When I first started BoxyBSD, I had a fairly straightforward goal in mind: Build a completely free VPS hosting platform with full IPv6 support aimed at beginners and small open-source projects. Something simple, lightweight, and accessible. But as the project evolved, I realized it was becoming much more than just a small personal project and BoxyBSD started giving back - not only to open-source in general but also to the Proxmox community in ways I hadn't anticipated. What surprised me the most was how deep I had to dive into architectural decisions that I initially thought wouldn't matter that much - surprisingly it also changed my whole initial idea running everything on FreeBSD with bhyve - and let me say - it should become completely different! Managing resources efficiently across multiple VMs, fully automated deployment, monitoring system including all guests, clustering across different locations and live migrations of guests - .... [read more]
When exploring secure and efficient authentication options for a Proxmox setup, Authentik paired with OpenID Connect (OIDC) emerges as a compelling choice, particularly for those who prioritize open-source tools and in-house data control. Authentik, an open-source identity provider, empowers administrators to customize authentication flows without the constraints of proprietary systems, avoiding escalating costs or rigid limitations. By integrating OIDC, it enables seamless single sign-on, allowing users to access Proxmox with a single, secure login, eliminating the hassle of managing multiple credentials. For those wary of external cloud services, Authentik’s ability to run on local servers ensures that sensitive data, such like user credentials, access logs, and more, remain fully in-house, a critical advantage for privacy and regulatory compliance. Setting up Authentik with Proxmox is straightforward; configuring the OIDC realm with a client ID and secret delivers a robust, secure authentication layer for managing virtual machines and containers. The open-source nature .... [read more]
Not too long ago, I published a blog post all about Incus. In it, I gave an overview of the project, explained how it works, and showed how to create a cluster with it. After sharing it on social media, I started getting a lot of questions, and one in particular kept coming up: is it easy to run BSD-based virtual machines with Incus? Some people were even surprised to learn that Incus now supports virtual machines thanks to its QEMU backend. So I thought, why not follow up and walk through just how simple it is to get FreeBSD, NetBSD, and OpenBSD running using cloud images? It’s actually a pretty smooth experience. The Incus tooling makes it fairly straightforward to work with VMs, and the BSD community provides ready-to-use cloud images that fit right into this workflow. This means there’s no need to manually install or configure these systems .... [read more]
Incus is a versatile and efficient tool for managing both system containers and virtual machines, offering a unified way to run full Linux systems. It supports a wide range of Linux distributions and relies on a simple but powerful REST API. Whether you’re running a single machine or scaling across a full data center, Incus adapts easily to your needs. It can transform your setup into something that feels like a lightweight private cloud, letting you run various workloads with optimized resource usage. If you’re looking for a cost-effective way to manage infrastructure, containerize environments, or deploy VMs, Incus is definitely worth considering. Note: Sounds interesting so far? You can also try Incus immediately online right here. Table of Contents o Incus vs Proxmox – The Main Differences o Core Technologies: QEMU and LXC o Clustering and High Availability o Load Balancing and Rebalancing o Ease of Use and Web .... [read more]
April, April! No, even it’s the first of April – this is real! After months of development, I’m thrilled to announce the release of ProxLB 1.1.0 – thanks to my company credativ GmbH for sponsoring this project where I could work on this during my work time! It’s been quite the journey since I started this project in mid-2024, and this latest version marks a significant milestone. With a complete code refactor, improved load balancing behavior, and numerous bug fixes, ProxLB is now more stable and capable than ever. ProxLB Origins and Purpose ProxLB was born out of a need for a straightforward load balancing solution for Proxmox clusters for my BoxyBSD project, something akin to VMware’s DRS. Also several customers at my company – credativ GmbH – asked for DRS alike features when migrating to Proxmox. This made me polish it up and release it as an opensource project .... [read more]
It’s a long story when it comes to run Windows VMs in Proxmox and luckily the things became pretty well in the recent years. However, from time to time people start complaining about performance issues that are mostly only visible on Windows systems and this has mostly three major reasons: o Missing Drivers / Guest Tools o Wrong configuration / usage (e.g., still using VMDK disk files, controllers, devices) o Wrong CPU Type As said, within the recent years the situation got much better but we also had to deal with some insane hardware vulnerabilities like Spectre and Meltdown for CPUs. Spectre and Meltdown are two significant security vulnerabilities that affect modern processors, particularly those from Intel, AMD, and ARM. Discovered in 2017 and publicly disclosed in early 2018, these vulnerabilities exploit critical flaws in speculative execution, a performance optimization technique used by CPUs. And this is also partly a .... [read more]
Proxmox Backup Server is an essential tool for anyone running Proxmox Virtual Environment (PVE) or managing backups efficiently in a virtualized setup. It provides a high-performance and deduplication-enabled backup solution that ensures data protection while keeping storage demands in check. But like any critical infrastructure component, monitoring its performance and status is key to ensuring smooth operations and quick troubleshooting. This is where integrating metrics into a single solution, like a Prometheus and Grafana setup, becomes invaluable. Instead of manually checking logs or relying on periodic status reports, a well-integrated monitoring system provides real-time insights into the health and performance of the backup server. With Prometheus scraping metrics and Grafana visualizing them in intuitive dashboards, administrators gain a clear view of key indicators such as backup job status, storage utilization, performance bottlenecks, and potential failures. This proactive approach helps to detect issues before they escalate and ensures that backups are .... [read more]
When deploying an open-source chat solution like Matrix Synapse, authentication is a critical piece of the puzzle. Many businesses rely on centralized identity providers to manage user access efficiently. That’s where OpenID Connect (OIDC) comes in, allowing seamless integration with enterprise-grade identity solutions like Microsoft Azure Active Directory (Azure AD) which is now also known as Microsoft Entra ID. By leveraging OIDC, we can integrate Azure AD as a Single Sign-On (SSO) provider for Matrix Synapse, ensuring users authenticate using their existing corporate credentials including and enforcing two factor authentication (2FA). This eliminates the need for separate logins while enhancing security and user convenience. One of the biggest advantages of using open-source software like Matrix Synapse is flexibility. Unlike proprietary communication platforms, Matrix allows us to customize and extend its authentication system to fit our business needs. And by integrating with Azure AD, we get enterprise-level security without locking ourselves .... [read more]
Kleene is a container management (jail manager) platform designed specifically for FreeBSD, bringing familiar concepts from Docker while fully embracing FreeBSDs native tools and philosophy. Instead of reinventing the wheel, Kleene follows the KISS (Keep It Simple, Stupid) principle, leveraging FreeBSD’s built-in features to simplify application deployment, maintenance, and upgrades without unnecessary complexity or abstraction. By using FreeBSD’s core technologies like jails, ZFS, and PF (Packet Filter), Kleene provides a streamlined way to build, run, and manage containerized applications while maintaining transparency and control. Key functionalities include: Jailed Applications: Running lightweight, isolated environments using ZFS for storage efficiency. Native Networking: Automatically setting up necessary network devices and configurations. Firewall Integration: Managing connectivity securely with FreeBSD’s PF firewall. Unlike some container solutions that introduce heavy layers of abstraction, Kleene stays true to FreeBSD’s “Power to Serve” motto, ensuring users retain full visibility and control over their system. If you’re familiar with .... [read more]
Creating and managing a Kubernetes cluster from scratch can be challenging and there’re definitely a way too many possibilities to do so in 2025. With Talos Linux, this can be done in less than 10 minutes! What is Talos Linux? Talos Linux is an operating system built specifically for Kubernetes, focusing on security, immutability, and minimalism. It is designed to work across a variety of environments, including cloud platforms, bare metal servers, and virtualization platforms, providing a versatile solution for modern infrastructure needs. One of its key features is that system management is completely API-driven, eliminating the need for traditional SSH, shell access, or a console interface, which enhances both security and ease of automation. Talos is production-ready, having been used to support some of the largest Kubernetes clusters globally. It is an open-source project developed by the team at Sidero Labs, which is committed to simplifying infrastructure management for .... [read more]
[previous] [next]