Precautions to take for YunoHost to run safely on top of a Proxmox VM?

What type of hardware are you using: Old laptop or computer
What YunoHost version are you running: latest
How are you able to access your server: SSH

Describe your issue

I will be installing Yunohost on a Proxmox VM instead of a container, as recommended by some of the forum members. I know YunoHost itself is secure enough to a certain level and there are a lot of tweaks to improve it. However, when running the OS on top of Proxmox, does it mess with the security?

I would like to know:

  • What are the necessary steps to harden a configuration like this (yunohost on a proxmox vm)?
  • Is this setup even worth doing or should I just install YunoHost on bare metal like itā€™s intended to?

The sole reason I want to install YunoHost on top of proxmox is compartmentalization. For example, I made a script that needs to be run 24/7 and for that I made a docker container. From my knowledge, YunoHost uses bash scripts instead of docker containers, so I donā€™t want to interfere with that. Itā€™d also be nice to have some extra VMs for miscellaneous things, as long as I can harden the system to a good level.

Share relevant logs or error messages

I have not installed Yunohost yet.

Hi Funnel0826,

Welcome to Yunohost!

To throw a monkeywrench in your plans: Iā€™ve been running Yunohost for over five years in containers (also on Proxmox) with no problem.

I see no benefit in running a VM for Linux installations on Proxmox: it only takes more resources from your host machine.

If you still go the VM route: once ā€˜inā€™ the VM, it is just like any other Linux installation. Regular security advice applies.

I do think that using either a VM or a container has benefits as opposed to running bare-metal, but that also depends on the resources your machine has (a machine with 1 GB of RAM and two CPU cores will run Yunohost, but is less suitable for running containers/VMs than a machine with 16 GB of RAM and eight cores)

1 Like

Hello, wbk!

I greatly appreciate your answer!

If I understand correctly, if I go the VM route, and I install Yunohost on a Proxmox VM, then Iā€™ll only have to worry about securing Yunohost, not Proxmox.

Regarding your tip, I will consider running Yunohost in a container, and see if it still fits my needs.

Iā€™m new to this game and I donā€™t really understand how Proxmox works, but Iā€™m eager to learn and improve my skills.

Sounds good!

I re-read your opening post;

The sole reason I want to install YunoHost on top of proxmox is compartmentalization.

Do you want to have Yunohost separate from (several) other processes, or do you want to seperate out things in Yunohost as well? I ask, because Yunohost tries to ā€œtightly integrateā€ the offered packages, as seen with SSO for example.

Would that match with your vision of compartmentalization?

1 Like

In Yunohost Iā€™ll be installing apps that are available in the app store. For apps that are not available in the app store, I thought, a different VM or container could be a good solution to avoid thinkering with Yunohost much.

Yes, that seems reasonable. Yunohost runs on ā€˜plain Debianā€™; as such you could install any software, mostly without harm to Yunohost and its packages.

Doing it the way you propose, youā€™ll be sure there is no risk of ā€˜contaminatingā€™ Yunohost, and possibly interfering with upgrade scripts and what all.

Good luck and have fun!

1 Like