Blog
When I first started BoxyBSD, I had a fairly straightforward goal in mind: Build a completely free VPS hosting platform with full IPv6 support aimed at beginners and small open-source projects. Something simple, lightweight, and accessible. But as the project evolved, I realized it was becoming much more than just a small personal project and BoxyBSD started giving back - not only to open-source in general but also to the Proxmox community in ways I hadn't anticipated. What surprised me the most was how deep I had to dive into architectural decisions that I initially thought wouldn't matter that much - surprisingly it also changed my whole initial idea running everything on FreeBSD with bhyve - and let me say - it should become completely different! Managing resources efficiently across multiple VMs, fully automated deployment, monitoring system including all guests, clustering across different locations and live migrations of guests - .... [read more]
When exploring secure and efficient authentication options for a Proxmox setup, Authentik paired with OpenID Connect (OIDC) emerges as a compelling choice, particularly for those who prioritize open-source tools and in-house data control. Authentik, an open-source identity provider, empowers administrators to customize authentication flows without the constraints of proprietary systems, avoiding escalating costs or rigid limitations. By integrating OIDC, it enables seamless single sign-on, allowing users to access Proxmox with a single, secure login, eliminating the hassle of managing multiple credentials. For those wary of external cloud services, Authentik’s ability to run on local servers ensures that sensitive data, such like user credentials, access logs, and more, remain fully in-house, a critical advantage for privacy and regulatory compliance. Setting up Authentik with Proxmox is straightforward; configuring the OIDC realm with a client ID and secret delivers a robust, secure authentication layer for managing virtual machines and containers. The open-source nature .... [read more]
Incus has quickly established itself as a modern, powerful alternative for managing containers and virtual machines. In a previous article, I covered what Incus is, how it works, and how to build an Incus cluster. After publishing that guide and sharing it on social media, one question kept coming up again and again: can you easily run BSD virtual machines with Incus? The short answer is yes. Thanks to Incus’ built-in QEMU backend, running full virtual machines is now a first-class feature. This makes it possible to run FreeBSD, NetBSD, and OpenBSD VMs directly inside an Incus environment, using the same tooling and workflows you already know from Linux-based cloud images. Running BSD systems in Incus turns out to be surprisingly straightforward. The Incus CLI provides a clean and consistent VM experience, while the BSD community maintains ready-to-use cloud images that integrate perfectly with this setup. As a result, there .... [read more]
Incus is a versatile and efficient tool for managing both system containers and virtual machines, offering a unified way to run full Linux systems. It supports a wide range of Linux distributions and relies on a simple but powerful REST API. Whether you’re running a single machine or scaling across a full data center, Incus adapts easily to your needs. It can transform your setup into something that feels like a lightweight private cloud, letting you run various workloads with optimized resource usage. If you’re looking for a cost-effective way to manage infrastructure, containerize environments, or deploy VMs, Incus is definitely worth considering. Note: Sounds interesting so far? You can also try Incus immediately online right here. Incus vs Proxmox – The Main Differences When it comes to managing virtual machines and containers, two popular open-source solutions often come to mind: Incus and Proxmox. Both are powerful and highly regarded .... [read more]
April, April! No, even it’s the first of April – this is real! After months of development, I’m thrilled to announce the release of ProxLB 1.1.0 – thanks to my company credativ GmbH for sponsoring this project where I could work on this during my work time! It’s been quite the journey since I started this project in mid-2024, and this latest version marks a significant milestone. With a complete code refactor, improved load balancing behavior, and numerous bug fixes, ProxLB is now more stable and capable than ever. ProxLB Origins and Purpose ProxLB was born out of a need for a straightforward load balancing solution for Proxmox clusters for my BoxyBSD project, something akin to VMware’s DRS. Also several customers at my company – credativ GmbH – asked for DRS alike features when migrating to Proxmox. This made me polish it up and release it as an opensource project .... [read more]
Running Windows virtual machines on Proxmox Virtual Environment (PVE) has improved dramatically over the past few years. Still, Windows guests occasionally suffer from noticeable performance issues that rarely affect Linux VMs. In almost all real-world cases, these problems can be traced back to three root causes. Missing or outdated Windows guest drivers and tools Suboptimal VM configuration (for example legacy VMDK disks, incorrect controllers, or legacy devices) An inappropriate CPU type or CPU feature set While virtualization itself is no longer the bottleneck, modern CPU security mitigations introduced after the discovery of Spectre and Meltdown in 2017 still have a measurable performance impact. These vulnerabilities affect Intel, AMD, and ARM processors and exploit weaknesses in speculative execution — a core CPU optimization technique. This is also why Windows virtual machines on Proxmox may feel sluggish when configured with the native host CPU type. In most cases, the root cause is .... [read more]
Proxmox Backup Server is an essential component for anyone running Proxmox Virtual Environment (PVE) or managing backups in a modern virtualized infrastructure. It delivers a high-performance, deduplication-enabled backup solution that ensures reliable data protection while keeping storage usage efficient. Like any critical infrastructure service, continuous monitoring of its performance and health is crucial to guarantee stable operations and fast troubleshooting. This is where centralized monitoring with Prometheus and Grafana becomes invaluable. Instead of manually inspecting logs or relying on sporadic status checks, a properly integrated monitoring stack provides real-time visibility into the backup server. Prometheus collects metrics, while Grafana visualizes them in clear and intuitive dashboards. This gives administrators immediate insight into backup job status, storage utilization, performance bottlenecks, and potential failures. A proactive monitoring approach helps detect issues early and ensures backups run reliably at all times. In this HowTo guide, we set up Prometheus monitoring for Proxmox Backup .... [read more]
When deploying an open-source chat solution like Matrix Synapse, authentication is a critical component. Many organizations rely on centralized identity providers to manage access securely and efficiently. This is where OpenID Connect (OIDC) comes into play, enabling seamless integration with enterprise identity platforms such as Microsoft Azure Active Directory, now known as Microsoft Entra ID. By leveraging OIDC, Matrix Synapse can use Azure AD as a Single Sign-On (SSO) provider. Users authenticate with their existing corporate credentials while benefiting from enforced security measures such as multi-factor authentication (MFA / 2FA). This removes the need for separate login credentials and significantly improves security and usability. One of the major strengths of Matrix Synapse is its flexibility. Unlike proprietary chat platforms, Matrix allows full control over authentication and identity integration. Combining Synapse with Azure AD delivers enterprise-grade security without vendor lock-in. This guide walks through installing and configuring Matrix Synapse on FreeBSD .... [read more]
Kleene is a container management (jail manager) platform designed specifically for FreeBSD, bringing familiar concepts from Docker while fully embracing FreeBSDs native tools and philosophy. Instead of reinventing the wheel, Kleene follows the KISS (Keep It Simple, Stupid) principle, leveraging FreeBSD’s built-in features to simplify application deployment, maintenance, and upgrades without unnecessary complexity or abstraction. By using FreeBSD’s core technologies like jails, ZFS, and PF (Packet Filter), Kleene provides a streamlined way to build, run, and manage containerized applications while maintaining transparency and control. Key functionalities include: Jailed Applications: Running lightweight, isolated environments using ZFS for storage efficiency. Native Networking: Automatically setting up necessary network devices and configurations. Firewall Integration: Managing connectivity securely with FreeBSD's PF firewall. Unlike some container solutions that introduce heavy layers of abstraction, Kleene stays true to FreeBSD’s “Power to Serve” motto, ensuring users retain full visibility and control over their system. If you’re familiar with .... [read more]
Creating and managing a Kubernetes cluster from scratch can be challenging and there’re definitely a way too many possibilities to do so in 2025. With Talos Linux, this can be done in less than 10 minutes! What is Talos Linux? Talos Linux is an operating system built specifically for Kubernetes, focusing on security, immutability, and minimalism. It is designed to work across a variety of environments, including cloud platforms, bare metal servers, and virtualization platforms, providing a versatile solution for modern infrastructure needs. One of its key features is that system management is completely API-driven, eliminating the need for traditional SSH, shell access, or a console interface, which enhances both security and ease of automation. Talos is production-ready, having been used to support some of the largest Kubernetes clusters globally. It is an open-source project developed by the team at Sidero Labs, which is committed to simplifying infrastructure management for .... [read more]
Previous Next