- Bulk Download All Proxmox LXC Templates via PVE Command Line
- Mounting Proxmox Raw Images in Any Linux
- Proxmox IPTables Port 8006 Redirect to Port 443
- Cloning/Restoring a Proxmox LXC Container from Backup
- Installing Certificate for Self-Hosted Unifi Network Controller
Bulk Download All Proxmox LXC Templates via PVE Command Line
3/29/2025
If you have the space and you want to bulk download all of the available Proxmox VE (ie. TurnKey LXC LinuX Containers, etc.) LXC container templates to local storage, here is a command that will bulk download them all from a Proxmox VE console.
I have downloaded these to my NAS storage called “NAS1” so substitute with “local-lvm” instead or wherever you decide to store them. As of this writing, these will take up about 46GB of storage:
# for i in `pveam available | awk '{ print $2 }'`; do pveam download NAS1 $i; doneMounting Proxmox Raw Images in Any Linux
4/2/2025
Context/Assumption: Drive containing Proxmox VE LVMs and raw images from a thin-pool is made available to another non-Proxmox Linux system (via external drive attachment, etc.):
- Get a listing of the LVMs via
lvdisplay. Here’s an example of a(n old) Proxmox VE drive attached to a system running Elementary OS:
root@nunya:/mnt/lvm/pve# lvdisplay
WARNING: Device for PV bIYp7D-Ifi5-3vm9-jKP2-6CCx-1l4b-j8LZd0 not found or rejected by a filter.
--- Logical volume ---
LV Path /dev/data_vg/lv01
LV Name lv01
VG Name data_vg
LV UUID akpZCx-bK2h-FaZr-66ZA-62Fo-ZIDP-NaqVEo
LV Write Access read/write
LV Creation host, time pve, 2021-12-20 00:02:35 -0600
LV Status available
# open 0
LV Size 1.00 TiB
Current LE 262144
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:2
--- Logical volume ---
LV Path /dev/elementary-vg/root
LV Name root
VG Name elementary-vg
LV UUID PRNByi-krxc-cxcm-3qcy-xrs4-BrLu-kFwni9
LV Write Access read/write
LV Creation host, time elementary, 2020-04-07 21:07:53 -0500
LV Status available
# open 1
LV Size 475.48 GiB
Current LE 121723
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
--- Logical volume ---
LV Path /dev/elementary-vg/swap_1
LV Name swap_1
VG Name elementary-vg
LV UUID z5Xm5c-9urf-Dib0-Bkn2-NLy3-PGZc-DzLGYp
LV Write Access read/write
LV Creation host, time elementary, 2020-04-07 21:07:53 -0500
LV Status available
# open 2
LV Size 980.00 MiB
Current LE 245
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:12. Mount the Proxmox VE LVM: mount /dev/<vg>/<lv> /mnt/lvm/pve/<lv>
I always create mount points in /mnt grouped by type: /mnt/lvm, /mnt/iso, etc. (Yeah… “/media“, I get it. LOL). So for the above the /mnt/lvm/pve is just my convention and has nothing to do with Proxmox VE per se or making this “work.” It’s a mount point, period. Mount at /recovery if you want — up to you.
# mkdir /mnt/lvm/pve/data_vg
# mount /dev/data_vg/lv01 /mount/lvm/pve/data_vg3. Raw Proxmox VE VM and container images will now be in /mnt/lvm/pve/data_vg/images. Mount those as loop devices: mount -o loop /path/to/raw/disk/image /mnt/lvm/pre/<disk-ID>. (Again my convention on the disk ID.)
# ls -lR /mnt/lvm/pve/data_vg/images
/mnt/lvm/pve/data_vg/images:
total 8
drwxr----- 2 root root 4096 Dec 20 2021 100
drwxr----- 2 root root 4096 Mar 22 2022 101
/mnt/lvm/pve/data_vg/images/100:
total 3118804
-rw-r----- 1 root root 21474836480 Apr 1 20:51 vm-100-disk-0.raw
/mnt/lvm/pve/data_vg/images/101:
total 1243244
-rw-r----- 1 root root 10737418240 Apr 1 20:51 vm-101-disk-0.raw
# mkdir /mnt/lvm/pve/data_vg/100 /mnt/lvm/pve/data_vg/101
# mount -o loop data_vg/images/100/vm-100-disk-0.raw /mnt/lvm/pve/100
# mount -o loop data_vg/images/101/vm-101-disk-0.raw /mnt/lvm/pve/1014. In this example of raw images as part of a data LVM thin-pool (denoted by the “<1.67t” below), I can just go after any raw image disk as a straight up LVM mount:
# lvs
LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
data pve twi-aotz-- <1.67t 4.07 0.30
root pve -wi-ao---- 96.00g
swap pve -wi-ao---- 8.00g
vm-100-disk-0 pve Vwi-aotz-- 60.00g data 48.09
vm-101-disk-0 pve Vwi-aotz-- 8.00g data 8.86
vm-101-disk-1 pve Vwi-aotz-- 20.00g data 11.27
# cd /mnt/lvm/pve
# mkdir vm-100-disk-0 vm-101-disk-0 vm-101-disk-1
# mount /mnt/lvm/pve/vm-100-disk-0 /dev/pve/vm-100-disk-0
# mount /mnt/lvm/pve/vm-101-disk-0 /dev/pve/vm-101-disk-0
# mount /mnt/lvm/pve/vm-101-disk-1 /dev/pve/vm-101-disk-1And if you wanted to mount them all at once, excluding snapshots:
# for i in `lvs | awk '/vm-/ && !/[Ss]nap/ { print $1 }'`; do mkdir /mnt/lvm/pve/data_vg/$i; mount -o loop /dev/data_vg/$i /mnt/lvm/pve/data_vg/$i; doneOr to a script to look over before executing:
for i in `lvs | awk '/vm-/ && !/[Ss]nap/ { print $1 }'`; do echo "mkdir /mnt/lvm/pve/data_vg/$i"; echo "mount -o loop /dev/data_vg/$i /mnt/lvm/pve/data_vg/$i"; done > /path/to/save/script/mount-raw.shHTH
Proxmox IPTables Port 8006 Redirect to Port 443
I’m not a big fan of “off” ports. They of course have their place. But when I have dedicated servers, HTTPS “belongs” on port 443. Here’s a simple iptables redirect rule for making it “look” like Proxmox VE is running on 443 from the vantage of the browser:
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006I’m a fan of the iptables-save approach in terms of making this permanent (ie. survives a reboot). Here’s an article on the iptables-save approach.
Cloning/Restoring a Proxmox LXC Container from Backup
# pct restore 104 vzdump-lxc-103-2025_04_10-14_05_20.tar.zst --storage local-lvmThis takes the backup of Container #103 and creates a new container #104. <Poof> MAGIC.
- Change the hostname of the new container. (It will have the same hostname of the backedup container.)
- Change the IP address of the new container. (It will have the same IP address as the backedup container.)
(Unless the backedup container doesn’t exist any more.)
Installing Certificate for Self-Hosted Unifi Network Controller
I’m running MacOS as my main desktop and running my own Certificate Manager on pfSense with my own root CA.
- Import my root CA
.crtfile into Keychain Access on my Mac as alogincertificate and set it to “Always Trusted” — so… my own sites (with my own issued certificates as my own CA) are always trusted. (Not detailing the steps for that here — Google University can handle this for you.)
- Create a server certificate in pfSense signed by my root CA for my
unifi.lanserver. Supply your own IP, FQDN, and/or hostname for your own server. (There are plenty of articles in Google for doing all this with tools likeopensslif not running one’s own CA.) - Export the private key
.keyfile and certificate.crtfile from pfSense. scpthese files to/etc/ssl/privateon the Unifi Network Controller from where I exported them:scp Unifi_Network_Controller.* root@unifi.lan:/etc/ssl/private- Hop into a root console on my Unifi Network Controller and create the PKCS12 file to import into the Java keystore on the controller:
# cd /etc/ssl/private
# # openssl pkcs12 -export -name unifi -out unifikey.p12 -inkey Unifi_Network_Controller.key -in Unifi_Network_Controller.crt
Enter Export Password: aircontrolenterprise
Verifying - Enter Export Password: aircontrolenterprise(The password used is, as far as I can tell, necessary.)
- Backup the Java keystore on the Unifi Network Controller:
# cd /var/lib/unifi
# cp keystore keystore.bak- Stop the Unifi Network Controller, import the PKCS12 key created from the private key file and the certificate file into the keystone, and restart the controller:
# systemctl stop unifi
# keytool -importkeystore -srckeystore /etc/ssl/private/unifikey.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -deststoretype PKCS12 -storepass aircontrolenterprise
Existing entry alias unifi exists, overwrite? [no]: yes
Entry for alias unifi successfully imported.
Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
# systemctl start unifiBadda-bing. Pulled what I needed (which was essentially creating the PKCS12 file and doing the keystone import with the proper password) from this fantastic article on Reddit.