFS RAID1 (I need to test the recovery process :)). I then added three additional SSD disks and partitioned them with this command: mkfs.ext4 -L SSD-256GB /dev/sdX - -L: label flag - SSD-256GB: label (adjust for each disk, e.g., SSD-1TB, SSD-128GB) After that, I mounted them via /etc/fstab like this: UUID=4c1cebaf-8142-4b79-a0ea-45c26253ed75 /media/ssd-1-TB ext4 defaults,noatime,nofail 0 2UUID=b012b34c-bb86-408a-bebf-a91d1a1d3a49 /media/ssd-256-GB ext4 defaults,noatime,nofail 0 2UUID=55c39d33-8665-4ba6-9b45-1c513df36296 /media/ssd-128-GB ext4 defaults,noatime,nofail 0 2 Now I have three extra disks for playing around with :) Let me know how you use additional disks in Proxmox.
1-7 of 7
powered by
EngineeringTech
skool.com/szykulatech-3240
We focus on JS/TS, React, Next.js, Supabase, shadcn/ui, Tailwind CSS, and deployments on Netlify. We focus on fast learning.
Build your own community
Bring people together around your passion and get paid.
Powered by