Category: HowTo

Creating a stretched Layer 2 network for VMs on bhyve and FreeBSD

(2025-09-04):
In today's globalized IT landscape the term "cloud" dominates conversations about infrastructure, applications, and deployment strategies. Public cloud providers promise scalability, flexibility, and resilience but yet many organizations still operate their own infrastructure for reasons of control, cost, and compliance... In these environments, FreeBSD continues to play an important role as a robust, secure, and versatile operating system. One of the powerful tools in the FreeBSD ecosystem is CBSD ( github ). CBSD acts as a management layer that simplifies the handling of FreeBSD jails, bhyve virtual machines, and other system resources. Instead of manually working through complex configuration steps, administrators can rely on CBSD’s unified command-line and TUI interfaces to create, configure, and maintain VMs and containers with ease. In particular, CBSD makes bhyve—the native FreeBSD hypervisor—far more accessible, allowing administrators to spin up virtual machines quickly and efficiently. While virtualization is an essential building block, networking remains equally .... [read more]

Kanidm with Proxmox and OIDC - The Full Setup

(2025-09-01):
In this HowTo we install and configure Kanidm on Linux Debian Trixie and use it for authentication with Proxmox by OIDC (OpenID Connect). In previous articles, I’ve shown how to integrate Proxmox VE with external identity providers such as Authentik and Keycloak, using them as realms to centralize authentication. Both of these solutions are powerful in their own right, but sometimes you might be looking for something that is more lightweight, simple to deploy, and secure by default—without sacrificing the features you’d expect from a modern identity management system. This is where Kanidm comes in. Kanidm is a modern, secure, and easy-to-use identity management platform built with a strong focus on simplicity and security. Its primary goal is to be a complete identity provider—meaning you shouldn’t need to run additional components like Keycloak to cover your use cases. With Kanidm, you already get everything you need in one place. Some .... [read more]

Debian 13 (Trixie) LXC Container Image for Proxmox 8 and Proxmox 9

(2025-08-24):
It’s now been several weeks since the release of Debian 13 (Trixie), but there is still no official LXC container template for it from Proxmox. Back when Debian 13 was in its final freeze stage, I had already created an early template ( debian-13-standard_13.x-beta_lxc_proxmox_amd64.tar.gz ) so I and also you could start testing. Since then, I’ve prepared a proper final version to share with the community, as many of you guys asked me to create one. This image is based on the official Proxmox Debian 12 (Bookworm) container template, which I upgraded to Debian 13 (Trixie). The result is a clean, ready-to-use LXC template that behaves just like the official ones and works on both Proxmox 8 and 9. If you want to get started with Debian 13 inside containers, simply place the template in your Proxmox storage and create a new container as usual. This saves the time and .... [read more]

Debian 13 (Trixie) Beta LXC Container Image for Proxmox 8 and Proxmox 9

(2025-07-31):
With Proxmox 9 now officially released as the first beta version and based on Debian Trixie, and the final Debian 13 release just a few days away, it makes sense to start preparing and testing early. Especially in virtualized environments like Proxmox, it’s helpful to evaluate upcoming systems before they become the new stable default. I’ve noticed that there isn’t a widely available LXC container template for Debian Trixie yet. Since I wanted to begin testing some setups myself, I decided to create a Debian Trixie-based LXC template image that can be used on both Proxmox 8 and Proxmox 9 installations. This makes it easy to spin up containers running Debian 13 without having to build the template from scratch. If you’re curious about how your applications behave on the next major Debian release or if you’re planning future upgrades, this should save you some time and effort. To use .... [read more]

Proxmox Cloud Image and Bare-Metal Auto Installation Image

(2025-07-17):
Testing & Automating Proxmox Deployments Over the last few months, I’ve been asked quite a few times how I test my Ansible modules and ProxLB setup in an automated, reproducible way. Especially when working on new features or debugging something deeper, having a clean and quickly deployable Proxmox instance is incredibly useful. The same question often comes up in another form too: “How can I spin up Proxmox on a bare-metal machine without going through the ISO installer step by step?” or “Is there a Proxmox Cloud Image that I can just boot up like with Ubuntu or Debian?” Up until now, there hasn’t really been a good out-of-the-box solution for this: at least not one that is quick, reliable, and can be integrated easily into automation pipelines. That’s why I went ahead and built exactly that: a prebuilt, ready-to-use Proxmox 8.4 image for both bare-metal auto-installations and cloud environments .... [read more]

Building Your Own PKI with Step-CA – From Root CA to Proxmox Integration with ACME

(2025-06-29):
Running your own on-prem PKI (Public Key Infrastructure) can be a game-changer and it’s not just for enterprises, but also for advanced homelabs. Whether it’s about securing internal services, managing client certificates for S/MIME email encryption, or just having full control over certificate issuance, operating your own root CA brings a lot of flexibility and independence. There are many ways to set up a basic CA, even just using OpenSSL on the command line. But as soon as your setup grows, you’ll quickly run into limitations. Things like revoking certificates, publishing CRLs, using OCSP, or automating issuance via the ACME protocol become essential. And that’s where more powerful tools come in. Popular solutions like FreeIPA, HashiCorp Vault, or EJBCA offer robust PKI functionality, but they can be overkill for some environments or tricky to integrate with specific workflows. One tool that’s gained a lot of traction in recent years is .... [read more]

How My BoxyBSD Project Boosted the Proxmox Ecosystem

(2025-06-06):
When I first started BoxyBSD, I had a fairly straightforward goal in mind: Build a completely free VPS hosting platform with full IPv6 support aimed at beginners and small open-source projects. Something simple, lightweight, and accessible. But as the project evolved, I realized it was becoming much more than just a small personal project and BoxyBSD started giving back - not only to open-source in general but also to the Proxmox community in ways I hadn't anticipated. What surprised me the most was how deep I had to dive into architectural decisions that I initially thought wouldn't matter that much - surprisingly it also changed my whole initial idea running everything on FreeBSD with bhyve - and let me say - it should become completely different! Managing resources efficiently across multiple VMs, fully automated deployment, monitoring system including all guests, clustering across different locations and live migrations of guests - .... [read more]

Proxmox and Authentik OIDC – Install, Configure and Connect Authentik to Proxmox VE

(2025-05-22):
When exploring secure and efficient authentication options for a Proxmox setup, Authentik paired with OpenID Connect (OIDC) emerges as a compelling choice, particularly for those who prioritize open-source tools and in-house data control. Authentik, an open-source identity provider, empowers administrators to customize authentication flows without the constraints of proprietary systems, avoiding escalating costs or rigid limitations. By integrating OIDC, it enables seamless single sign-on, allowing users to access Proxmox with a single, secure login, eliminating the hassle of managing multiple credentials. For those wary of external cloud services, Authentik’s ability to run on local servers ensures that sensitive data, such like user credentials, access logs, and more, remain fully in-house, a critical advantage for privacy and regulatory compliance. Setting up Authentik with Proxmox is straightforward; configuring the OIDC realm with a client ID and secret delivers a robust, secure authentication layer for managing virtual machines and containers. The open-source nature .... [read more]

Run FreeBSD, OpenBSD and NetBSD VMs in Incus

(2025-05-05):
Not too long ago, I published a blog post all about Incus. In it, I gave an overview of the project, explained how it works, and showed how to create a cluster with it. After sharing it on social media, I started getting a lot of questions, and one in particular kept coming up: is it easy to run BSD-based virtual machines with Incus? Some people were even surprised to learn that Incus now supports virtual machines thanks to its QEMU backend. So I thought, why not follow up and walk through just how simple it is to get FreeBSD, NetBSD, and OpenBSD running using cloud images? It’s actually a pretty smooth experience. The Incus tooling makes it fairly straightforward to work with VMs, and the BSD community provides ready-to-use cloud images that fit right into this workflow. This means there’s no need to manually install or configure these systems .... [read more]

Incus for Containers and VMs: A Powerful Proxmox Alternative? A Step-by-Step Guide to build a Cluster

(2025-05-04):
Incus is a versatile and efficient tool for managing both system containers and virtual machines, offering a unified way to run full Linux systems. It supports a wide range of Linux distributions and relies on a simple but powerful REST API. Whether you’re running a single machine or scaling across a full data center, Incus adapts easily to your needs. It can transform your setup into something that feels like a lightweight private cloud, letting you run various workloads with optimized resource usage. If you’re looking for a cost-effective way to manage infrastructure, containerize environments, or deploy VMs, Incus is definitely worth considering. Note: Sounds interesting so far? You can also try Incus immediately online right here. Table of Contents o Incus vs Proxmox – The Main Differences o Core Technologies: QEMU and LXC o Clustering and High Availability o Load Balancing and Rebalancing o Ease of Use and Web .... [read more]

Introducing ProxLB 1.1.0 as an Advanced Loadbalancer for Proxmox Clusters: A Complete Code Refactor for Enhanced Performance and Stability

(2025-04-01):
April, April! No, even it’s the first of April – this is real! After months of development, I’m thrilled to announce the release of ProxLB 1.1.0 – thanks to my company credativ GmbH for sponsoring this project where I could work on this during my work time! It’s been quite the journey since I started this project in mid-2024, and this latest version marks a significant milestone. With a complete code refactor, improved load balancing behavior, and numerous bug fixes, ProxLB is now more stable and capable than ever. ProxLB Origins and Purpose ProxLB was born out of a need for a straightforward load balancing solution for Proxmox clusters for my BoxyBSD project, something akin to VMware’s DRS. Also several customers at my company – credativ GmbH – asked for DRS alike features when migrating to Proxmox. This made me polish it up and release it as an opensource project .... [read more]

HowTo: Proxmox Backup Server – Prometheus Exporter and Grafana Dashboard

(2025-03-14):
Proxmox Backup Server is an essential tool for anyone running Proxmox Virtual Environment (PVE) or managing backups efficiently in a virtualized setup. It provides a high-performance and deduplication-enabled backup solution that ensures data protection while keeping storage demands in check. But like any critical infrastructure component, monitoring its performance and status is key to ensuring smooth operations and quick troubleshooting. This is where integrating metrics into a single solution, like a Prometheus and Grafana setup, becomes invaluable. Instead of manually checking logs or relying on periodic status reports, a well-integrated monitoring system provides real-time insights into the health and performance of the backup server. With Prometheus scraping metrics and Grafana visualizing them in intuitive dashboards, administrators gain a clear view of key indicators such as backup job status, storage utilization, performance bottlenecks, and potential failures. This proactive approach helps to detect issues before they escalate and ensures that backups are .... [read more]

HowTo: Kleene as a Container Management Platform for FreeBSD

(2025-02-14):
Kleene is a container management (jail manager) platform designed specifically for FreeBSD, bringing familiar concepts from Docker while fully embracing FreeBSDs native tools and philosophy. Instead of reinventing the wheel, Kleene follows the KISS (Keep It Simple, Stupid) principle, leveraging FreeBSD’s built-in features to simplify application deployment, maintenance, and upgrades without unnecessary complexity or abstraction. By using FreeBSD’s core technologies like jails, ZFS, and PF (Packet Filter), Kleene provides a streamlined way to build, run, and manage containerized applications while maintaining transparency and control. Key functionalities include: Jailed Applications: Running lightweight, isolated environments using ZFS for storage efficiency. Native Networking: Automatically setting up necessary network devices and configurations. Firewall Integration: Managing connectivity securely with FreeBSD’s PF firewall. Unlike some container solutions that introduce heavy layers of abstraction, Kleene stays true to FreeBSD’s “Power to Serve” motto, ensuring users retain full visibility and control over their system. If you’re familiar with .... [read more]

HowTo Create a Kubernetes Cluster in 10 Minutes

(2025-02-04):
Creating and managing a Kubernetes cluster from scratch can be challenging and there’re definitely a way too many possibilities to do so in 2025. With Talos Linux, this can be done in less than 10 minutes! What is Talos Linux? Talos Linux is an operating system built specifically for Kubernetes, focusing on security, immutability, and minimalism. It is designed to work across a variety of environments, including cloud platforms, bare metal servers, and virtualization platforms, providing a versatile solution for modern infrastructure needs. One of its key features is that system management is completely API-driven, eliminating the need for traditional SSH, shell access, or a console interface, which enhances both security and ease of automation. Talos is production-ready, having been used to support some of the largest Kubernetes clusters globally. It is an open-source project developed by the team at Sidero Labs, which is committed to simplifying infrastructure management for .... [read more]

HowTo: Managing VM on FreeBSD with bhyve and vm-bhyve

(2024-10-26):
The bhyve hypervisor on FreeBSD is an impressive tool that brings lightweight, efficient virtualization capabilities directly into the FreeBSD ecosystem. It’s a powerful type 2 hypervisor that allows FreeBSD users to run virtual machines with minimal overhead, making it an excellent choice for those who value performance and stability. I find bhyve especially compelling for running various Unix-like operating systems like FreeBSD itself, Linux, and even Windows, thanks to UEFI support. In the past, I already wrote many blog posts about virtualization and hypervisor solutions where I also often mentioned bhyve but also the lacks around bhyve. However, bhyve is still an amazing way to virtualize your workloads by running VMs of any operating system. Recently I got ask how I usually manage bhyve and if I could provide a small howto. To manage bhyve VMs more easily, I rely on vm-bhyve, which streamlines the creation, configuration, and operation of .... [read more]

bhyve on FreeBSD and VM Live Migration – Quo vadis?

(2024-10-21):
When I think about bhyve Live Migration, it’s something I encounter almost daily in my consulting calls. VMware’s struggles with Broadcom’s licensing issues have been a frequent topic, even as we approach the end of 2024. It’s surprising that many customers still feel uncertain about how to navigate this mess. While VMware has been a mainstay in enterprise environments for years, these ongoing issues make customers nervous. And they should be – it’s hard to rely on something when even the licensing situation feels volatile. Now, as much as I’m a die-hard FreeBSD fan, I have to admit that FreeBSD still falls short when it comes to virtualization – at least from an enterprise perspective. In these environments, it’s not just about running a VM; it’s about having the flexibility and capabilities to manage workloads without interruption. Years ago, open-source solutions like KVM (e.g., Proxmox) and Xen (e.g., XCP-ng) introduced .... [read more]

Run Linux Containers on FreeBSD 14 with Podman

(2024-10-06):
In one of my recent blog posts, I shared my journey as a long-time FreeBSD user. I talked about how I’ve been incredibly happy with the system, appreciating its rock-solid stability, flexibility, and performance. But, like every OS, FreeBSD had its gaps, especially when it came to some modern developments – one of which has been a pain point for many of us working with containerized environments: native support for Docker and Podman Linux images. Until recently, this missing functionality made working with containerized applications a bit of a challenge. Let me explain why that’s changed and how FreeBSD 14 has finally caught up to the container party. The Old Way: bhyve Linux VMs For a long time, one of the workarounds for running Linux containers on FreeBSD was to spin up a Linux VM using bhyve, FreeBSD’s native hypervisor. While bhyve is fantastic in its own right (fast, lightweight, .... [read more]

Howto: Automated FreeBSD VM Deployment with ProxLB and Terraform

(2024-09-01):
In today’s fast-paced IT environments, automation is essential for maintaining efficiency and staying competitive. Whether you're managing a small-scale infrastructure or an enterprise-level system, the ability to deploy virtual machines (VMs) quickly, consistently, and with minimal manual intervention can be transformative. This is where tools like ProxLB and Terraform come into play, offering a powerful solution for automating the deployment and management of VMs. Why Terraform and not Ansible? I'm aware that Ansible is a great tool - also for such things - but Ansible might be slow in some cases with too many tasks and not writing own custom modules that improve the overall handling. Terraform is often the better choice when it comes just to build up a base infrastructure from scratch where Ansible can take over after this baseline has been set. So, let's have a look at the other tools used here. ProxLB is a robust .... [read more]

Howto Use an External USB Network Dongle in XCP-ng for the Management Interface

(2024-07-27):
When you connect an external USB network (Ethernet) dongle to a node running XCP-ng, you might encounter an issue where the device appears as a "side-NUMBER-eth0" interface. This interface, however, is not connected and cannot be used for any management interfaces within XCP-ng. You may still be able to manually configure it and to assign IP addresses but it will be still refused to be used for the management interface. To resolve this, you need to rename the device appropriately. Unfortunately, simply renaming the interface won’t work; you need to define a udev rule to ensure proper configuration. Here’s a detailed guide on how to correctly set up your USB network dongle on XCP-ng - keep in mind, that you mostly only want to use this kind of network for your dev labs and not for production usage! First, you need to identify the external USB network dongle interface and .... [read more]

ProxLB - (Re)Balance VM Workloads Across Nodes in Proxmox Clusters.

(2024-07-06):
ProxLB (PLB) is an open-source Proxmox loadbalancer, but different! ProxLB is an application created to optimize the distribution of virtual machines (VMs) across Proxmox cluster nodes for significantly enhancing efficiency and performance. Utilizing the Proxmox API, ProxLB gathers and analyzes a comprehensive set of resource metrics from both the cluster nodes and the running VMs, including CPU usage, memory consumption, and local disk utilization. A key feature of ProxLB is its intelligent rebalancing capability, which redistributes VMs based on their memory, disk, or CPU usage. In those cases, the real memory consumption from the VM is taken instead of the potential maximum usage. This ensures no single node is overburdened while others remain underutilized, significantly enhancing cluster performance and reliability. By evenly distributing resources, ProxLB helps prevent performance bottlenecks and improves the overall stability of the cluster. Efficient rebalancing leads to better utilization of available resources, potentially reducing the need .... [read more]

Harvester - A More Modern Alternative to Proxmox As a HCI

(2024-06-25):
After Broadcom increased the license fees, other virtualization alternatives become very popular. While I previously already evaluated various virtualization platforms, including Proxmox, as well as other solutions that are based on FreeBSD, such as bhyve-webadmin (BVCP), and ClonOS there are of course also several other ones and it is worth noting another noteworthy option in the landscape of hyperconverged infrastructure (HCI). Harvester is an innovative, open-source HCI platform that is built atop of Kubernetes, offering a cloud-native approach to infrastructure management. It is tailored for operators who are in search of an open-source HCI solution that can seamlessly integrate with their existing systems. Harvester is engineered to be deployed directly on bare metal servers, where it provides a combination of virtualization and distributed storage functionalities. This solution is not limited to managing traditional virtual machines, it also embraces the containerization trend by facilitating containerized workloads through its integration with Rancher. .... [read more]

ClonOS - An Alternative to Proxmox Based on FreeBSD

(2024-06-21):
In the realm of virtualization, there are already several robust and well-established platforms like Proxmox and OpenStack. These solutions have paved the way for efficient and comprehensive management of virtual environments, primarily on Linux-based systems. However, for those who appreciate the power and elegance of FreeBSD, there has been a notable absence of a comparable tool that leverages this operating system's unique strengths. With ClonOS (mainly written by Oleg G. and Oleg M.) an innovative open-source solution that fills the gap by offering a turnkey solution based on FreeBSD and the CBSD framework, we are finally receiving a solution that also offers the missing enterprise features like multiple node support to create clusters and live migrations for virtual machines. ClonOS is designed to provide seamless control, deployment, and management of FreeBSD jails containers, but also of virtual machines (VMs) with bhyve to create virtual environments. Built on the powerful CBSD .... [read more]

{{ pagination }} | [categories]