These are the bang on tutorial videos we need.Not Everybody has a 5bay rack system server. We are home labers with a budget and minimal resources so these sorts of tutorials are just awesome. Please 🙏 keep on doing these types of videos thanks
yes. we can't afford clunky machines running at 100w and cost $200 electricity per year. So I double up things by hosting pbs, nas all in the same pve host. And backup all vms/lxcs to pbs, including pbs and nas lxc themselves. Reminds me of the cartoon where the snake eating its own tail... LOL
I've always struggled for some reason on creating mount points and how to share across containers.... This video made it so simple - and worked the very first time!
After pulling my hair for two weeks trying to get an LXC with my torrent client to be able to write to my NAS share, this is the only video that explained things simple enough so I could understand the mapping process. Thank you so much!
Terrific work Jim!! Really excellent. I thought I'd add a tip for those using TTecks scripts - the RR stack stuff (sonarr, radarr, SAB etc..) all runs as root. The Jellyfin and Plex LXCs however each use a username ( jellyfin & plex respectively) that you MUST add using Jim's "Optional: Add Other Users to Group (e.g., Jellyfin, Plex) - usermod -aG lxc_shares USERNAME" command... Then, those apps will also be able to not only read but write to the CIFS share. If you ever need to find a username,.. the command "ps -aux" will list processes and users - find the right username and add with command. Thank you Jim!!!
Awesome Jim, was looking for this info for a while, your videos are the best, direct to the point no useless information. Just perfect. Thanks for your time.
After a lot of issues, I finally got my NAS passed thru to unprivileged LXC. I discovered that when I setup the LXC, the 'Net' node does not get passed thru. I was able to pass that node thru, but what happens is that the Tun device does not have correct permissions, and results in all kinds of issues. Once remedied, your instructions worked perfectly!. Now, onto your next tutoriall.
Great series of videos on this! I got this running again and have an SMB share for the media and a NFS for the cache (on virtualized TrueNAS) which makes for a very small VM. I have two synced PBS going too. Finally a very nice setup on the Epyc 4004 (so super fast)
THANK YOU SO MUCH! I've been searching around blogs, websites, forums, discords, and other youtube videos to get this to work for 5 days trying to learn mounts and your video FINALLY got it working for me.
Tyvm im new and learning everything this still confusing me AF! But went back to debian for the weekend while learning but really want to learn storages and setting up NAS VM on proxmox! Ill keep watching your videos keep popping up for my questions on google tyvm!
Thanks I've been experimenting for a while with mounting shares on unprivileged LXC's but I couldn't figure it out the permissions part for the mounted share on the lxc side. The groupadd -g 10000 was the solution! thanks for sharing your knowledge and I'm subscribing. Have a lovely day!
wowwweee. I have been trying to find the information to do this for months now. Using various work around methods in the mean time. Absolute legend for making this video.
Nice video Jim. In my home datacenter I have 4 nodes. One of them has a controller with 4 2TB drives mounted on a RAID5. I added the storage on the proxmox host and created a turnkey Linux LXC container. I mapped the volume on the container and created SMB shares for all 4 nodes. They all can save the backup files on the RAID5. It’s not the best performance but it fits perfectly for my needs today. I think I can do the same thing with a better application in docker.
I'm not sure why you created the group in this video for a read only bind mount. You didn't end up using the group in the video. I was. hoping you would show us how to write to the share with setting up the permissions which is what I thought you where setting up the group for. Do you have another video that helps with this? Thanks for the video. Nice delivery. Thank you.
Interesting Video!!! I am thinking to apply this concept to deploy an LXC container, mount my NAS Drive and install on top Proxmox Backup Server and point the DataStore to the path in the LXC that is mapped to my NAS. Do you think is going to work? Also can you do a tutorial for doing similar but with NFS shares as well? Thanks!
Awesome tut and simple to follow. I followed all your step and I can add delete files from the host. I can also see the mount point on the lxc but if I try nano test.txt to edit a remote file. I see File is not writable. I don’t what permissions need to be fixed for this if host was able to add delete file. I did not add ro=1. So I should have full rw permissions.
I've followed the step and mounted the share in proxmox and Jellyfin. Both can see the /mnt/nas directory and everything in it. When you move over to the Jellyfin dashboard, it does not see any subdirectories, just the mounted folder, /mnt/nas. What would cause this to happen?
Having the same issues. I added the additional users to the group, so the permissions should be linked up, but unsure. If figure out a solution I’ll update, but commenting to follow in case anybody else has figured out a fix.
Update: so after doing the optional user add command with user jellyfin, I rebooted the LXC and it worked on my setup. Not sure if that will work for you, but leaving this here just in case that works.
@@RobertoVillegas-vincent404 I still could not get it to work after adding the optional user. I ended up mounting the share in proxmox and update jellyfin's config to point to the mounted share.
I'm having problem making my docker apps to delete/create files on smb shares. even though I'v given them rw permission. i don't know what went wrong. and thank you for all your works. I've learnt a lot from you.
Great tutorial as always. Quick questions how do I run the LXC as the user I've created? In my case I'm trying to set up Sonarr and it keeps saying: Folder '/mnt/Movies/' is not writable by user 'root'. Thank you
amazing video ! I'm trying to implement this and your 2 other videos to run Immich in docker composer to access my photo library that is stored on my NAS via SMB but just can't figure it out at all. I have now mounted CIFS share the same as in the video and can read it but just doesn't seem to work as an external library at all. Is this making sense and or you or your community come up against ? Keep up the good work and thanks
Hi! Any chance you could look into mounting the shares on rootless docker? I can’t seem to figure out how to map it properly so that the docker container has access to the bind mount if using a non root LXC user. It mounts inside the docker container, but is mapped to nobody:nogroup and you can’t see the inside.
Thanks for your video. I tried this with Plex in a CT and a Seagate NAS. While I can see the files when I "ls" in the container console, I cannot seem to get the files to show up inside of Plex. "mnt/nas" is available as a folder, but nothing shows up. Any ideas?
Jim, pardon the noob questions, i want to run truenas in a VM inside proxmox and jellyfin in a LXC container, i understand the whole mount the smb share in fstab but 1) what would happen if the share is not available once you have network, would it mount anyways?, 2) every time i want to use jellyfin in a container i must first MANUALLY mount the share? 3) what would happen if i restart proxmox, i guess i will first boot truenas so the shares are available but i cant automate the start of jellyfin? or it is that the mountpoint in the container config file mounts it automatically as long as it appears in the fstab?
My understanding is that it'll try the connection upon each request. Failing that you would need to do a mount. I will need to test thing and validate.
I know I'm late to the party. But still I would like to fire up a questions. Is this scenario possible if the initial mount is done via NFS and not CIFS? I'm trying to do it this way, but the lxc container fails starting everytime the mount point line is in it's configuration. Thanks!
Thank you very much, super useful. But it´s ridiculous that proxmox havent an fast option in the GUI in order to create mount points for something as relevant/general use as samba share folders. WHY Proxmox?!
I found it... it´s easy as fuck, we have a mount point option in the proxmox gui. Go to Data Center->Storage->Add Samba (or whatever you need). After that you only have to edit 101.conf (or whatever you want) to paste this mount point
I followed this tut up to the point you added the line under volumes in docker compose. Is this step necessary if you do not use docker compose? I am able to select the path of the mnt location of my smb truenas core share in jellyfin and the command ls shows the movie files in my mnt location however jellyfin does not show any movies after adding the path and scanning the libraries.
This works well for Jellyfin container and managed to replicate it, thanks. I was also hope to use the same trick to get that same NAS folder into FreeFileSync docker container, however, getting 'permission denied' on trying to access it from within FFS GUI. No such issue from non-smb shares with FFS. FFS is running as root as well (just like jellyfin). Don't suppose you've used FFS before?
Awesome video, easy to follow and well explained, even for noobs like me. Congrats. But I'm stuck in 11:20" when I must go to docker-compose directory, I get "no such file or directory". I'm using proxmox and the script from tteck created as unprivileged.
@@Jims-Garage thanks for taking your time to reply. Maybe I sound stupid, but I guess this structure must be already created (I don't know what my current home directory in in this container) and I don't know if docker-compose is already created and I need to edit it.
@@juansebastian79 you essentially need to change the left hand side of the colon in the docker compose file to match your setup. Change /ubuntu to your username, create a folder called docker-compose in /Ubuntu or just change it to whatever structure you want.
Having trouble getting this to work for me using the tteck lxc script. I can see the files in the shell but not the jellyfin app. In jellyfin it see the mountpoint but not the files inside. I'm sure this is possible an access issue but I can't figure out how to fix it, and I did add the jellyfin user to lxc_shares.
Why do you need commands to mount NFS/SMB ? Proxmox already provides a clean UI for that, just go to the storage section in the data centre view Handles folder creation, permissions and ensures it's minted properly without any manual hassle
Really cool. But I am curious if the NAS is not available at the time of pve host bootup, would the share be mounted later automatically ? Imagine a case where the NAS itself is a VM in the same pve host.
@@Jims-Garage i want to avoid installing autofs in the host. I have been using autofs in vm. It is all solid. But a tool like this can be disruptive to a custom host kernel
@@Jims-Garage i did some research looks like the key is to have _netdev and x-systemd.automount flag. The first is to delay mount until the network is up. The latter is to delay until the mount is needed. I can actually see when rebooted, the host mount point belongs to root:root, until I did a ls on the mount point, after that the mount point ownership changed to pbs:pbs, indicating the mount occurred after ls.
Also, if you're only just looking for read-only access -- do you really need to need to do the whole user UID/GID mapping thing? Couldn't you just set up the mount point via the Proxmox GUI, and if your host already has the NAS share source mounted, can you just edit the .conf such that it points to that mount point location that's on the host?
@@Jims-Garage I installed a new unprivileged lxc and was able to see the files in the NAS using "ls /mnt/nas", but when I tried to add the folder to the media library it's empty and I'm getting this error in the logs: System.UnauthorizedAccessException: Access to the path '/mnt/nas' is denied Do you know how I can fix this? Thank you.
Thanks again for your videos. A must for me. I don't understand why gid is 11000 and not 10000 in proxmox fstab ? It don't match with the gid of the lxc group created before ?
@@Jims-Garage Is it possible to specify a specific group on the lxc machine (changing lxc_shares to smth else) ? For example, I have 2 shared repo and I want to give access to only one of them to a user.
I usually preffer to add the storage on proxmox itself instead of fstab because If you have an issue with your share proxmox won’t boot. I never understood why to be honest
Hey Jim, one question. When you type "nano /etc/fstab" you´ve got your //192.168.... SMB share and your //NAS/nas/ this is a bit confusing for me. Doesn´t the SMB share with the IP is the right one. The other one would have in my opinion no impact? After binding it to /etc/fstab/ I usse the mount command. Therefore I always get: Couldn't chdir to /mnt/lxc_shares/nas_rwx" Greetings
@@TrashMinerHDTV it's because it's a mount. In Linux you need a source (the NAS share) and a destination to mount it. So essentially, mount "this" "here"
@@Jims-Garage Thanks for the fast reply. But I unfortunaly need to say, that I don´t understand it yet. IIam kinda a newbie to this. I have my SMB share working on truenas. I can reach it via windows for example. This means my mount command should look like this: mount /mnt/Felix/local-cloud Maybe iam already doing wrong steps in first place.
@@TrashMinerHDTV in Windows you can do that, but in Linux you cannot. You need to specify which SMB share you want to mount (the first part of the command), and then a place where you want to mount it in the local file system. It's almost like it creates a shadow copy. So, as in the example it's IP/share for the SMB share location, and then /NAS locally on the Linux system. You then access the NAS files at /NAS (it's basically mapping it as a mount)
@@Jims-Garage Thanks. i think I got this point. But it lead to the problem afer mountig. mount error(2): No such file or directory Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)After a bit frustration I think my ""Add NAS CIFS share to /etc/fstab" is the problem. I added like 10+ different types to figure out, which one will work, because I thought i messed something up with the names. On my Chanel I uploaded 3 screenshots from my /etc/fstabs/ mounts and my true nas SMB Share as a yt video. Thanks in advance and sorry for the inconvenience.
I followed the tutorial in full, but I used the promox helper script to install the jellyfin lxc and was unable to locate a docker compose file. I can see the directory when i use the console, but when I add pathway to jellyfin UI, it shows the pathway, but no media inside. How do I find my compose file or the appropriate file to add the volume in the last step?
Hello, I have followed your video but the mount location is not visible on the Radarr UI under disk space. I am using proxmox to create the radarr LXC using the helper scripts and a Synology NAS using smb. Kindly assist. Been trying for 2 days now
It's great that it's possible, but it's far from elegant and would be a mess on a cluster if you planned to make the container migratable. Does mounting cifs with privileged containers negate all of this?
Hi, thx for this wonderfull piece of documentation/video,so well explained that even i can understand is (62y) All worked well except the last piece because i started from a helperscript on Proxmox , so without docker. When i access my mountpoints from the terminal on jellyfin i can see al my dirs and movies. When i add a library and select these mountpoints they come up empty , did i mis something, did something wrong Can you advice me what to do next? Thx for your time
I got Docker/Portainer installed on an seperate VM. I followed all you steps and be able to acces my files on the LXC. But how the hell I now bind my docker to that lxc. Like you in the last minutes. I now want to install jellyfin on the lxc.
@@segrationpictures2721 an LXC is basically a virtual machine (it's an OS in a container). If you want to run docker apps then you'll need to install docker the same as a VM
Hey, thank you very much! I Sadly i ran into a problem. I am using Plex instead of Jellyfin and when i go to the folder via the lxc shell, i find all the content, but when i navigate to my /mnt/nas folder in Plex, nothing shows up. Its empty. Also when i create a folder, it wont show up. Its very strange and i don´t know why :(
Do you echo in those configs to the conf files out of preference (maybe you have a sheet of many commands that you just dump into the CLI to sequencially work through), or do you have some other reason? I thought it was a bit odd to use the echo command, and then go into the file to check anyway. Just a query, not a criticism.
Great Video. I followed everything but the end section regarding the docker-compose/jellyfin folder. I get no docker-compose folder exists. If i check /mnt/lxc_shares/nas_rwx in the pve shell and /mnt/nas in the jellyfin console i can see all my movies in both of them. I then point my Jellyfin library to /mnt/nas but no movies show up. Can someone please help?!!
i use your guide and its very clear, you explain it well, but i get stuck on the "mount /mnt/lxc_shares/nas_rwx" command, it gives me the following error: "mount error(95): Operation not supported", ive looked online and i found that it probably is a smb version problem, i guess standard smb 1 gets used but my nas uses smb 2. is there a way to fix this?
This doesn't seem to work with HA since you can't duplicate a hard mount. How would you do this with HA replication? I have two nodes with GPUs I want use HA on my emby LXC. This way the LXC gets rebuilt depending on what node goes down
Not sure what's going on but when I try mounting I receive this error: Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
I can't get past the mount part. No matter how I edit the line is fstab, I keep winding up with mount: /etc/fstab: parse error at line 13 -- ignored mount: /mnt/lxc_shares/nas_rwx: can't find in /etc/fstab.
Hey Jim, not sure if this is a stupid question, but is cifs any better than nfs and if not wouldn't it be better to use the Add > Storage > NFS options rather than all the commands you used that could get be wrongly entered?
Thanks for the video. But I'm understanding it correctly that you set up LXC with docker and than on top of it set up Jellyfin? Isn't easier to set up LXC with Jellyfin? And is it safe to expose such install to external world, even if I gave it read only permissions? I thik that in another video you said that it is better to install such services on VMs because they do not share the kernel with the host
I have tried to use this method to attach my nas to my Proxmox Backup Server LXC and i can access the files and write to it from the PBS shell. however backups always fail. should this method also work for PBS?
@@Jims-Garage OK so I gave it a go and I used a helper script to create the LXC its unprivileged. I used your guide and made sure to add the back up user too. i can read and write to the share in the PBS shell but when it comes to backing up it always fails. looks like a permissions error but i cant seem to figure it out.. Error: fchmod "/mnt/nas_pbs/ct/101/2024-05-30T12:16:46Z/pct.conf.tmp_FPsn3z" failed: EPERM: Operation not permitted. hope you can help
@@Jims-Garage I did that at the start I used your guide and did this "usermod -aG" for the user which is called "backup" is there a way to check if there is another user also? from the log it looks like its writing a temp file and when its changing the temp files permission it fails
ok i have gone through this about 10 times now and trued everything I still get permission denied when I try to open the mount in the lxc - logged in as root, mtn shows up but can't open it tried adding the jellyfin user to the list and still noting.
@@Jims-Garage the files are an NFS share from Synology and, permission set for both the host and the lxc ip just in case, jellyfin is running in a Debian lxc just to try and match it, installed using a helper script
@@Jims-Garage I've tried everything, even say in the support docs that no special characters is supported so changed the file names to have no special characters, the host can browse the files fine and even open them, but the lxc can't and I'm lost
If you write in the SMB user and password into /etc/fstab -- wouldn't you be storing the SMB password in plain text? Wouldn't that kind of (at least in part), kind of defeat the whole point of using an unprivileged LXC container (from the security aspect of it)???
@@Jims-Garage "You could use variables to remove that issue" But even with variables -- that would still be storing the password in plain text, no? "but even in a worse case it would give you access to the SMB, not the Proxmox host." I think that will depending on how you have your SMB share set up. If you have a separate SMB share that's hosted by another system -- that will put that system, potentially, at risk (by storing said SMB password in plain text). Conversely, if you want to consolidate your system such that your Proxmox host is ALSO the source of your SMB share, then this statement wouldn't be true, as you would be risking the Proxmox host itself.
@@Jims-Garage "the LXC shouldn't have permissions to read the files owned by root on the host" If you have another LXC container that's managing the SMB share, and that LXC container runs on the same Proxmox host, you're still going to have this issue. In either case, storing the password in plain text is generally a bad idea, and there ought to be a better way of being able to do or accomplish the same goal that this is trying to accomplish, without the all of the downsides that comes with storing said SMB share password, in plain text. I would think that you would agree that storing (or hard coding) your SMB share password, in plain text (or any password for that matter), would be generally a bad idea, no? Furthermore, for the media files -- if you don't want those files to be owned by root, on the host, then the media files should probably be uploaded/stored on said host, under a different user account, in the first place, no? Therefore; even if the Proxmox host was also the SMB host (as a result of consolidation), from the user account perspective, the media files won't be owned by root, but you'd still be accessing the host as a result of having a SMB password stored in plain text. The concern shouldn't be where you are hosting your SMB files, but rather, that the LXC container is mounting that SMB share using a password that's stored in plain text. I would think that you'd agree that that's not a great way to store a SMB password.
@@ewenchan1239 as stated, you can use variables to hide it and protect with user permissions. At the end of the day something always has to be able to read it. LXCs cannot host SMB, that's why you need to mount on the host and share it. Permissions are ultimately determined by the smb, then the user the host mounts it with.
I prefer CIFS for simpler compatability with Windows and mixed environments. If a purely Linux environment then NFS would make sense and is also more performant. This same process applies for both.
@@Jims-Garage This video came at a good time. I've setup 4 proxmox nodes with HA for my HL, and jellyfin-LXC does not like auto mounting the shares 100% of the time when being migrated. I'll test this set up on it, I will try NFS over SMB since nothing in my house uses windows anymore... except my work laptop, but that's segregated from my home network anyways.
Great Video! When iam trying to mount "mount /mnt/lxc_shares/nas_rwx" I get this message: mount error(16): Device or resource busy Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) Do I need to turn off my truenas?
As Promissed in the comment to the other video I wanted to share my solution to host shares (wich is quite similar). However I found out the hard way that mounting a marent folder (like /mnt/media/) that contains several zfs filesystems as "subfolders" does not work with this aproach. Furthermore I wanted a unprivilidged user "1000" on the proxmox host that is the same in the LXC so the ownership of files is correct... I solfed this my using rbind mounts and idmaps - something you know better than me (so it took me quite a while to figure out). in the /etc/pve/lxc/xyz.conf: lxc.idmap: u 0 100000 1000 lxc.idmap: g 0 100000 1000 lxc.idmap: u 1000 1000 1 lxc.idmap: g 1000 1000 1 lxc.idmap: u 1001 101001 64535 lxc.idmap: g 1001 101001 64535 lxc.mount.entry: /mnt/config mnt/config none rbind,create=dir,optional 0 0 lxc.mount.entry: /mnt/data mnt/data none rbind,create=dir,optional 0 0 lxc.mount.entry: /mnt/media mnt/media none rbind,create=dir,optional 0 0 Anyway I just wanted to share in case it is usefull su someone out there. Thank you for your amazing tutorials.
These are the bang on tutorial videos we need.Not Everybody has a 5bay rack system server. We are home labers with a budget and minimal resources so these sorts of tutorials are just awesome.
Please 🙏 keep on doing these types of videos thanks
Thanks, plenty more to come!
yes. we can't afford clunky machines running at 100w and cost $200 electricity per year. So I double up things by hosting pbs, nas all in the same pve host. And backup all vms/lxcs to pbs, including pbs and nas lxc themselves. Reminds me of the cartoon where the snake eating its own tail... LOL
@@fool9111z what is a pbs? thanks in advance
Exactly what I needed - you are a star - not sure if this came from by request but I am extremely grateful
Thanks, appreciate the feedback
Thank you for this, this is so much easier than the route I was going. I was mounting it manually in each lxc.. night and day. Thank you.
You're welcome!
I've always struggled for some reason on creating mount points and how to share across containers....
This video made it so simple - and worked the very first time!
Glad it worked, thanks for the feedback
After pulling my hair for two weeks trying to get an LXC with my torrent client to be able to write to my NAS share, this is the only video that explained things simple enough so I could understand the mapping process. Thank you so much!
Thanks, glad it was useful
Same for me, thanks a lot !!!
Terrific work Jim!! Really excellent. I thought I'd add a tip for those using TTecks scripts - the RR stack stuff (sonarr, radarr, SAB etc..) all runs as root. The Jellyfin and Plex LXCs however each use a username ( jellyfin & plex respectively) that you MUST add using Jim's "Optional: Add Other Users to Group (e.g., Jellyfin, Plex) - usermod -aG lxc_shares USERNAME" command... Then, those apps will also be able to not only read but write to the CIFS share. If you ever need to find a username,.. the command "ps -aux" will list processes and users - find the right username and add with command. Thank you Jim!!!
That's great, thanks Will
That was my missing piece! Thanks
Awesome Jim, was looking for this info for a while, your videos are the best, direct to the point no useless information. Just perfect. Thanks for your time.
Thanks for the feedback, you're welcome 😁
Definitely my favorite UA-cam channel about homelab. Cheers!
Wow, thanks! 👍
After a lot of issues, I finally got my NAS passed thru to unprivileged LXC. I discovered that when I setup the LXC, the 'Net' node does not get passed thru. I was able to pass that node thru, but what happens is that the Tun device does not have correct permissions, and results in all kinds of issues. Once remedied, your instructions worked perfectly!.
Now, onto your next tutoriall.
@@deanshaw3844 awesome, good job!
This is exactly what I was looking for. Thanks so much!
@@umlee168 you're welcome 😁
Great series of videos on this! I got this running again and have an SMB share for the media and a NFS for the cache (on virtualized TrueNAS) which makes for a very small VM. I have two synced PBS going too. Finally a very nice setup on the Epyc 4004 (so super fast)
@@codescholar7345 amazing, and a great CPU!
THANK YOU SO MUCH! I've been searching around blogs, websites, forums, discords, and other youtube videos to get this to work for 5 days trying to learn mounts and your video FINALLY got it working for me.
Glad it was useful, thanks for the comment.
Thanks! Was just going to ask about this (for Immich photos) - perfect timing :)
Glad it was helpful!
Thank you for this Jim! I have been looking for this workaround for ages!!
@@mfernandes8945 you're welcome 😁
Tyvm im new and learning everything this still confusing me AF! But went back to debian for the weekend while learning but really want to learn storages and setting up NAS VM on proxmox!
Ill keep watching your videos keep popping up for my questions on google tyvm!
Thanks I've been experimenting for a while with mounting shares on unprivileged LXC's but I couldn't figure it out the permissions part for the mounted share on the lxc side. The groupadd -g 10000 was the solution! thanks for sharing your knowledge and I'm subscribing. Have a lovely day!
wowwweee. I have been trying to find the information to do this for months now. Using various work around methods in the mean time. Absolute legend for making this video.
Glad it was helpful!
Nice video Jim. In my home datacenter I have 4 nodes. One of them has a controller with 4 2TB drives mounted on a RAID5. I added the storage on the proxmox host and created a turnkey Linux LXC container. I mapped the volume on the container and created SMB shares for all 4 nodes. They all can save the backup files on the RAID5. It’s not the best performance but it fits perfectly for my needs today. I think I can do the same thing with a better application in docker.
Thanks man for all the usefull videos you make! Appreciate your work, and calmness explaining the process:)
@@Nachtfox glad it's helpful
Awesome guide mate and your delivery was bang on. Thanks thanks thanks. Subbed!
Thanks, really appreciate that feedback
Thank you for video, just setup my Plexamp music box using your guide
Awesome 😎
very details! Thanks Jim
Thanks, you're welcome
I'm not sure why you created the group in this video for a read only bind mount. You didn't end up using the group in the video. I was. hoping you would show us how to write to the share with setting up the permissions which is what I thought you where setting up the group for. Do you have another video that helps with this? Thanks for the video. Nice delivery.
Thank you.
Thank you so much!
You're welcome
Interesting Video!!! I am thinking to apply this concept to deploy an LXC container, mount my NAS Drive and install on top Proxmox Backup Server and point the DataStore to the path in the LXC that is mapped to my NAS. Do you think is going to work? Also can you do a tutorial for doing similar but with NFS shares as well? Thanks!
Awesome tut and simple to follow. I followed all your step and I can add delete files from the host. I can also see the mount point on the lxc but if I try nano test.txt to edit a remote file. I see File is not writable. I don’t what permissions need to be fixed for this if host was able to add delete file. I did not add ro=1. So I should have full rw permissions.
I've followed the step and mounted the share in proxmox and Jellyfin. Both can see the /mnt/nas directory and everything in it. When you move over to the Jellyfin dashboard, it does not see any subdirectories, just the mounted folder, /mnt/nas. What would cause this to happen?
Having the same issues. I added the additional users to the group, so the permissions should be linked up, but unsure. If figure out a solution I’ll update, but commenting to follow in case anybody else has figured out a fix.
Update: so after doing the optional user add command with user jellyfin, I rebooted the LXC and it worked on my setup. Not sure if that will work for you, but leaving this here just in case that works.
@@RobertoVillegas-vincent404 I still could not get it to work after adding the optional user. I ended up mounting the share in proxmox and update jellyfin's config to point to the mounted share.
I'm having problem making my docker apps to delete/create files on smb shares. even though I'v given them rw permission. i don't know what went wrong. and thank you for all your works. I've learnt a lot from you.
Epic wanted to no how to do this thank you
Hope it helps :)
Awesome tutorials. Very clear. Can you do some automations in proxmox using ansible?
Thanks, yes I'll come onto ansible soon, it's a complex topic.
Great tutorial as always. Quick questions how do I run the LXC as the user I've created? In my case I'm trying to set up Sonarr and it keeps saying: Folder '/mnt/Movies/' is not writable by user 'root'. Thank you
Did you set to read only?
amazing video ! I'm trying to implement this and your 2 other videos to run Immich in docker composer to access my photo library that is stored on my NAS via SMB but just can't figure it out at all. I have now mounted CIFS share the same as in the video and can read it but just doesn't seem to work as an external library at all. Is this making sense and or you or your community come up against ? Keep up the good work and thanks
Hi! Any chance you could look into mounting the shares on rootless docker? I can’t seem to figure out how to map it properly so that the docker container has access to the bind mount if using a non root LXC user. It mounts inside the docker container, but is mapped to nobody:nogroup and you can’t see the inside.
Thanks for your video. I tried this with Plex in a CT and a Seagate NAS. While I can see the files when I "ls" in the container console, I cannot seem to get the files to show up inside of Plex. "mnt/nas" is available as a folder, but nothing shows up. Any ideas?
It's likely a permissions issue. Try mounting the LXC with rwx
@@Jims-Garage By that do you mean changing,
mp0: /mnt/lxc_shares/nas_rwx/,mp=/mnt/nas,ro=1
to
mp0: /mnt/lxc_shares/nas_rwx/,mp=/mnt/nas,rwx=1
?
@@Jims-Garagepermissions issue it was, needed to add user ‘Plex’ to the lxcshares group!
Jim, pardon the noob questions, i want to run truenas in a VM inside proxmox and jellyfin in a LXC container, i understand the whole mount the smb share in fstab but 1) what would happen if the share is not available once you have network, would it mount anyways?, 2) every time i want to use jellyfin in a container i must first MANUALLY mount the share? 3) what would happen if i restart proxmox, i guess i will first boot truenas so the shares are available but i cant automate the start of jellyfin? or it is that the mountpoint in the container config file mounts it automatically as long as it appears in the fstab?
My understanding is that it'll try the connection upon each request. Failing that you would need to do a mount. I will need to test thing and validate.
I know I'm late to the party. But still I would like to fire up a questions. Is this scenario possible if the initial mount is done via NFS and not CIFS? I'm trying to do it this way, but the lxc container fails starting everytime the mount point line is in it's configuration. Thanks!
@@dstratiev NFS should work
How do I make a connection between my docker-compose directory and a new CT, like you in the last minutes?
Treat the CT just like a VM. Install Docker then use the compose.
Thank you very much, super useful. But it´s ridiculous that proxmox havent an fast option in the GUI in order to create mount points for something as relevant/general use as samba share folders. WHY Proxmox?!
I found it... it´s easy as fuck, we have a mount point option in the proxmox gui. Go to Data Center->Storage->Add Samba (or whatever you need). After that you only have to edit 101.conf (or whatever you want) to paste this mount point
I followed this tut up to the point you added the line under volumes in docker compose. Is this step necessary if you do not use docker compose? I am able to select the path of the mnt location of my smb truenas core share in jellyfin and the command ls shows the movie files in my mnt location however jellyfin does not show any movies after adding the path and scanning the libraries.
@@brenth560 you always need to add it as a volume
This works well for Jellyfin container and managed to replicate it, thanks. I was also hope to use the same trick to get that same NAS folder into FreeFileSync docker container, however, getting 'permission denied' on trying to access it from within FFS GUI. No such issue from non-smb shares with FFS. FFS is running as root as well (just like jellyfin). Don't suppose you've used FFS before?
No, I will take a look. Previously I've used syncthing
Awesome video, easy to follow and well explained, even for noobs like me. Congrats. But I'm stuck in 11:20" when I must go to docker-compose directory, I get "no such file or directory". I'm using proxmox and the script from tteck created as unprivileged.
Thanks. Amend the docker compose directory to match your setup (use whatever folder structure you want, or create one called docker-compose).
@@Jims-Garage thanks for taking your time to reply. Maybe I sound stupid, but I guess this structure must be already created (I don't know what my current home directory in in this container) and I don't know if docker-compose is already created and I need to edit it.
@@juansebastian79 you essentially need to change the left hand side of the colon in the docker compose file to match your setup. Change /ubuntu to your username, create a folder called docker-compose in /Ubuntu or just change it to whatever structure you want.
@@Jims-Garage thank you, I'll have a look. As soon as I finish with this one I'll check your other videos because I reaaly like your style
@@juansebastian79 thanks 👍
autofs is the preferred way of mounting CIFS filesystems vs fstab.
Having trouble getting this to work for me using the tteck lxc script. I can see the files in the shell but not the jellyfin app. In jellyfin it see the mountpoint but not the files inside. I'm sure this is possible an access issue but I can't figure out how to fix it, and I did add the jellyfin user to lxc_shares.
Turns out that to make it work I had to use the UID and GID for jellyfin in the fstab.
Why do you need commands to mount NFS/SMB ?
Proxmox already provides a clean UI for that, just go to the storage section in the data centre view
Handles folder creation, permissions and ensures it's minted properly without any manual hassle
I agree that using Proxmox is a valid option. This is simply to comtainerise everything and give you simple portability.
Really cool. But I am curious if the NAS is not available at the time of pve host bootup, would the share be mounted later automatically ? Imagine a case where the NAS itself is a VM in the same pve host.
Interesting, I will test. My understanding is that it would dynamically appear as it would on the host.
@@Jims-Garage i want to avoid installing autofs in the host. I have been using autofs in vm. It is all solid. But a tool like this can be disruptive to a custom host kernel
@@Jims-Garage i did some research looks like the key is to have _netdev and x-systemd.automount flag. The first is to delay mount until the network is up. The latter is to delay until the mount is needed. I can actually see when rebooted, the host mount point belongs to root:root, until I did a ls on the mount point, after that the mount point ownership changed to pbs:pbs, indicating the mount occurred after ls.
Also, if you're only just looking for read-only access -- do you really need to need to do the whole user UID/GID mapping thing?
Couldn't you just set up the mount point via the Proxmox GUI, and if your host already has the NAS share source mounted, can you just edit the .conf such that it points to that mount point location that's on the host?
I believe that would work, however I wanted to cover both angles as I'd invariably be asked.
Thanks for the tutorial! What's the process of attaching a NAS share to Jellyfin if it's a Privileged LXC?
I think it's similar to a VM, you can just mount it. I only use unprivileged though.
@@Jims-Garage I installed a new unprivileged lxc and was able to see the files in the NAS using "ls /mnt/nas", but when I tried to add the folder to the media library it's empty and I'm getting this error in the logs: System.UnauthorizedAccessException: Access to the path '/mnt/nas' is denied
Do you know how I can fix this? Thank you.
Many thanks mate! Great tutorial! Does it work the same if the samba/nfs shared folder are from within another lxc container?
Provided it can access over the network (e.g., firewall rules) it should be fine.
Thanks again for your videos. A must for me.
I don't understand why gid is 11000 and not 10000 in proxmox fstab ? It don't match with the gid of the lxc group created before ?
11000 is the gid in LXC, 10000 is the equivalent in Proxmox
@@Jims-Garage Is it possible to specify a specific group on the lxc machine (changing lxc_shares to smth else) ? For example, I have 2 shared repo and I want to give access to only one of them to a user.
Hello Jim . How can i find the Commands for Copy & Paste. I will test it soon as possible. Best Regards from Germany
@@mariobrandt2984 what do you mean copy and paste? Where?
I usually preffer to add the storage on proxmox itself instead of fstab because If you have an issue with your share proxmox won’t boot. I never understood why to be honest
I think it waits 5 mins then continues regardless.
Oh 😅 maybe I was too inpatient.
Hey Jim,
one question.
When you type "nano /etc/fstab"
you´ve got your //192.168.... SMB share
and your //NAS/nas/
this is a bit confusing for me. Doesn´t the SMB share with the IP is the right one. The other one would have in my opinion no impact?
After binding it to /etc/fstab/ I usse the mount command.
Therefore I always get: Couldn't chdir to /mnt/lxc_shares/nas_rwx"
Greetings
@@TrashMinerHDTV it's because it's a mount. In Linux you need a source (the NAS share) and a destination to mount it. So essentially, mount "this" "here"
@@Jims-Garage Thanks for the fast reply. But I unfortunaly need to say, that I don´t understand it yet. IIam kinda a newbie to this.
I have my SMB share working on truenas. I can reach it via windows for example.
This means my mount command should look like this: mount /mnt/Felix/local-cloud
Maybe iam already doing wrong steps in first place.
@@TrashMinerHDTV in Windows you can do that, but in Linux you cannot. You need to specify which SMB share you want to mount (the first part of the command), and then a place where you want to mount it in the local file system. It's almost like it creates a shadow copy. So, as in the example it's IP/share for the SMB share location, and then /NAS locally on the Linux system. You then access the NAS files at /NAS (it's basically mapping it as a mount)
@@Jims-Garage Thanks. i think I got this point. But it lead to the problem afer mountig. mount error(2): No such file or directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)After a bit frustration I think my ""Add NAS CIFS share to /etc/fstab" is the problem.
I added like 10+ different types to figure out, which one will work, because I thought i messed something up with the names.
On my Chanel I uploaded 3 screenshots from my /etc/fstabs/ mounts and my true nas SMB Share as a yt video.
Thanks in advance and sorry for the inconvenience.
I followed the tutorial in full, but I used the promox helper script to install the jellyfin lxc and was unable to locate a docker compose file. I can see the directory when i use the console, but when I add pathway to jellyfin UI, it shows the pathway, but no media inside. How do I find my compose file or the appropriate file to add the volume in the last step?
Hello, I have followed your video but the mount location is not visible on the Radarr UI under disk space. I am using proxmox to create the radarr LXC using the helper scripts and a Synology NAS using smb. Kindly assist. Been trying for 2 days now
It's great that it's possible, but it's far from elegant and would be a mess on a cluster if you planned to make the container migratable. Does mounting cifs with privileged containers negate all of this?
If you mount to both hosts it should failover. I don't believe privileged is any different.
@@Jims-Garage The fix if you want to add to your script would be to add shared=1 at the end = mp0: /mnt/lxc_shares/nas_rwx/,mp=/mnt/nas,ro=1,shared=1
Hi, thx for this wonderfull piece of documentation/video,so well explained that even i can understand is (62y)
All worked well except the last piece because i started from a helperscript on Proxmox , so without docker.
When i access my mountpoints from the terminal on jellyfin i can see al my dirs and movies.
When i add a library and select these mountpoints they come up empty , did i mis something, did something wrong
Can you advice me what to do next?
Thx for your time
I got Docker/Portainer installed on an seperate VM. I followed all you steps and be able to acces my files on the LXC. But how the hell I now bind my docker to that lxc. Like you in the last minutes. I now want to install jellyfin on the lxc.
@@segrationpictures2721 I installed docker and Jellyfin inside the LXC
@@Jims-Garage Thanks. So if I get it right. I need to install docker on every LXC I create? Before iam able to use it.
@@segrationpictures2721 an LXC is basically a virtual machine (it's an OS in a container). If you want to run docker apps then you'll need to install docker the same as a VM
Hey, thank you very much! I Sadly i ran into a problem. I am using Plex instead of Jellyfin and when i go to the folder via the lxc shell, i find all the content, but when i navigate to my /mnt/nas folder in Plex, nothing shows up. Its empty. Also when i create a folder, it wont show up. Its very strange and i don´t know why :(
Do you echo in those configs to the conf files out of preference (maybe you have a sheet of many commands that you just dump into the CLI to sequencially work through), or do you have some other reason? I thought it was a bit odd to use the echo command, and then go into the file to check anyway. Just a query, not a criticism.
It was to display both options, in case you want to script etc. plus, it's easier than having to open each file
Great Video. I followed everything but the end section regarding the docker-compose/jellyfin folder. I get no docker-compose folder exists. If i check /mnt/lxc_shares/nas_rwx in the pve shell and /mnt/nas in the jellyfin console i can see all my movies in both of them. I then point my Jellyfin library to /mnt/nas but no movies show up. Can someone please help?!!
@@barryrobinson2055 change docker-compose to whatever folder holds your compose file. That's just what I call it.
@@Jims-Garage Thanks for the quick response. Do you know where i can find the compose file?
@@barryrobinson2055 check the Jellyfin folder on my GitHub. All my video configs are there
i use your guide and its very clear, you explain it well, but i get stuck on the "mount /mnt/lxc_shares/nas_rwx" command, it gives me the following error: "mount error(95): Operation not supported", ive looked online and i found that it probably is a smb version problem, i guess standard smb 1 gets used but my nas uses smb 2. is there a way to fix this?
@@RozeBipsje I think my setup uses SMB V3 (SMBv2 isn't secure, eternal blue)
@@Jims-Garage oke thanks, i will try to set my nas to smb 3 and try again
@@Jims-Garage awesome, it worked, thanks! youre the best
@@RozeBipsje great 👍
This doesn't seem to work with HA since you can't duplicate a hard mount. How would you do this with HA replication? I have two nodes with GPUs I want use HA on my emby LXC. This way the LXC gets rebuilt depending on what node goes down
Not sure what's going on but when I try mounting I receive this error:
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
I can't get past the mount part. No matter how I edit the line is fstab, I keep winding up with mount: /etc/fstab: parse error at line 13 -- ignored mount: /mnt/lxc_shares/nas_rwx: can't find in /etc/fstab.
Could you please do a video on sharing file from a truenas scale disk to an LXC please as I tried this but it did not work
Hey Jim, not sure if this is a stupid question, but is cifs any better than nfs and if not wouldn't it be better to use the Add > Storage > NFS options rather than all the commands you used that could get be wrongly entered?
Thanks for the video. But I'm understanding it correctly that you set up LXC with docker and than on top of it set up Jellyfin? Isn't easier to set up LXC with Jellyfin? And is it safe to expose such install to external world, even if I gave it read only permissions? I thik that in another video you said that it is better to install such services on VMs because they do not share the kernel with the host
I have tried to use this method to attach my nas to my Proxmox Backup Server LXC and i can access the files and write to it from the PBS shell. however backups always fail. should this method also work for PBS?
I see no reason why it couldn't, but you'll need to make sure that permissions are right across all of the VMs/LXC
@@Jims-Garage OK so I gave it a go and I used a helper script to create the LXC its unprivileged. I used your guide and made sure to add the back up user too. i can read and write to the share in the PBS shell but when it comes to backing up it always fails. looks like a permissions error but i cant seem to figure it out.. Error: fchmod "/mnt/nas_pbs/ct/101/2024-05-30T12:16:46Z/pct.conf.tmp_FPsn3z" failed: EPERM: Operation not permitted. hope you can help
@@sohail579 looks like a permissions issue. You likely need to add the pbs user
@@Jims-Garage I did that at the start I used your guide and did this "usermod -aG" for the user which is called "backup" is there a way to check if there is another user also? from the log it looks like its writing a temp file and when its changing the temp files permission it fails
Yep, same problem here. Everything works, except the backup.
Is this possible with an intergaited cpu/gpu?
Yes, I mentioned that in prior videos. Change the render group (typically 128)
ok i have gone through this about 10 times now and trued everything I still get permission denied when I try to open the mount in the lxc - logged in as root, mtn shows up but can't open it tried adding the jellyfin user to the list and still noting.
@@mole27uvic which OS, who owns the files?
@@Jims-Garage the files are an NFS share from Synology and, permission set for both the host and the lxc ip just in case, jellyfin is running in a Debian lxc just to try and match it, installed using a helper script
@@Jims-Garage also the host can view the files fine but not inside the jellyfin lxc
@@Jims-Garage I've tried everything, even say in the support docs that no special characters is supported so changed the file names to have no special characters, the host can browse the files fine and even open them, but the lxc can't and I'm lost
If you write in the SMB user and password into /etc/fstab -- wouldn't you be storing the SMB password in plain text?
Wouldn't that kind of (at least in part), kind of defeat the whole point of using an unprivileged LXC container (from the security aspect of it)???
You could use variables to remove that issue, but even in a worse case it would give you access to the SMB, not the Proxmox host.
@@Jims-Garage
"You could use variables to remove that issue"
But even with variables -- that would still be storing the password in plain text, no?
"but even in a worse case it would give you access to the SMB, not the Proxmox host."
I think that will depending on how you have your SMB share set up.
If you have a separate SMB share that's hosted by another system -- that will put that system, potentially, at risk (by storing said SMB password in plain text).
Conversely, if you want to consolidate your system such that your Proxmox host is ALSO the source of your SMB share, then this statement wouldn't be true, as you would be risking the Proxmox host itself.
@@ewenchan1239 the LXC shouldn't have permissions to read the files owned by root on the host
@@Jims-Garage
"the LXC shouldn't have permissions to read the files owned by root on the host"
If you have another LXC container that's managing the SMB share, and that LXC container runs on the same Proxmox host, you're still going to have this issue.
In either case, storing the password in plain text is generally a bad idea, and there ought to be a better way of being able to do or accomplish the same goal that this is trying to accomplish, without the all of the downsides that comes with storing said SMB share password, in plain text.
I would think that you would agree that storing (or hard coding) your SMB share password, in plain text (or any password for that matter), would be generally a bad idea, no?
Furthermore, for the media files -- if you don't want those files to be owned by root, on the host, then the media files should probably be uploaded/stored on said host, under a different user account, in the first place, no?
Therefore; even if the Proxmox host was also the SMB host (as a result of consolidation), from the user account perspective, the media files won't be owned by root, but you'd still be accessing the host as a result of having a SMB password stored in plain text.
The concern shouldn't be where you are hosting your SMB files, but rather, that the LXC container is mounting that SMB share using a password that's stored in plain text.
I would think that you'd agree that that's not a great way to store a SMB password.
@@ewenchan1239 as stated, you can use variables to hide it and protect with user permissions. At the end of the day something always has to be able to read it.
LXCs cannot host SMB, that's why you need to mount on the host and share it.
Permissions are ultimately determined by the smb, then the user the host mounts it with.
A healthy dose of mistrust and mild dyslexia coupled with that thumbnail had my paranoia up.
Shouldn't the group id be 100000?
It works as described, but I'm reading everywhere else 100000
Since this is all linux to linux. If I may ask why did you go with CIFS and not NFS?
I prefer CIFS for simpler compatability with Windows and mixed environments. If a purely Linux environment then NFS would make sense and is also more performant. This same process applies for both.
@@Jims-Garage This video came at a good time. I've setup 4 proxmox nodes with HA for my HL, and jellyfin-LXC does not like auto mounting the shares 100% of the time when being migrated. I'll test this set up on it, I will try NFS over SMB since nothing in my house uses windows anymore... except my work laptop, but that's segregated from my home network anyways.
Great Video!
When iam trying to mount "mount /mnt/lxc_shares/nas_rwx" I get this message: mount error(16): Device or resource busy
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
Do I need to turn off my truenas?
As Promissed in the comment to the other video I wanted to share my solution to host shares (wich is quite similar). However I found out the hard way that mounting a marent folder (like /mnt/media/) that contains several zfs filesystems as "subfolders" does not work with this aproach. Furthermore I wanted a unprivilidged user "1000" on the proxmox host that is the same in the LXC so the ownership of files is correct...
I solfed this my using rbind mounts and idmaps - something you know better than me (so it took me quite a while to figure out).
in the /etc/pve/lxc/xyz.conf:
lxc.idmap: u 0 100000 1000
lxc.idmap: g 0 100000 1000
lxc.idmap: u 1000 1000 1
lxc.idmap: g 1000 1000 1
lxc.idmap: u 1001 101001 64535
lxc.idmap: g 1001 101001 64535
lxc.mount.entry: /mnt/config mnt/config none rbind,create=dir,optional 0 0
lxc.mount.entry: /mnt/data mnt/data none rbind,create=dir,optional 0 0
lxc.mount.entry: /mnt/media mnt/media none rbind,create=dir,optional 0 0
Anyway I just wanted to share in case it is usefull su someone out there.
Thank you for your amazing tutorials.
That's great, thanks