Yeah,does not reflect the actual situation.

Currently especially their SDN capable stuff (Omada) is far better than e.g. the Ubiquiti stuff - we are relatively surprised by the build quality for the bucks you pay,tbh. (And unlike Ubiquiti they can be run stand alone and SDN).

Not defending their China-issues btw, we absolutely recommend to all our clients that they put a OPNsense in front of it. But it does it job and has it’s place in small businesses. (And tbh,their Wifi gear is good enough that I have seen it in fairly large deployments)

Sadly there’s not too much alternative for that sector atm.

Yeah, especially router wise I tend not to recommend them as well, but we widely use OPNsense as FWs now. Switching wise they are good and tbh, their track record got much better. (And everyone elses got worse, looking at you,Forti)

We tend to recommend Omada for smaller clients that would otherwise use ubiquiti (their track record is…far worse) and simply put a OPNsense in front of it. These are small healthcare establishments - the alternative is often far worse (cousin John doing the network or some antique Zyxel the local IT shithead service sold them as new) and with the OPN we can do due dilligence IT security wise.

Considering they recently also complained about Mikrotik I would,well, not give to much merit on that shit.

Bullshit.

It depends on what you buy from them and always has been. Their Omada line is on par with Ubiquiti, some other gear is similar to other commercial grade gear.

If you buy their cheap shit, yeah,it’s cheap. But they,as most manufacturers, have a broad spectrum…

Sadly Affinity Studio isn’t one of them - it runs barely, if at all in emulators and believe me we tried. Especially for larger files it’s still unusable.

At this point I need a shrine saying “hail to the GDPR” soon.

Tbh, I have given up on Proxmox Helper Scripts for more demanding things recently as I had similar issues.

You can use the fully packed VM appliance or iso as well. Or Docker.

Or,tbh,try the manual install,it’s somewhat straight forward. If you need help let me know.

Another option: Zabbix.

Sounds like overkill initially, but works fine and can be automated fairly well. Once installed (as a LXC/VM or on a seperats device if you want independent monitoring), you can setup a API acess for monitoring Proxmox (which will monitor all LXCs,etc. automatically) and then add the agent on top to monitor the underlying machine. There are dozens of ways to monitor Zabbix hosts temps, HDDs,etc. available online.

In theory you could also let a zabbixproxy collect all your hosts data (e.g. your Proxmox Host, your switch,etc.) in your network and then send it to a VPS outside your network so you monitor offsite and can be alerted when not at home.

ZeroSSL has unpaid plans (for non wildcards) that have a few advantages that LE doesn’t:

• No Ratelimits,
• A WebDashboard
• More ways to validate
• They have a RestAPI

And, first and foremost, they are European and it’s always good tk have an alternative ready.

But as said before, I totally missed the wildcard issue, as I haven’t touched these for a long time and recently had more to do with my public services (which get a ACME single domain cert via zeroSSL)

Officially, yes. Never tried getting them out of the PB tbh, there are easier ways for that (cough Anna).

Impressive tbh. I read at least 30min per day in bed with background lighting on and make it for more than 2 month usually (with an Era colour, though).

The verse of my kid has not been recharged ever since they got it in August and they use it for hours each weekend and approx.1 per weekday - with zero light on,though.

Another point for Pocketbook (not relevant for you,but maybe someone else): It works effortlessly with calibre web - unlike Tolinos, Kindles and some Kobos(even those have a better integration when they work).

And at least in Europe the “onleihe” (digital public library) system works extremly well on them. Around 90% of our books are from various onleihe librarys. (Unlike Tolino and some Kobos they support multiple onleihe accounts).(BTW: There are ways to get accounts for some of these - that have extensive english sections) even if you don’t live there)

Service wise: I had issues with initial delivery and they were solid (even though it wasn’t their fault).

Data security wise we looked into the traffic a hit and beside the usual shop traffic (recommendations,etc.) it seems to not do much,but we have it in an isolated network that only allows access to Onleihe, Calibre Web and a RSS aggregator anyway.

Can’t complain at all. Very happy with them, only complaints I have so far is the not as Kobo calibre Web integration (not their fault) and the fact that their OS is not as open as I wish.

It’s not that hard actually, at least tech-wise. Our ERP always has been web based and so is our project management (Redmine). The biggest “installable” Apps are QGIS(always worked on Linux), some LaTex Apps and the Affinity suite (which works through bottles)

Officewise Softmaker is close enough to MS Office that even someone with little experience computerwise has no issues.

Combine that with a Proxmox+FreeIPA+Opsi stack in the background and you’re set.Fedora 42 Plasma is used as a client OS with benefits from us only having 2 different client models hardware wise.

“Politic” wise I have the huge advantage that I am the sole owner of the company, that my staff is young and willing to innovate as this is basically our job (we do consulting for healthcare) and that we are somewhat small and work home-office full time.

The major challenge was to make people to actually try Linux. Plasma helped her enormously,because, let’s face it, it’s beautiful. That gave Linux a lot of godwil and after two days it was usually a “I never thought it would be that easy” or “that works as smooth as Win7/10 once did for me and MS destroyed that”.

Now some of my employees have privately changed to Linux as well.

Made the move gradually - first the private computers of my family,then my company. Very happy with how it went, especially in terms of staff adoption. We still retain some dual boot windows machines,sadly,as some things currently still can’t be done in the Linux world (CAD is the one thing, some very specific Office document things we sadly get dictated by a client the other one.)

Sorry, then proceed with LE. Got that part mixed up, you are totally rjght.

It is absolutly possible, but oersonally I would highly recommend getting yourself a proper public domain for that,even if you won’t use it otherwise (it’s even somewhat saver if you use a designated one for it).

To make it really easy get the domain with someome who also provides DNS with it (Hetzner is a solid choice, so are others, has to have an API). (E.g. “mydomain.casa”.)

Now get an internal DNS server that can handle it’s own zones. I always recommend technitium, but there are other choices. Pihole is not a good choice here.

Next thing is a reverse proxy,as you mentioned. If you want it easy, NginxProxyManager is a good choice, but limits what one can do later. But it kind of works out of the box. Traefik and caddy are both often named,but I found none of them as “fire and forget” as NPM is - and caddy can’t do a lot of things either. Traefik is what I currently use,but even using Manatrae or similar GUIs it’s sometimes a pain. But it’s absolutely powerful especially when you run a lot of docker container on the same host. Tbh, if I had not some special requirements I would still use NPM.

Now, what to do? (Not a full manual, more like a ovrview that it’s not that complicated)

1. Install all of the above on docker.
2. Setup NPM with a wildcard certificate, register with zerossl.com (has advantages over LetsEncrypt), add them as a provider and get a wildcard(!) certificate. (*.yourdomain.casa).
3. Setup a proxy host. You simply add the domainname (nextcloud.mydomain.casa),point it to the actual container ("192.168.1.10:3000) and choose the wildcard certificate as a SSL and switch on “force SSL”.
4. Go to the DNS server, create a DNS zone “mydomain.casa” and then simply add “nextcloud.mydomain.casa” and point it to the Reverse proxy IP. Done.

For good practice I would recommend to also keep a zone that links directly to the services so you can use that whenever necessary. (mydomain.internal)

I would avoid a Raspi/ARM at all costs. But there is a third alternative: A x86 SBC like a Zima Board or blade might be exactly what you are looking for. Small, powerful enough and far easier than an ARM to maintain.

Look at the Zimablade maybe. Full,Proxmox capabale x86, can be powered via PoE with a splitter(would not recommend it,though), cheap.

Not necessarily. Could just mean they use code that is not theirs and their licence does not allow publishing. Happens more often than one would think.

Switched to Linux for private use first. Then made my company switch(tbf, we still have to have Windows for very particular uses,but 95% of what we do works under Linux). And now we offer a complete ready made setup for medical clinics/doctors surgeries that operates on it.

Could not be happier. So is my staff and the clients we sold it to.

I have expanded my setup over the years. And tbh, I reached so many stages where I read up how pi-hole or adguard achieved this and that. And every time it was like “damn,if you want more than the basics they are actually more complicated. I just have to look up this and this and Technitium does it by the book.”. That’s so refreshing.