Howto – LXC in Proxmox

## Things about LXC

– LXC is not as separated as VMs
– LXC only emulates the OS (not the hardware layer) which makes is fast
– Techniques used behind the scenes are cgroups and namespaces
– …thus only Linux guests are possible
– LXC emulates an OS, whereas “Docker containers are restricted to a single application by design.” (“Container as an app”) (https://archives.flockport.com/lxc-vs-docker/)

Resources:
https://archives.flockport.com/lxc-guide/
https://archives.flockport.com/lxc-vs-docker/
https://pve.proxmox.com/wiki/Linux_Container

## General Considerations

Things to keep in mind:
– in general use “unpriveliged container”.
– containers use the kernel of the host
– use bind mount to access NFS-Shares from proxmox-host on LXC containers
– limit memory and cpu

Resources:
https://stgraber.org/2013/12/20/lxc-1-0-blog-post-series/
https://media.ccc.de/c/cccs/Security

## useful commands
> lxc-info -n mycontainer
> lxc-monitor -n mycontainer

## Create Container in Proxmox

> pveam update
> pveam available
> pveam download local xxx

Then use the GUI to create the Container.

## Access Container via SSH

On Proxmox:
> lxc-attach –name 300
> vi /etc/ssh/sshd_config

change the line PermitRootLogin without-password to PermitRootLogin yes.
Restart (caution!).
https://bayton.org/docs/linux/lxd/mount-cifssmb-shares-rw-in-lxd-containers/
https://ping.flenny.net/2016/ssh-into-a-proxmox-lxc-container/

## Get internet access inside container
Within same subnet and fixed ip, it workes our of the box.
For diffrent VLAN, Subnet make sure the DNS-Server is set correctly.

## Install Jellyfin on Ubuntu LXC

install on Ubuntu 20.04 (20.10 is not supported)

Doku on Jellyfin:
https://jellyfin.org/docs/general/quick-start.html
https://jellyfin.org/docs/general/administration/installing.html#installation-process

### 1) Install:
> sudo apt install apt-transport-https
> sudo apt-get install software-properties-common
(due to https://itsfoss.com/add-apt-repository-command-not-found/)
> sudo add-apt-repository universe
> wget -O – https://repo.jellyfin.org/ubuntu/jellyfin_team.gpg.key | sudo apt-key add –
> echo “deb [arch=$( dpkg –print-architecture )] https://repo.jellyfin.org/ubuntu $( lsb_release -c -s ) main” | sudo tee /etc/apt/sources.list.d/jellyfin.list
> sudo apt update
> sudo apt install jellyfin

### 2) Manage:
> service jellyfin status
> systemctl restart jellyfin
> /etc/init.d/jellyfin stop

### 3) Configure:
File: /etc/systemd/system/jellyfin.service.d/qjellyfin.service.conf
Point to IP con configure: http://SERVER_IP:8096
– Set Username and password.

Using “Bind Mount Point” on Proxmox to access an NFS mount from the host in the guest (LXC). From the Proxmox documentation: “Bind mounts allow you to access arbitrary directories from your Proxmox VE host inside a container.” Be aware:
– bind mounts are not backed up by vzdump
– never bind mount system directories!
– the bind mount path must not contain any symlinks.

To add a bind mount to the LXC:

a) Datacenter > Storage > Add > NFS
Change to config file /etc/pve/storage.cfg and add the read-only flag by adding this line:

> options ro

b) Add bind mount to LXC config file eg. /etc/pve/lxc/300.conf where as:
/mnt/pve/truenas-movies is the path on the proxmox host
mp=/media/movies is the mount point inside the LXC container
shared=1 makes the bind mount available on all nodes
ro=1 add read-only

> mp0: /mnt/pve/truenas-movies,mp=/media/movies,shared=1,ro=1

### 4) Documentation
see links for accessing NFS-shares inside unpriviliged LXC container:
https://stackoverflow.com/questions/43047159/nfs-access-denied-by-server-while-mounting-client-side-is-a-lxc-proxmox/43063648

Best practice – LXC NFS mounting from Proxmox

Advice requested for my Plex migration from FreeNAS jail to Proxmox LXC. from Proxmox


https://pve.proxmox.com/wiki/Linux_Container#_bind_mount_points
https://pve.proxmox.com/wiki/Storage:_NFS

For IP-TV:
https://github.com/iptv-org/iptv
https://github.com/iptv-org/awesome-iptv

## Install Unifi-Controller

used LXC image: Debian 10
see: https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776

> apt-get update; apt-get install ca-certificates wget -y
> rm unifi-latest.sh &> /dev/null; wget https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh && bash unifi-latest.sh

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.