Configuring Proxmox after installation

There are a few important things to do after installing Proxmox.

Update the system to the latest version

ProxmoxVE by default receives updates from the paid Enterprise repository, updates from which are available to customers with a paid subscription. To get the latest updates without a subscription, you need to disable the paid repository and enable the non-subscription repository. If this is not done, apt will report an error when updating package sources.

1. Log in to the web interface (https://server.ip.address:8006) or connect to the server via SSH.
Let's use the web interface as an example. Go to console:

2. Edit the apt configuration file:

nano /etc/apt/sources.list.d/pve-enterprise.list

There is only one line in this file. Write a "#" symbol in front of it to disable the option of receiving updates from a paid repository:

#deb stretch pve-enterprise

3. Press Ctrl + X to exit the editor, answering "Y" to the system's question about saving the file.

4. Connect the no-subscription repository. To do this, open the file for editing:

nano /etc/apt/sources.list

5. Add lines to this file:
For ProxmoxVE 7

deb bullseye pve-no-subscription

For ProxmoxVE 8

deb bookworm pve-no-subscription
deb bookworm-security main contrib

6. Press Ctrl + X to exit the editor, answering "Y" to the system's question about saving the file.

7. Run the command to update package lists and upgrade the system:

apt update && apt upgrade -y

8. Restart the server after the update is complete

Connecting an additional drive

There are several options for connecting an idle drive in Proxmox. One of the fastest ways is to connect the drive as an LVM, where you can store VM and container hard disk images.

1. Check for unused drives:

One unused drive /dev/sdb is visible. It can be initialized and used as an LVM.

2. Go to the Disks/LVM section, click Create: LVM Volume Group, select the disk and name the storage

LVM partition created and can be used to host VM disk images

Take care of safety

1.Open the server console via the web interface or SSH.

2. Update package sources:

apt update

3. Install Fail2Ban:

apt install fail2ban

4. Open the utility configuration for editing:

nano /etc/fail2ban/jail.conf

5. Change the variables bantime (the number of seconds the attacker will be blocked for) and maxretry (the number of attempts to enter the login / password) for each individual service.

6. Use the Ctrl + X keyboard shortcut to exit the editor, answering "Y" to the system's question about saving the file.

7. Restart service::

systemctl restart fail2ban

You can check the status of the utility, for example, to remove blocking statistics from the blocked IP addresses, from which the attempts have been made to brute force SSH
. You can do these tasks with one simple command:

fail2ban-client -v status sshd

The utility's response will look something like this:

root@hypervisor:~# fail2ban-client -v status sshd
INFO Loading configs for fail2ban under /etc/fail2ban
INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
| |- Currently failed: 3
| |- Total failed: 4249
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned: 410
`- Banned IP list:

In a similar way, you can close the Web interface from such attacks by creating an appropriate rule. An example of such a rule for Fail2Ban can be found in the official guide.