What is Proxmox VE?
Proxmox Virtual Environment (Proxmox VE) is an open-source server virtualization platform that combines KVM-based virtual machines and LXC-based containers under a single web interface. Built on Debian Linux, it integrates enterprise features such as live migration, high availability, software-defined storage, and a built-in firewall. Its agentless design and central management interface make it a popular choice for homelabs, small businesses, and data centers alike.
The platform supports ZFS, Ceph, and LVM for storage, and includes a RESTful API for automation. The installation process is straightforward, but proper configuration immediately after setup is critical for a stable and secure environment.
Downloading the ISO and Creating Installation Media
Download the latest Proxmox VE ISO from the official Proxmox website. The ISO is a hybrid image that fits on a standard USB drive. Use a tool such as Rufus (Windows), Balena Etcher (cross-platform), or dd (Linux) to write the image.
# Linux: write ISO to USB drive (replace /dev/sdX with your device)
sudo dd if=proxmox-ve_*.iso of=/dev/sdX bs=1M status=progress
The ISO includes the Proxmox VE installer and a bootable Debian base system. On first boot, you are greeted by the installer menu with options for graphical or terminal-based installation. The graphical installer is recommended for most users.
Installation Walkthrough
Partitioning
The installer presents several partitioning schemes. For most deployments, choose ext4 with LVM or ZFS if you want advanced features such as snapshots, compression, and checksums.
| Filesystem | Use Case | Pros | Cons |
|---|---|---|---|
| ext4+LVM | General-purpose, maximum compatibility | Simple, well-understood | No native snapshots |
| ZFS | Homelab, critical data | Snapshots, compression, RAID | Higher RAM usage |
| Btrfs | Experimental or single-disk setups | Snapshots, subvolumes | Less mature on Proxmox |
ZFS is strongly recommended for the root filesystem if you have enough RAM (8 GB minimum). It enables instantaneous snapshots through the Proxmox backup mechanism and transparent compression with lz4.
Network Configuration
Assign a static IP address during installation. Do not rely on DHCP for a production server. The installer asks for the following:
- IP address (CIDR): e.g.,
192.168.1.100/24 - Gateway: e.g.,
192.168.1.1 - DNS server: e.g.,
1.1.1.1or your local DNS
Root Password and Email
Set a strong root password. Proxmox uses the root account for web UI authentication and SSH access. You also configure a system email address — this is where Proxmox sends alerts about hardware issues, backup failures, and certificate expiration.
First Login to the Web UI
Once installation completes, reboot and note the IP address shown in the console. Open a browser and navigate to:
https://<YOUR_IP>:8006
Accept the self-signed certificate warning. Log in with username root and the password you set during installation. The dashboard shows summary graphs for CPU, memory, network, and storage usage.
Removing the Enterprise Repository
Proxmox ships with the enterprise repository enabled by default, which requires a paid subscription to access. For non-production or homelab use, replace it with the no-subscription repository.
# Remove enterprise repo
rm /etc/apt/sources.list.d/pve-enterprise.list
# Add no-subscription repo
echo "deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription" > /etc/apt/sources.list.d/pve-no-subscription.list
Then update the system:
apt update && apt full-upgrade -y
A pop-up about a missing subscription appears on login. To suppress it:
sed -i 's/^/#/' /etc/apt/sources.list.d/ceph.list
System Updates and Kernel Management
Keeping Proxmox updated is essential for security and stability. The platform uses Proxmox-kernel (a custom kernel) rather than the stock Debian kernel. After updates, reboot to activate the new kernel.
apt update && apt dist-upgrade -y
reboot
Check the installed kernel version with:
uname -r
Proxmox retains the previous kernel so you can boot into it if the new kernel causes issues. Use proxmox-boot-tool to manage kernel versions.
Network Bridge Configuration
Proxmox creates a bridge interface vmbr0 during installation. This bridge connects your VMs to the physical network. The configuration lives in /etc/network/interfaces.
auto lo
iface lo inet loopback
auto eno1
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.1.100/24
gateway 192.168.1.1
bridge-ports eno1
bridge-stp off
bridge-fd 0
To add a second bridge for a separate network (e.g., isolated lab network), duplicate the block with a different subnet and omit the bridge-ports line for an isolated bridge.
Hostname and DNS Configuration
Verify the hostname and /etc/hosts are correctly configured. Proxmox requires that the hostname resolves to the primary IP address.
# /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.100 proxmox.example.com proxmox
The file /etc/hostname should contain just the short hostname:
proxmox
Test resolution with:
hostname --ip-address
If this returns the wrong address, Proxmox services may fail to start.
Firewall Basics
Proxmox includes a built-in firewall managed through the web UI or via pve-firewall. Enable datacenter-level firewall first:
Datacenter → Firewall → Options → Enable: Yes
Then configure rules per node or per VM. At minimum, allow HTTPS (8006) and SSH (22) from your management network. The firewall is stateful and applies rules in order — place the most specific rules first.
Generate and apply firewall rules from the CLI as well:
pve-firewall compile
pve-firewall restart
Creating the First User
It is good practice not to use root for daily operations. Create a separate user with administrator privileges.
pveum user add admin@pve --password <password>
pveum acl modify / --user admin@pve --role Administrator
Log out of the root session and log in as the new user. Assign roles more granularly if needed — for example, create users with the PVEVMAdmin role who can only manage VMs.
Enabling Two-Factor Authentication for Admin
Proxmox supports TOTP-based two-factor authentication. Enable it in the web UI under Datacenter → Two-Factor Authentication.
- Select TOTP as the provider.
- Scan the QR code with an authenticator app (Authy, Google Authenticator, or Bitwarden).
- Enter the current code to verify setup.
For the root account, configure 2FA via the CLI if the web UI is inaccessible:
pveum user tfa add root@pam --type totp
Store the recovery codes printed during setup in a secure location. Without them, losing the authenticator device means losing access to the root account.
Backing Up /etc/pve
The directory /etc/pve is a special FUSE-backed filesystem that stores all Proxmox cluster configuration. It exists on every node but changes are synchronized cluster-wide. Regular backup of this directory is critical for disaster recovery.
tar czf /root/pve-backup-$(date +%Y%m%d).tar.gz /etc/pve
For a more structured approach, use proxmox-backup-client if you have a Proxmox Backup Server. Otherwise, schedule a cron job:
0 3 * * * tar czf /root/pve-backup-$(date +\%Y\%m\%d).tar.gz /etc/pve
Test your backup by extracting it to a temporary directory and verifying the files are readable.
Post-Install Checklist
Run through this checklist after every Proxmox installation:
- Enterprise repositories disabled, no-subscription repo enabled
- System fully upgraded
- Static IP confirmed in
/etc/network/interfaces - Hostname resolves correctly
- Firewall enabled with minimal allow rules
- Non-root admin user created
- Two-factor authentication configured
-
/etc/pvebackup scheduled - NTP time synchronization verified
- SSH key-based authentication set up for root/admin