Categories | Dominic's Blog

29/11/2025

Install Docker on Debian 13 under PVE 9

There are mainly 2 parts of the installation:
1. Install Docker

# Update the apt package index and install packages to allow apt to use a repository over HTTPS
sudo apt update
sudo apt install ca-certificates curl gnupg
# Add Docker’s official GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg –dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# Add the Docker repository to Apt sources
echo \
“deb [arch=”$(dpkg –print-architecture)” signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
“$(. /etc/os-release && echo “$VERSION_CODENAME”)” stable” | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Update the apt package index again
sudo apt update
# Install Docker Engine, containerd, and Docker Compose
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

2. Set up a Docker container running Portainer

# Create a volume for Portainer to store its data
docker volume create portainer_data
# Deploy the Portainer Server container
docker run -d -p 8000:8000 -p 9443:9443 –name portainer –restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:lts

02/02/2025

Enable Fail2ban on PVE 8.3.2

By dch1 in Just Notes No Comments

Enable Fail2ban for SSH jail is quite straightforward on PVE 8.3. However, there are many articles on other websites that are outdated.

To install Fail2ban, login to the PVE web interface, then locate to the Shell under the PVE host:

apt update

apt install fail2ban

Then use nano to create the Fail2ban rule:

nano /etc/fail2ban/jail.local

Paste the following:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = journal
backend = systemd
maxretry = 2
banaction = iptables-allports
bantime = 3600

Restart the Fail2ban service, then check if it’s up and running:

service fail2ban restart
/etc/init.d/fail2ban status
fail2ban-client status sshd

You should now have Fail2ban up and running.