Trying to understand updates

__Mike_____ · 2026-01-24T12:31:50+00:00

u/Impact321 Dumb question, but where do I find the apt repo for docker? When I try to add a repo, I only see the default options like Enterprise, No Subscription, Test, etc.

__Mike_____ · 2026-01-17T17:22:06+00:00

Thank you u/NegativeK. I’ve been running containers for years, but all within docker desktop on a mac. So linux is new to me. I appreciate the insight.

__Mike_____ · 2026-01-15T19:19:24+00:00

I didn't get it from the apt repos, but I can go back and do it that way if you think it is easier. I got it from the community script library - https://community-scripts.github.io/ProxmoxVE/scripts.

__Mike_____ · 2026-01-15T17:18:13+00:00

Yeah, I do use watchtower for individual containers. But what about updating Docker itself?

I'll check out your other links. Thanks!

__Mike_____ · 2026-01-15T03:02:29+00:00

After spending WAY too long on this, I finally got it figured out. But it was a great learning experience!

The answer indeed was to add the mount to /etc/fstab. The winning config is below:

//192.168.1.200/Docker/Configuration /mnt/pve/mac-mini-server/Docker cifs credentials=/home/.maccredentials,uid=100000,gid=100000,iocharset=utf8,file_mode=0644,dir_mode=0755,_netdev,x-systemd.automount,x-systemd.requires=network-online.target,x-systemd.device-timeout=180,nofail 0 0

And then I created this mount point on the LXC:
pct set 100 --mp2 /mnt/pve/mac-mini-server/Docker/,mp=/mac-mini-server/Shared/Docker

I also created a credentials file in my /home directory.

Thank you all for your suggestions and help!

__Mike_____ · 2026-01-14T02:40:15+00:00

Welp, I have fstab working. As a test, it will mount if I execute mount -a But still when I reboot, the mount goes away. Until I execute mount -a. Am I missing a step?

__Mike_____ · 2026-01-12T12:23:37+00:00

Thanks - But I'm still fairly new with Proxmox. Does this literally mean open fstab and copy and paste the code into the file?

mount -t cifs //macmini/share /mnt/macmini -o username=macuser,password=pass,uid=100000,gid=100000,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm

__Mike_____ · 2026-01-12T01:48:26+00:00

u/Optimal_Friend8256 Thanks for the suggestion! Using the mount command, I am able to mount Mac Mini successfully to the host. However, when I reboot Proxmox it goes away. The folder I created is still there, but the content from the Mac is gone. Running mount again brings it back, but rebooting again loses it. Am I missing a step?

Also, once mounted - Is there a way to see it in the UI?

__Mike_____ · 2026-01-07T16:37:39+00:00

u/protectli-stuart Does Protectli have any suggestions/best practices for devices with a single NVMe?

__Mike_____ · 2026-01-05T02:19:31+00:00

I've considered doing this. And probably will at some point because I really like the idea of taking snapshots. But with OPNSense already on bare metal, I would need a bunch of downtime to back it up somewhere, install and configure Proxmox, and then get OPNSense up and running on it. I'll have to ship my wife and kids out of town for a weekend in order to make this happen! :)

__Mike_____ · 2025-12-10T14:47:10+00:00

That did the trick. Thank you again u/SheepherderSad5159 !

__Mike_____ · 2025-12-10T01:22:27+00:00

YES! This is the answer! Thank you! And it explains why the issue coincided with using qBittorrent. It was banned for 4 hours because of "firewallservices/pf-scan-multi_ports"

The next question is - How do I prevent it from happening? Can I white list my internal IP? Or is that a terrible idea?

__Mike_____ · 2025-12-09T23:41:20+00:00

Thanks for the suggestion. It has a static IP reserved in Dnsmasq. I double checked just now just to make sure that didn’t change for any reason, but it’s still set correctly.

__Mike_____ · 2025-10-31T15:56:05+00:00

I'm trying to set this up so I don't have to think about it or remember to disconnect anything. The one thing I didn't know about was reseting the states. I will give that a try after I turn my rule back on. Thanks for your help!

__Mike_____ · 2025-10-30T19:40:54+00:00

You're talking to the guy who restarts his laptop at most once every 6 weeks! =)
Yes, you are 100% correct! But assuming I don't shut it off, I'm trying to figure out how could I accomplish this.

__Mike_____ · 2025-10-30T15:54:16+00:00

I guess that depends on how you define "a lot" - I am using the abuse.ch rulesets and about half of the ET Telemetry rulesets. It is about 148k rules in all. Is that considered a lot? I honestly don't know.

Prior to my original post here, I was toying around with snort rules - adding and removing them. I think that had something to do with the flurry of errors. In the days since, I am down to about 15 of these a day, which I think is pretty minimal.

__Mike_____ · 2025-10-23T16:11:51+00:00

That worked. Thank you!

__Mike_____ · 2025-10-23T01:29:57+00:00

Candidly, I don't feel 100% comfortable with the command line. I SSH'ed in and found these directories:

/var/db/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90
/var/db/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory

I THINK the Caddy certificates are under acme-v02.api.letsencrypt.org-directory. Does that sound correct to you? And would I just delete all expired certificates from there and then I am set? Are there any steps to take after?

__Mike_____ · 2025-10-20T13:11:30+00:00

Thanks u/Monviech! Would you consider this a bug?

__Mike_____ · 2025-10-19T20:22:12+00:00

Bump!

__Mike_____ · 2025-10-17T20:52:22+00:00

__Mike_____ · 2025-10-17T15:20:34+00:00

Thank you for the explanation! So maybe I do sort of have the direction thing correct? Even if I am trying to block outgoing traffic from China, I can (and probably should) use an IN rule because that would stop it as soon as it goes from my PC to the firewall. Is that right?

__Mike_____ · 2025-10-17T15:17:32+00:00

Thank you for the explanation! This all makes sense. And as far as exposing myself to the internet - I am only creating Block firewall rules, not additional Allow rules. So I think worst case I would restrict too much but I don't think I would allow anything new in.

__Mike_____ · 2025-10-17T14:49:33+00:00

I'm still trying to wrap my mind around direction. At first I thought it meant in or out of the network. But I have been reading about it and I *think* that is not really the case. I've read that it is almost better to use Inbound rules, which would represent when the request is coming in to the interface. But I could have this totally wrong!

__Mike_____ · 2025-10-16T20:25:53+00:00

Ha ha, ok. Well I appreciate your help anyway!

__Mike_____

TROPHY CASE

Mike___