With the recent Proxmox 9 release, many of us have the upgrade ahead or already done. What about you, and how do you generally approach updating your services? Which other updates are you looking forward to or is it just an annoying chore?
Also the usual - let us know what you are currently working on, what problems you are encountering and what you are excited about.
As for updates, I update my machines semi-regularly with Ansible. The Proxmox 9 update was unspectacular (good thing!), I just had to change some things in my Promox-post-install automation (nag bar removal and package sources). I still plan to get a merge request based update process for my containers as mentioned here but I’m just not there yet. That guide was also posted on reddit recently and got some traction.
I also spent some time yesterday to organize my nginx logs, they basically all got their own folder in /var/log/nginx with their own access log file by adding access_log /var/log/nginx/$server_name/access.log vhost_combined; to each config. Error log file paths can’t contain variables so I kept them in the default file so far.
Recently enabled wireguard (easy setting in my FritzBox router) and stopped exposing some of my services to the internet. That process isn’t finished yet though as I’ll need to switch to wildcard certificates in order to keep valid SSL for the now local-only services.
I use Traefik as reverse proxy for local only services with let’s encrypt certificates. Just needed to a) register the subdomains and b) expose port 80 for the challenges without anything being served on that port.
Wireguard into my network and local DNS via Pihole to ensure proper local IPs. Works like a charm.
I need to check what exactly I need to expose. I had 80 and 443 exposed but limited the access to local IPs in nginx like this:
allow 192.168.x.0/24; # Allow FritzBox subnet allow 10.0.0.0/24; # Allow OpnSense subnet deny all; # Deny all other IPsI still have some services I want to expose so generally I’ll keep the ports open.