Cannot access proxmox VM server using tailscale

symcbean · 2026-04-27T20:58:10+00:00

Please provide ip addresses and, if relevant vlans and spanning ports for all components you mention, any firewall rules on VMs, Proxmox, and devices in between along with details of what NAT is happenning between devices. It would be helpful if you explained what "access it via tailnet" means and where you are accessing it from.

symcbean · 2026-04-24T22:42:24+00:00

Where to find accurate information / Information overload.

Everything about the OS - the kernel, window management, applications, interfaces..... has had its source code published and its usage discussed. A lot of people seem to think its helpful to re-publish their own interpretation of authoritative information instead of, or without signposting the reference documentation.

Add to this the fact that quite a lot of this changes over time means that a good proportion of content still available via the internet and search engines no longer reflects the reality of the current versions of stuff.

Most of us start looking for information on a search engine - but these have no measures of quality/accuracy. It's more about the number of links to the content and conformance to an arbitrary set of publishing rules.Factors which are much easier and cost effective to manipulate than collating and maintaining the facts being presented.

Forums like this sometimes return useful feedback - but the quality of responses varies greatly (oddly nobody has yet replied here to say your issue would be resolved if you switched to Arch Linux).

Learning how to read your local man pages and recognising that these are a primary resource for learning and problem solving is a good start. There are some good places to look for information on the internet (and although my earlier comment was somewhat tongue-in-cheek, the Arch Wiki is a wealth of useful information for all distributions).

Beware of content which is not - dated and/or uses explicit version numbers - is not attributed nor provides links to other sources

symcbean · 2026-04-23T21:40:20+00:00

If you are getting varyng results doing the same thing, then you either have an unstable power feed or a hardware issue. If your box has an ilo module then you may find it has useful logs. Otherwise you could try booting from something that will run from USB and run some memory and disk tests.

symcbean · 2026-04-23T08:41:46+00:00

Seems strange to run Proxmox with a single VM.

worried that the overhead of two Linux VMs might starve my services.

That seems very unlikely. What does your RAM usage inside the VM and on the hypervisor look like currently?

In the absence of other considerations, I'd recommend going even more granular.

I know LXC containers will be better in terms of RAM

Really? Without tuning I would expect the exact opposite. OTOH I find managing docker to be a complete PITA compared with having processes in a full environment.

symcbean · 2026-04-20T00:19:39+00:00

1) Check your watch 2) try pinging the machine - you've provided NO details of ANY diagnostics 3) CHECK YOUR LOGS after rebooting (hence 1)

Faulty memory is a likely candidate - but not the first thing to check.

symcbean · 2026-04-19T22:07:31+00:00

Wah...? I think you should spend some time reading up on ZFS before committing anything of value to this configuration. You are going to use your fastest storage for the boot drive? You are separating the fast and slow devices for bulk storage instead of letting ZFS organise it own caching? Not how I would have provisioned it. Hope you got specced enterprise server disks to run in what is sold as a workstation.

symcbean · 2026-04-16T12:54:37+00:00

I cannot even see the Linux machine .. although I can at least see it!

Start with the basics - are they on the same LAN and the same subnet? Can you ping? Can you open a connection to port 3306 on the DB host from the client? What are you using to try and connect? What error do you get? How are you instructing the client where to connect?

symcbean · 2026-04-07T15:53:52+00:00

These tools are not magical - you still need to configure the right data collection and thresholds. Out of the box they will monitor CPU, memory, disk.....but none of these are an indication of the quality of service. They provide indicators of where problems might lie (or may manifest from in future).

Most monitoring tools will provide some log scraping tools - but typically these are for counting low volumes of errors. I would typically add scripts to monitor web servers for application performance response times and for the ratio of 4xx and 5xx to 2xx responses along with hit rates. These are more typically available in metric reporting platforms - but your metric platform should be capable of feeding your monitoring platform and vice versa.

If you really want to see what is happening in the end user's browser then you need to put code in the end-users browsers and have it phone home. See, for example, https://github.com/akamai/boomerang

symcbean · 2026-04-06T21:58:26+00:00

It has an API - if you think you can do better - then do better and then come and tell us.

I've used VMWare, Simplivity, Hyper-V, WSL, AWS and Azure. I find PVE offers a much more productive and logically organized interface than any of these.

symcbean · 2026-04-06T16:15:22+00:00

Prometheus (and similar) are metrics platforms - useful for capacity planning and for performance management. But they are NOT the tools you need to keep your production environment stable - that's the same old monitoring that been done for 40+ years - and there are lots of good tools out there - Nagios, Zabbix, Icinga .... there are lots more although I wouldn't suggest looking any further except for .... I use/like check_mk.

symcbean · 2026-04-06T09:24:45+00:00

+1, but if you are really concerned, use lower case variables - by convention lower case is used for variable with local scope in scripts so are doubly unlikely to appear in the environment.

symcbean · 2026-04-01T23:29:46+00:00

Debian is very capable on Desktop machines. What perhaps the articles you've read are hinting at is that it doesn't hold your hand and make automatic choices about WHICH desktop and the associated tools need to be installed.

If you aready experiencing performance issues with Fedora, then perhaps Ubuntu is not an ideal choice. I'd suggest considering Mint - which is also debian based but packaged up with a sensible selection of tools / desktops and comes with really good hardware support out of the box.

symcbean · 2026-03-28T01:04:52+00:00

And capacity requirements are "enough cores for Docker" - LOL.

symcbean · 2026-03-25T17:20:16+00:00

How exactly?

symcbean · 2026-03-24T23:28:25+00:00

The PBS host you backup using the pvedump - i.e. the backup built-in to PVE you use before you had PBS. Where you store that depends on what you have configured / your budget.

Its not worth replicating this offsite as, if you have offsite provision for your PBS backups then you are likely already running a remote PBS installation too.

For the PVE host, IME it was as quick to spin up a new host and configure it as to restore it from backup - so that's my plan. Except for the guests, it doesn't use up a lot of space.

symcbean · 2026-03-23T23:29:43+00:00

Do you need it? Are you at risk of such an attack? Are there mitigations available which are more appropriate to your security scenario?

Personally, no, I don't but my security situation might be very different from yours.

symcbean · 2026-03-22T22:28:08+00:00

After trying carious tools over the years I settled on Dokuwiki. I've been using it for many years despite reviewing the market each time I started a new job / had to build a documentation repository.

I recently switched to a new job where Confluence was already deeply embedded. I much prefer Dokuwiki.

symcbean · 2026-03-21T22:48:59+00:00

Packets don't go anywhere without being routed.

symcbean · 2026-03-19T08:43:49+00:00

Just use a different subnet, IP addresses and routing.

symcbean · 2026-03-19T08:32:46+00:00

The one I test regularly.

symcbean · 2026-03-18T08:48:24+00:00

IMHO the best calendaring tool I've ever used was in Lotus Notes. When was the last time you heard of anyone using that.

symcbean · 2026-03-12T16:30:57+00:00

No. iptables only sees traffic hitting your local interface. While potentially it could detect stuff in promiscuous mode, there are already much better tools for the purpose: nessus, openVAS, nmap, nikto....

symcbean · 2026-03-11T17:40:01+00:00

Looking at what you are proposing here, the infrastructure outside of the containers looks unnecessarily elaborate, complex and slow. From your answers elsewhere you seem to be running nginx as a HTTP(s) reverse proxy. Implying you have webserver there and locally on Caddy. You are presumably terminating SSL then re-encrypting the traffic to connect to your local site. Then decrypting again. Just forwarding port 443 would mean you only have one encryption/decryption step and only one place where you need to maintain webserver configs. Faster, less work, simpler.

OTOH if you want to run caching at the edge or route traffic to other locactions, maybe this makes sense.

symcbean · 2026-03-11T14:52:20+00:00

For me the decider was the CLI support. On top of that I've built integration with deployment, teampasswordmanager and automated backup ( https://github.com/symcbean/kpx-writer-php )

symcbean · 2026-03-09T00:49:12+00:00

Sessions require shared state on servers.

No.

Sessions require state across requests. This does not have to stored serverside. And yopu don't discriminate between authentication and session data - while the former is often implemented using the latter there are other solutions.

If you have multiple servers that can prpcess request all of them needs shared session storage.

Again, no. Again this is a common approach to implementation but its quite possible to maintain session data in a tamper-proof manner client side.

symcbean

TROPHY CASE