Update CHANGELOG.md

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -486,6 +486,67 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
+## 2026-06-24
+
+### 🆕 New Scripts
+
+  - SnapOtter ([#15368](https://github.com/community-scripts/ProxmoxVE/pull/15368))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - enabling rewirte module in apache [@d3v3lop3rDE](https://github.com/d3v3lop3rDE) ([#15360](https://github.com/community-scripts/ProxmoxVE/pull/15360))
+    - watcharr: Increase default RAM allocation from 1024 to 2048 [@MickLesk](https://github.com/MickLesk) ([#15370](https://github.com/community-scripts/ProxmoxVE/pull/15370))
+
+  - #### 🔧 Refactor
+
+    - Refactor LibreNMS: replace old install and update variant with tarball approach [@MickLesk](https://github.com/MickLesk) ([#15369](https://github.com/community-scripts/ProxmoxVE/pull/15369))
+
+### 🗑️ Deleted Scripts
+
+  - delete wger [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15380](https://github.com/community-scripts/ProxmoxVE/pull/15380))
+- Delete ghost [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15377](https://github.com/community-scripts/ProxmoxVE/pull/15377))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: add SDN vnet selection in advanced install [@MickLesk](https://github.com/MickLesk) ([#15366](https://github.com/community-scripts/ProxmoxVE/pull/15366))
+    - core: add var_http_proxy and var_http_no_proxy support [@MickLesk](https://github.com/MickLesk) ([#15225](https://github.com/community-scripts/ProxmoxVE/pull/15225))
+
+## 2026-06-23
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - update jdk when updating crafty-controller [@asylumexp](https://github.com/asylumexp) ([#15349](https://github.com/community-scripts/ProxmoxVE/pull/15349))
+    - fix docker update function [@asylumexp](https://github.com/asylumexp) ([#15353](https://github.com/community-scripts/ProxmoxVE/pull/15353))
+    - LibreNMS: run daily.sh as librenms user with git available [@MickLesk](https://github.com/MickLesk) ([#15314](https://github.com/community-scripts/ProxmoxVE/pull/15314))
+
+  - #### ✨ New Features
+
+    - termix - patch tmp nginx behaviour to match the install script [@xyzulu](https://github.com/xyzulu) ([#15283](https://github.com/community-scripts/ProxmoxVE/pull/15283))
+
+### 💾 Core
+
+  - Fix syntax error in build function [@l0caldadmin](https://github.com/l0caldadmin) ([#15337](https://github.com/community-scripts/ProxmoxVE/pull/15337))
+
+  - #### 🐞 Bug Fixes
+
+    - fix: close lxc build function [@ServerBP](https://github.com/ServerBP) ([#15343](https://github.com/community-scripts/ProxmoxVE/pull/15343))
+
+### 🧰 Tools
+
+  - #### ✨ New Features
+
+    - [arm64] port pve scripts to support arm64 [@asylumexp](https://github.com/asylumexp) ([#15288](https://github.com/community-scripts/ProxmoxVE/pull/15288))
+
+### ❔ Uncategorized
+
+  - fix(build.func): remove duplicate if statement causing syntax error on container creation [@Copilot](https://github.com/Copilot) ([#15338](https://github.com/community-scripts/ProxmoxVE/pull/15338))
+
 ## 2026-06-22
 
 ### 🆕 New Scripts

ct/crafty-controller.sh

@@ -46,6 +46,12 @@ function update_script() {
 
     restore_backup
 
+    msg_info "Updating TemurinJDK"
+    setup_java
+    $STD apt install -y temurin-{8,11,17,21,25}-jre
+    $STD update-alternatives --set java /usr/lib/jvm/temurin-25-jre-$(arch_resolve)/bin/java
+    msg_ok "Updated TemurinJDK"
+
     msg_info "Updating Python dependencies"
     chown -R crafty:crafty /opt/crafty-controller
     cd /opt/crafty-controller/crafty/crafty-4

ct/docker.sh

@@ -27,12 +27,14 @@ function update_script() {
 
   msg_info "Updating base system"
   $STD apt update
-  $STD apt upgrade -y 
+  $STD apt upgrade -y
   msg_ok "Base system updated"
 
-  msg_info "Updating Docker Engine"
+  if dpkg-query -W -f='${Status}' docker-ce 2>/dev/null | grep -q "ok installed"; then
-  $STD apt install --only-upgrade -y docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-buildx-plugin
+    USE_DOCKER_REPO="true" setup_docker
-  msg_ok "Docker Engine updated"
+  else
+    setup_docker
+  fi
 
   if docker ps -a --format '{{.Image}}' | grep -q '^portainer/portainer-ce:latest$'; then
     msg_info "Updating Portainer"

ct/ghost.sh

@@ -1,57 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: fabrice1236
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://ghost.org/ | Github: https://github.com/TryGhost/Ghost
-
-APP="Ghost"
-var_tags="${var_tags:-cms;blog}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-1024}"
-var_disk="${var_disk:-5}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-yes}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  setup_mariadb
-  NODE_VERSION="22" NODE_MODULE="pnpm" setup_nodejs
-  ensure_dependencies git
-
-  msg_info "Updating Ghost"
-  if command -v ghost &>/dev/null; then
-    current_version=$(ghost version | grep 'Ghost-CLI version' | awk '{print $3}')
-    latest_version=$(npm show ghost-cli version)
-    if [ "$current_version" != "$latest_version" ]; then
-      msg_info "Updating ${APP} from version v${current_version} to v${latest_version}"
-      $STD npm install -g ghost-cli@latest
-      msg_ok "Updated successfully!"
-    else
-      msg_ok "${APP} is already at v${current_version}"
-    fi
-  else
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Access it using the following URL:${CL}"
-echo -e "${GATEWAY}${BGN}http://${IP}:2368${CL}"

ct/headers/ghost

@@ -1,6 +0,0 @@
-   ________               __ 
-  / ____/ /_  ____  _____/ /_
- / / __/ __ \/ __ \/ ___/ __/
-/ /_/ / / / / /_/ (__  ) /_  
-\____/_/ /_/\____/____/\__/  
-                             

ct/headers/snapotter

@@ -0,0 +1,6 @@
+   _____                   ____  __  __           
+  / ___/____  ____ _____  / __ \/ /_/ /____  _____
+  \__ \/ __ \/ __ `/ __ \/ / / / __/ __/ _ \/ ___/
+ ___/ / / / / /_/ / /_/ / /_/ / /_/ /_/  __/ /    
+/____/_/ /_/\__,_/ .___/\____/\__/\__/\___/_/     
+                /_/                               

ct/headers/wger

@@ -1,6 +0,0 @@
-                          
- _      ______ ____  _____
-| | /| / / __ `/ _ \/ ___/
-| |/ |/ / /_/ /  __/ /    
-|__/|__/\__, /\___/_/     
-       /____/             

ct/librenms.sh

@@ -24,16 +24,35 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [ ! -d /opt/librenms ]; then
+  if [[ ! -d /opt/librenms ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  setup_mariadb
+  if check_for_gh_release "librenms" "librenms/librenms"; then
-  msg_info "Updating LibreNMS"
+    msg_info "Stopping Services"
-  su librenms
+    systemctl stop php8.4-fpm librenms-scheduler.timer
-  cd /opt/librenms
+    msg_ok "Stopped Services"
-  ./daily.sh
+
-  msg_ok "Updated LibreNMS"
+    create_backup /opt/librenms/.env /opt/librenms/config.php /opt/librenms/rrd
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "librenms" "librenms/librenms" "tarball"
+    restore_backup
+
+    msg_info "Updating LibreNMS"
+    mkdir -p /opt/librenms/{rrd,logs,bootstrap/cache,storage}
+    chown -R librenms:librenms /opt/librenms
+    chmod 771 /opt/librenms
+    chmod -R ug=rwX /opt/librenms/bootstrap/cache /opt/librenms/storage /opt/librenms/logs /opt/librenms/rrd
+    $STD su - librenms -s /bin/bash -c "cd /opt/librenms && uv venv --clear .venv && source .venv/bin/activate && uv pip install -r requirements.txt"
+    $STD su - librenms -s /bin/bash -c "cd /opt/librenms && COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev"
+    $STD su - librenms -s /bin/bash -c "cd /opt/librenms && php8.4 artisan optimize:clear"
+    $STD su - librenms -s /bin/bash -c "cd /opt/librenms && php8.4 artisan migrate --force --isolated"
+    msg_ok "Updated LibreNMS"
+
+    msg_info "Starting Services"
+    systemctl start php8.4-fpm librenms-scheduler.timer
+    msg_ok "Started Services"
+    msg_ok "Updated successfully!"
+  fi
   exit
 }
 

ct/snapotter.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://snapotter.com
+
+APP="SnapOtter"
+var_tags="${var_tags:-media;image}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-20}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+var_arm64="${var_arm64:-no}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/snapotter ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "snapotter" "snapotter-hq/SnapOtter"; then
+    msg_info "Stopping Service"
+    systemctl stop snapotter
+    msg_ok "Stopped Service"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "snapotter" "snapotter-hq/SnapOtter" "tarball"
+
+    msg_info "Updating SnapOtter"
+    cd /opt/snapotter
+    $STD npm pkg delete scripts.prepare
+    $STD pnpm install --frozen-lockfile
+    $STD pnpm --filter @snapotter/web build
+    sed -i 's/mediapipe==0.10.21/mediapipe>=0.10.21/' /opt/snapotter/docker/feature-manifest.json
+    msg_ok "Updated SnapOtter"
+
+    msg_info "Starting Service"
+    systemctl start snapotter
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:1349${CL}"

ct/termix.sh

@@ -206,9 +206,25 @@ EOF
       sed -i 's|/app/html|/opt/termix/html|g' /etc/nginx/nginx.conf
       sed -i 's|/app/nginx|/opt/termix/nginx|g' /etc/nginx/nginx.conf
       sed -i 's|listen ${PORT};|listen 80;|g' /etc/nginx/nginx.conf
-
       rm -f /etc/systemd/system/nginx.service.d/pidfile.conf
       rm -f /etc/tmpfiles.d/nginx-termix.conf
+      
+      if [ ! -d /tmp/nginx ]; then
+        mkdir -p /tmp/nginx
+      fi
+
+      if [ ! -f /etc/tmpfiles.d/nginx-termix.conf ]; then
+        echo "d /tmp/nginx 0755 nobody nogroup -" >/etc/tmpfiles.d/nginx-termix.conf
+      fi
+
+      if [ ! -f /etc/systemd/system/nginx.service.d/pidfile.conf ]; then
+        mkdir -p /etc/systemd/system/nginx.service.d/
+        cat <<'EOF' >/etc/systemd/system/nginx.service.d/pidfile.conf
+[Service]
+PIDFile=/tmp/nginx/nginx.pid
+EOF
+      fi
+      
       systemctl daemon-reload
       nginx -t && systemctl restart nginx
       msg_ok "Updated Nginx Configuration"

ct/watcharr.sh

@@ -8,7 +8,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 APP="Watcharr"
 var_tags="${var_tags:-media}"
 var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-1024}"
+var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"

ct/wger.sh

@@ -1,78 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/wger-project/wger
-
-APP="wger"
-var_tags="${var_tags:-management;fitness}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-yes}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/wger ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "wger" "wger-project/wger"; then
-    msg_info "Stopping Service"
-    systemctl stop redis-server nginx celery celery-beat wger
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp -r /opt/wger/media /opt/wger_media_backup
-    cp /opt/wger/.env /opt/wger_env_backup
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "wger" "wger-project/wger" "tarball"
-
-    msg_info "Restoring Data"
-    cp -r /opt/wger_media_backup/. /opt/wger/media
-    cp /opt/wger_env_backup /opt/wger/.env
-    rm -rf /opt/wger_media_backup /opt/wger_env_backup
-
-    msg_ok "Restored Data"
-
-    msg_info "Updating wger"
-    cd /opt/wger
-    set -a && source /opt/wger/.env && set +a
-    export DJANGO_SETTINGS_MODULE=settings.main
-    $STD uv pip install .
-    $STD npm install
-    $STD npm run build:css:sass
-    $STD uv run python manage.py migrate
-    $STD uv run python manage.py collectstatic --no-input
-    msg_ok "Updated wger"
-
-    msg_info "Starting Services"
-    systemctl start redis-server nginx celery celery-beat wger
-    msg_ok "Started Services"
-    msg_ok "Updated Successfully"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Access it using the following URL:${CL}"
-echo -e "${GATEWAY}${BGN}http://${IP}:3000${CL}"

install/ghost-install.sh

@@ -1,45 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: fabrice1236
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://ghost.org/ | Github: https://github.com/TryGhost/Ghost
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  nginx \
-  ca-certificates \
-  libjemalloc2 \
-  git
-msg_ok "Installed Dependencies"
-
-setup_mariadb
-MARIADB_DB_NAME="ghost" MARIADB_DB_USER="ghostuser" setup_mariadb_db
-NODE_VERSION="22" NODE_MODULE="pnpm" setup_nodejs
-
-msg_info "Installing Ghost CLI"
-$STD npm install ghost-cli@latest -g
-msg_ok "Installed Ghost CLI"
-
-msg_info "Creating Service"
-$STD adduser --disabled-password --gecos "Ghost user" ghost-user
-$STD usermod -aG sudo ghost-user
-echo "ghost-user ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/ghost-user
-mkdir -p /var/www/ghost
-chown -R ghost-user:ghost-user /var/www/ghost
-chmod 775 /var/www/ghost
-$STD sudo -u ghost-user -H sh -c "cd /var/www/ghost && ghost install --db=mysql --dbhost=localhost --dbuser=$MARIADB_DB_USER --dbpass=$MARIADB_DB_PASS --dbname=$MARIADB_DB_NAME --url=http://localhost:2368 --no-prompt --no-setup-nginx --no-setup-ssl --no-setup-mysql --enable --start --ip 0.0.0.0"
-rm /etc/sudoers.d/ghost-user
-msg_ok "Creating Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/snapotter-install.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://snapotter.com
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  imagemagick \
+  ghostscript \
+  potrace \
+  libopenjp2-tools \
+  libegl1 \
+  libwayland-client0 \
+  libwayland-cursor0 \
+  libwayland-egl1 \
+  libxkbcommon0 \
+  libxkbcommon-x11-0 \
+  libxcursor1 \
+  python3 \
+  python3-dev \
+  gcc \
+  g++
+msg_ok "Installed Dependencies"
+
+PYTHON_VERSION="3.11" setup_uv
+NODE_VERSION="22" NODE_MODULE="pnpm" setup_nodejs
+fetch_and_deploy_gh_release "caire" "esimov/caire" "prebuild" "latest" "/usr/local/bin" "caire-*-linux-amd64.tar.gz"
+fetch_and_deploy_gh_release "snapotter" "snapotter-hq/SnapOtter" "prebuild" "latest" "/opt/snapotter" "snapotter-*-linux-amd64.tar.gz"
+
+msg_info "Setting up Python Environment"
+mkdir -p /opt/snapotter_data/ai/models/rembg
+$STD uv python install 3.11
+$STD uv venv --seed --python 3.11 /opt/snapotter_data/ai/venv
+#if [[ -f /opt/snapotter/packages/ai/python/requirements.txt ]]; then
+#  $STD uv pip install \
+#    --python /opt/snapotter_data/ai/venv/bin/python \
+#    -r /opt/snapotter/packages/ai/python/requirements.txt
+#fi
+ln -sfn /opt/snapotter /app
+msg_ok "Set up Python Environment"
+
+msg_info "Configuring SnapOtter"
+mkdir -p /opt/snapotter_data/files
+mkdir -p /tmp/snapotter-workspace
+
+cat <<EOF >/opt/snapotter_data/.env
+PORT=1349
+NODE_ENV=production
+DB_PATH=/opt/snapotter_data/snapotter.db
+WORKSPACE_PATH=/tmp/snapotter-workspace
+FILES_STORAGE_PATH=/opt/snapotter_data/files
+PYTHON_VENV_PATH=/opt/snapotter_data/ai/venv
+MODELS_PATH=/opt/snapotter_data/ai/models
+DATA_DIR=/opt/snapotter_data
+FEATURE_MANIFEST_PATH=/opt/snapotter/docker/feature-manifest.json
+U2NET_HOME=/opt/snapotter_data/ai/models/rembg
+AUTH_ENABLED=true
+DEFAULT_USERNAME=admin
+DEFAULT_PASSWORD=admin
+LOG_LEVEL=info
+TRUST_PROXY=true
+FILE_MAX_AGE_HOURS=72
+CLEANUP_INTERVAL_MINUTES=60
+ANALYTICS_ENABLED=false
+EOF
+msg_ok "Configured SnapOtter"
+
+msg_info "Creating Service"
+PNPM_BIN="$(command -v pnpm)"
+cat <<EOF >/etc/systemd/system/snapotter.service
+[Unit]
+Description=SnapOtter Service
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/snapotter
+EnvironmentFile=/opt/snapotter_data/.env
+ExecStart=${PNPM_BIN} --filter @snapotter/api run start
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now snapotter
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/wger-install.sh

@@ -1,182 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/wger-project/wger
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  nginx \
-  redis-server \
-  libpq-dev
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="22" NODE_MODULE="sass" setup_nodejs
-setup_uv
-PG_VERSION="16" setup_postgresql
-PG_DB_NAME="wger" PG_DB_USER="wger" setup_postgresql_db
-fetch_and_deploy_gh_release "wger" "wger-project/wger" "tarball"
-
-msg_info "Setting up wger"
-mkdir -p /opt/wger/{static,media}
-chmod o+w /opt/wger/media
-cd /opt/wger
-
-$STD npm install
-$STD npm run build:css:sass
-$STD uv venv
-$STD uv pip install . --group docker
-SECRET_KEY=$(openssl rand -base64 40)
-cat <<EOF >/opt/wger/.env
-DJANGO_SETTINGS_MODULE=settings.main
-PYTHONPATH=/opt/wger
-
-DJANGO_DB_ENGINE=django.db.backends.postgresql
-DJANGO_DB_DATABASE=${PG_DB_NAME}
-DJANGO_DB_USER=${PG_DB_USER}
-DJANGO_DB_PASSWORD=${PG_DB_PASS}
-DJANGO_DB_HOST=localhost
-DJANGO_DB_PORT=5432
-DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
-
-DJANGO_MEDIA_ROOT=/opt/wger/media
-DJANGO_STATIC_ROOT=/opt/wger/static
-DJANGO_STATIC_URL=/static/
-
-ALLOWED_HOSTS=${LOCAL_IP},localhost,127.0.0.1
-CSRF_TRUSTED_ORIGINS=http://${LOCAL_IP}:3000
-
-USE_X_FORWARDED_HOST=True
-SECURE_PROXY_SSL_HEADER=HTTP_X_FORWARDED_PROTO,http
-
-DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache
-DJANGO_CACHE_LOCATION=redis://127.0.0.1:6379/1
-DJANGO_CACHE_TIMEOUT=300
-DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient
-AXES_CACHE_ALIAS=default
-
-USE_CELERY=True
-CELERY_BROKER=redis://127.0.0.1:6379/2
-CELERY_BACKEND=redis://127.0.0.1:6379/2
-
-SITE_URL=http://${LOCAL_IP}:3000
-SECRET_KEY=${SECRET_KEY}
-EOF
-set -a && source /opt/wger/.env && set +a
-$STD uv run wger bootstrap
-$STD uv run python manage.py collectstatic --no-input
-cat <<EOF | uv run python manage.py shell
-from django.contrib.auth import get_user_model
-User = get_user_model()
-
-user, created = User.objects.get_or_create(
-    username="admin",
-    defaults={"email": "admin@localhost"},
-)
-
-if created:
-    user.set_password("${PG_DB_PASS}")
-    user.is_superuser = True
-    user.is_staff = True
-    user.save()
-EOF
-msg_ok "Set up wger"
-msg_info "Creating Config and Services"
-cat <<EOF >/etc/systemd/system/wger.service
-[Unit]
-Description=wger Gunicorn
-After=network.target
-
-[Service]
-User=root
-WorkingDirectory=/opt/wger
-EnvironmentFile=/opt/wger/.env
-ExecStart=/opt/wger/.venv/bin/gunicorn \
-  --bind 127.0.0.1:8000 \
-  --workers 3 \
-  --threads 2 \
-  --timeout 120 \
-  wger.wsgi:application
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-EOF
-cat <<EOF >/etc/systemd/system/celery.service
-[Unit]
-Description=wger Celery Worker
-After=network.target redis-server.service
-Requires=redis-server.service
-
-[Service]
-WorkingDirectory=/opt/wger
-EnvironmentFile=/opt/wger/.env
-ExecStart=/opt/wger/.venv/bin/celery -A wger worker -l info
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-mkdir -p /var/lib/wger/celery
-chmod 700 /var/lib/wger/celery
-cat <<EOF >/etc/systemd/system/celery-beat.service
-[Unit]
-Description=wger Celery Beat
-After=network.target redis-server.service
-Requires=redis-server.service
-
-[Service]
-WorkingDirectory=/opt/wger
-EnvironmentFile=/opt/wger/.env
-ExecStart=/opt/wger/.venv/bin/celery -A wger beat -l info \
-  --schedule /var/lib/wger/celery/celerybeat-schedule
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-EOF
-cat <<'EOF' >/etc/nginx/sites-available/wger
-server {
-    listen 3000;
-    server_name _;
-
-    client_max_body_size 20M;
-
-    location /static/ {
-        alias /opt/wger/static/;
-        expires 30d;
-    }
-
-    location /media/ {
-        alias /opt/wger/media/;
-    }
-
-    location / {
-        proxy_pass http://127.0.0.1:8000;
-        proxy_set_header Host $http_host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_redirect off;
-    }
-}
-EOF
-$STD rm -f /etc/nginx/sites-enabled/default
-$STD ln -sf /etc/nginx/sites-available/wger /etc/nginx/sites-enabled/wger
-systemctl enable -q --now redis-server nginx wger celery celery-beat
-systemctl restart nginx
-msg_ok "Created Config and Services"
-
-motd_ssh
-customize
-cleanup_lxc

install/wordpress-install.sh

@@ -47,6 +47,7 @@ cat <<EOF >/etc/apache2/sites-available/wordpress.conf
 EOF
 $STD a2ensite wordpress.conf
 $STD a2dissite 000-default.conf
+$STD a2enmod rewrite
 systemctl reload apache2
 msg_ok "Created Services"
 

misc/alpine-install.func

@@ -138,6 +138,7 @@ network_check() {
 # This function updates the Container OS by running apk upgrade with mirror fallback
 update_os() {
   msg_info "Updating Container OS"
+  configure_http_proxy
   if ! $STD apk -U upgrade; then
     msg_warn "apk update failed (dl-cdn.alpinelinux.org), trying alternate mirrors..."
     local alpine_mirrors="mirror.init7.net ftp.halifax.rwth-aachen.de mirrors.edge.kernel.org alpine.mirror.wearetriple.com mirror.leaseweb.com uk.alpinelinux.org dl-2.alpinelinux.org dl-4.alpinelinux.org"
@@ -243,7 +244,7 @@ EOF
     msg_ok "Customized Container"
   fi
 
-  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update
+  echo 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/'"${app}"'.sh)"' >/usr/bin/update
   chmod +x /usr/bin/update
   post_progress_to_api
 }

misc/build.func

@@ -519,6 +519,19 @@ validate_bridge() {
   return 0
 }
 
+# ------------------------------------------------------------------------------
+# validate_sdn_vnet()
+#
+# - Validates that an SDN vnet exists in the cluster config
+# ------------------------------------------------------------------------------
+validate_sdn_vnet() {
+  local vnet="$1"
+  [[ -z "$vnet" ]] && return 1
+  [[ -f /etc/pve/sdn/vnets.cfg ]] && grep -qE "^vnet:[[:space:]]*${vnet}([[:space:]]|$)" /etc/pve/sdn/vnets.cfg && return 0
+  command -v pvesh &>/dev/null && pvesh get "/cluster/sdn/vnets/${vnet}" &>/dev/null && return 0
+  return 1
+}
+
 # ------------------------------------------------------------------------------
 # validate_gateway_in_subnet()
 #
@@ -964,6 +977,7 @@ base_settings() {
   HN="$requested_hostname"
 
   BRG=${var_brg:-"vmbr0"}
+  SDN_VNET=${var_sdn_vnet:-""}
   NET=${var_net:-"dhcp"}
 
   # Resolve IP range if NET contains a range (e.g., 192.168.1.100/24-192.168.1.200/24)
@@ -1018,6 +1032,9 @@ base_settings() {
     fi
   fi
 
+  HTTP_PROXY="${var_http_proxy:-}"
+  HTTP_NO_PROXY="${var_http_no_proxy:-}"
+
   MTU=${var_mtu:-""}
   _sd_val="${var_searchdomain:-""}"
   [[ -n "$_sd_val" ]] && SD="-searchdomain=$_sd_val" || SD=""
@@ -1071,11 +1088,11 @@ load_vars_file() {
 
   # Allowed var_* keys
   local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
-    var_post_install
+    var_post_install var_sdn_vnet
   )
 
   # Whitelist check helper
@@ -1250,6 +1267,24 @@ load_vars_file() {
             continue
           fi
           ;;
+        var_sdn_vnet)
+          if [[ -n "$var_val" ]] && ! validate_sdn_vnet "$var_val"; then
+            msg_warn "SDN vnet '$var_val' from $file not found, ignoring"
+            continue
+          fi
+          ;;
+        var_http_proxy)
+          if [[ -n "$var_val" ]] && ! [[ "$var_val" =~ ^https?://[^[:space:]]+(:[0-9]+)?/?$ ]]; then
+            msg_warn "Invalid HTTP proxy URL '$var_val' in $file, ignoring"
+            continue
+          fi
+          ;;
+        var_http_no_proxy)
+          if [[ -n "$var_val" ]] && [[ ! "$var_val" =~ ^[a-zA-Z0-9.*_:/-]+(,[a-zA-Z0-9.*_:/-]+)*$ ]]; then
+            msg_warn "Invalid no_proxy value '$var_val' in $file, ignoring"
+            continue
+          fi
+          ;;
         var_container_storage | var_template_storage)
           # Validate that the storage exists and is active on the current node
           local _storage_status
@@ -1289,11 +1324,11 @@ default_var_settings() {
   # Allowed var_* keys (alphabetically sorted)
   # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
   local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
-    var_post_install
+    var_post_install var_sdn_vnet
   )
 
   # Snapshot: environment variables (highest precedence)
@@ -1369,6 +1404,10 @@ var_ssh=no
 # var_apt_cacher_ip=http://proxy.local
 # var_apt_cacher_ip=https://proxy.local:443
 
+# HTTP/HTTPS proxy (optional - for networks requiring a proxy)
+# var_http_proxy=http://proxy.local:8080
+# var_http_no_proxy=localhost,127.0.0.1,.local
+
 # Features/Tags/verbosity
 var_fuse=no
 var_tun=no
@@ -1468,11 +1507,11 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
   # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
   declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
-    var_post_install
+    var_post_install var_sdn_vnet
   )
 fi
 
@@ -1616,6 +1655,8 @@ _build_current_app_vars_tmp() {
   _ssh_auth="${SSH_AUTHORIZED_KEY:-}"
   _apt_cacher="${APT_CACHER:-}"
   _apt_cacher_ip="${APT_CACHER_IP:-}"
+  _http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}"
+  _http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}"
   _fuse="${ENABLE_FUSE:-no}"
   _tun="${ENABLE_TUN:-no}"
   _gpu="${ENABLE_GPU:-no}"
@@ -1667,6 +1708,8 @@ _build_current_app_vars_tmp() {
 
     [ -n "$_apt_cacher" ] && echo "var_apt_cacher=$(_sanitize_value "$_apt_cacher")"
     [ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")"
+    [ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")"
+    [ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")"
 
     [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
     [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
@@ -1682,6 +1725,7 @@ _build_current_app_vars_tmp() {
 
     [ -n "$_hostname" ] && echo "var_hostname=$(_sanitize_value "$_hostname")"
     [ -n "$_searchdomain" ] && echo "var_searchdomain=$(_sanitize_value "$_searchdomain")"
+    [ -n "${var_sdn_vnet:-}" ] && echo "var_sdn_vnet=$(_sanitize_value "${var_sdn_vnet}")"
 
     [ -n "$_tpl_storage" ] && echo "var_template_storage=$(_sanitize_value "$_tpl_storage")"
     [ -n "$_ct_storage" ] && echo "var_container_storage=$(_sanitize_value "$_ct_storage")"
@@ -1830,7 +1874,7 @@ advanced_settings() {
     TAGS="community-script${var_tags:+;${var_tags}}"
   fi
   local STEP=1
-  local MAX_STEP=29
+  local MAX_STEP=30
 
   # Store values for back navigation - inherit from var_* app defaults
   local _ct_type="${var_unprivileged:-1}"
@@ -1842,6 +1886,7 @@ advanced_settings() {
   local _core_count="${var_cpu:-1}"
   local _ram_size="${var_ram:-1024}"
   local _bridge="${var_brg:-vmbr0}"
+  local _sdn_vnet="${var_sdn_vnet:-}"
   local _net="${var_net:-dhcp}"
   local _gate="${var_gateway:-}"
   local _ipv6_method="${var_ipv6_method:-auto}"
@@ -1849,6 +1894,8 @@ advanced_settings() {
   local _ipv6_gate=""
   local _apt_cacher="${var_apt_cacher:-no}"
   local _apt_cacher_ip="${var_apt_cacher_ip:-}"
+  local _http_proxy="${var_http_proxy:-}"
+  local _http_no_proxy="${var_http_no_proxy:-}"
   local _mtu="${var_mtu:-}"
   local _sd="${var_searchdomain:-}"
   local _ns="${var_ns:-}"
@@ -1921,6 +1968,11 @@ advanced_settings() {
         fi
       done <<<"$BRIDGES"
     fi
+    if [[ -f /etc/pve/sdn/vnets.cfg ]]; then
+      while IFS= read -r vnet; do
+        [[ -n "$vnet" ]] && BRIDGE_MENU_OPTIONS+=("sdn:${vnet}" "[SDN] ${vnet}")
+      done < <(awk '/^vnet:/{print $2}' /etc/pve/sdn/vnets.cfg 2>/dev/null)
+    fi
   }
   _detect_bridges
 
@@ -2153,8 +2205,18 @@ advanced_settings() {
           if [[ "$bridge_test" == "__other__" || "$bridge_test" == -* ]]; then
             continue
           fi
-          if validate_bridge "$bridge_test"; then
+          if [[ "$bridge_test" == sdn:* ]]; then
+            local vnet_test="${bridge_test#sdn:}"
+            if validate_sdn_vnet "$vnet_test"; then
+              _sdn_vnet="$vnet_test"
+              _bridge="${var_brg:-vmbr0}"
+              ((STEP++))
+            else
+              whiptail --msgbox "SDN vnet '$vnet_test' is not configured on this cluster." 8 58
+            fi
+          elif validate_bridge "$bridge_test"; then
             _bridge="$bridge_test"
+            _sdn_vnet=""
             ((STEP++))
           else
             whiptail --msgbox "Bridge '$bridge_test' is not available or not active." 8 58
@@ -2626,9 +2688,46 @@ advanced_settings() {
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 24: Container Timezone
+    # STEP 24: HTTP/HTTPS Proxy
     # ═══════════════════════════════════════════════════════════════════════════
     24)
+      local http_proxy_default_flag="--defaultno"
+      [[ -n "$_http_proxy" ]] && http_proxy_default_flag=""
+
+      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
+        --title "HTTP/HTTPS PROXY" \
+        --ok-button "Next" --cancel-button "Back" \
+        $http_proxy_default_flag \
+        --yesno "\nUse HTTP/HTTPS proxy?\n\nRequired when internet access must go through a proxy server.\n(e.g. corporate networks)\n\n(App default: ${var_http_proxy:-none})" 14 62; then
+        if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
+          --title "HTTP PROXY URL" \
+          --inputbox "\nEnter HTTP proxy URL:\n(e.g. http://proxy.local:8080)" 12 62 "$_http_proxy" \
+          3>&1 1>&2 2>&3); then
+          _http_proxy="$result"
+          local _no_proxy_default="${_http_no_proxy:-localhost,127.0.0.1,.local}"
+          if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
+            --title "NO_PROXY EXCEPTIONS" \
+            --inputbox "\nEnter NO_PROXY exceptions (comma-separated):\nLeave empty for defaults." 12 62 "$_no_proxy_default" \
+            3>&1 1>&2 2>&3); then
+            _http_no_proxy="$result"
+          fi
+        fi
+      else
+        if [ $? -eq 1 ]; then
+          _http_proxy=""
+          _http_no_proxy=""
+        else
+          ((STEP--))
+          continue
+        fi
+      fi
+      ((STEP++))
+      ;;
+
+    # ═══════════════════════════════════════════════════════════════════════════
+    # STEP 25: Container Timezone
+    # ═══════════════════════════════════════════════════════════════════════════
+    25)
       local tz_hint="$_ct_timezone"
       [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)"
 
@@ -2651,9 +2750,9 @@ advanced_settings() {
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 25: Container Protection
+    # STEP 26: Container Protection
     # ═══════════════════════════════════════════════════════════════════════════
-    25)
+    26)
       local protect_default_flag="--defaultno"
       [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag=""
 
@@ -2675,9 +2774,9 @@ advanced_settings() {
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 26: Device Node Creation (mknod)
+    # STEP 27: Device Node Creation (mknod)
     # ═══════════════════════════════════════════════════════════════════════════
-    26)
+    27)
       local mknod_default_flag="--defaultno"
       [[ "$_enable_mknod" == "1" ]] && mknod_default_flag=""
 
@@ -2699,9 +2798,9 @@ advanced_settings() {
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 27: Mount Filesystems
+    # STEP 28: Mount Filesystems
     # ═══════════════════════════════════════════════════════════════════════════
-    27)
+    28)
       local mount_hint=""
       [[ -n "$_mount_fs" ]] && mount_hint="$_mount_fs" || mount_hint="(none)"
 
@@ -2722,9 +2821,9 @@ advanced_settings() {
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 28: Optional host-side post-install hook (path on the Proxmox HOST)
+    # STEP 29: Optional host-side post-install hook (path on the Proxmox HOST)
     # ═══════════════════════════════════════════════════════════════════════════
-    28)
+    29)
       local _hook_prompt="Optional: absolute path to a *.sh file ON THE PROXMOX HOST.
 
 It runs as root on the HOST (NOT in the LXC) after the container
@@ -2774,9 +2873,9 @@ Leave empty to skip."
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 29: Verbose Mode & Confirmation
+    # STEP 30: Verbose Mode & Confirmation
     # ═══════════════════════════════════════════════════════════════════════════
-    29)
+    30)
       local verbose_default_flag="--defaultno"
       [[ "$_verbose" == "yes" ]] && verbose_default_flag=""
 
@@ -2804,6 +2903,7 @@ Leave empty to skip."
       local tz_display="${_ct_timezone:-Host TZ}"
       local apt_display="${_apt_cacher:-no}"
       [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip"
+      local http_proxy_display="${_http_proxy:-(none)}"
 
       local post_install_display="${_post_install:-(none)}"
       local post_install_warn=""
@@ -2833,6 +2933,7 @@ Features:
 Advanced:
   Timezone: $tz_display
   APT Cacher: $apt_display
+  HTTP Proxy: $http_proxy_display
   Verbose: $_verbose
   Post-Install Script: ${post_install_display}${post_install_warn}"
 
@@ -2876,6 +2977,8 @@ Advanced:
   CT_TIMEZONE="$_ct_timezone"
   APT_CACHER="$_apt_cacher"
   APT_CACHER_IP="$_apt_cacher_ip"
+  HTTP_PROXY="$_http_proxy"
+  HTTP_NO_PROXY="$_http_no_proxy"
   VERBOSE="$_verbose"
   var_post_install="$_post_install"
 
@@ -2891,6 +2994,9 @@ Advanced:
   var_timezone="$_ct_timezone"
   var_apt_cacher="$_apt_cacher"
   var_apt_cacher_ip="$_apt_cacher_ip"
+  var_sdn_vnet="$_sdn_vnet"
+  var_http_proxy="$_http_proxy"
+  var_http_no_proxy="$_http_no_proxy"
 
   # Format optional values
   [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
@@ -2928,6 +3034,7 @@ Advanced:
   [[ "${PROTECT_CT:-no}" == "yes" || "${PROTECT_CT:-no}" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Protection: ${BGN}Enabled${CL}"
   [[ -n "${CT_TIMEZONE:-}" ]] && echo -e "${INFO}${BOLD}${DGN}Timezone: ${BGN}$CT_TIMEZONE${CL}"
   [[ "$APT_CACHER" == "yes" ]] && echo -e "${INFO}${BOLD}${DGN}APT Cacher: ${BGN}$APT_CACHER_IP${CL}"
+  [[ -n "${HTTP_PROXY:-}" ]] && echo -e "${INFO}${BOLD}${DGN}HTTP Proxy: ${BGN}$HTTP_PROXY${CL}"
   echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}"
   echo -e "${CREATING}${BOLD}${RD}Creating an LXC of ${APP} using the above advanced settings${CL}"
 
@@ -3645,7 +3752,6 @@ run_addon_updates() {
   done
 }
 
-
 runtime_script_status_guard() {
   local script_slug="${SCRIPT_SLUG:-${NSAPP:-}}"
   script_slug="$(echo "$script_slug" | tr '[:upper:]' '[:lower:]' | tr ' ' '-')"
@@ -3765,6 +3871,47 @@ start() {
 # SECTION 8: CONTAINER CREATION & DEPLOYMENT
 # ==============================================================================
 
+# ------------------------------------------------------------------------------
+# _apply_http_proxy_in_container()
+#
+# - Writes persistent proxy settings into the LXC before base package install
+# - Ensures apt/apk/curl work behind corporate proxies during early setup
+# ------------------------------------------------------------------------------
+_apply_http_proxy_in_container() {
+  local proxy="${HTTP_PROXY:-}"
+  local noproxy="${HTTP_NO_PROXY:-}"
+  [[ -z "$proxy" || -z "${CTID:-}" ]] && return 0
+  [[ -z "$noproxy" ]] && noproxy="localhost,127.0.0.1,.local"
+
+  msg_info "Applying HTTP proxy in container"
+  local tmpf
+  tmpf="$(mktemp)"
+  cat >"$tmpf" <<EOF
+export http_proxy="$proxy"
+export https_proxy="$proxy"
+export HTTP_PROXY="$proxy"
+export HTTPS_PROXY="$proxy"
+export no_proxy="$noproxy"
+export NO_PROXY="$noproxy"
+EOF
+  pct push "$CTID" "$tmpf" /etc/profile.d/90-http-proxy.sh >/dev/null 2>&1 || {
+    rm -f "$tmpf"
+    msg_warn "Failed to push HTTP proxy profile into container"
+    return 0
+  }
+  pct exec "$CTID" -- chmod 644 /etc/profile.d/90-http-proxy.sh >/dev/null 2>&1 || true
+
+  if [[ "$var_os" != "alpine" && "${APT_CACHER:-}" != "yes" ]]; then
+    cat >"$tmpf" <<EOF
+Acquire::http::Proxy "$proxy";
+Acquire::https::Proxy "$proxy";
+EOF
+    pct push "$CTID" "$tmpf" /etc/apt/apt.conf.d/95http-proxy >/dev/null 2>&1 || true
+  fi
+  rm -f "$tmpf"
+  msg_ok "Applied HTTP proxy in container"
+}
+
 # ------------------------------------------------------------------------------
 # build_container()
 #
@@ -3782,6 +3929,9 @@ build_container() {
   #  if [ "$VERBOSE" == "yes" ]; then set -x; fi
 
   NET_STRING="-net0 name=eth0,bridge=${BRG:-vmbr0}"
+  if [[ -n "${var_sdn_vnet:-${SDN_VNET:-}}" ]]; then
+    NET_STRING="-net0 name=eth0,vnet=${var_sdn_vnet:-$SDN_VNET}"
+  fi
 
   # MAC
   if [[ -n "$MAC" ]]; then
@@ -3891,6 +4041,12 @@ build_container() {
   export SESSION_ID="$SESSION_ID"
   export CACHER="$APT_CACHER"
   export CACHER_IP="$APT_CACHER_IP"
+  if [[ -n "${HTTP_PROXY:-}" ]]; then
+    export HTTP_PROXY HTTPS_PROXY="$HTTP_PROXY" http_proxy="$HTTP_PROXY" https_proxy="$HTTP_PROXY"
+    export NO_PROXY="${HTTP_NO_PROXY:-}" no_proxy="${HTTP_NO_PROXY:-}"
+    export var_http_proxy="$HTTP_PROXY"
+    export var_http_no_proxy="${HTTP_NO_PROXY:-}"
+  fi
   export tz="$timezone"
   export APPLICATION="$APP"
   export app="$NSAPP"
@@ -4375,6 +4531,8 @@ EOF
 
   local install_exit_code=0
 
+  _apply_http_proxy_in_container
+
   # Continue with standard container setup
   if [ "$var_os" == "alpine" ]; then
     sleep 3
@@ -4382,10 +4540,13 @@ EOF
 https://dl-cdn.alpinelinux.org/alpine/latest-stable/main
 https://dl-cdn.alpinelinux.org/alpine/latest-stable/community
 EOF'
-    pct exec "$CTID" -- ash -c "apk add bash newt curl openssh nano mc ncurses jq" >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- ash -c 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apk add bash newt curl openssh nano mc ncurses jq' >>"$BUILD_LOG" 2>&1 || {
       msg_warn "apk install failed (dl-cdn.alpinelinux.org), trying alternate mirrors..."
       local alpine_exit=0
       pct exec "$CTID" -- ash -c '
+        set -a
+        [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh
+        set +a
         ALPINE_MIRRORS="mirror.init7.net ftp.halifax.rwth-aachen.de mirrors.edge.kernel.org alpine.mirror.wearetriple.com mirror.leaseweb.com uk.alpinelinux.org dl-2.alpinelinux.org dl-4.alpinelinux.org"
         for m in $(printf "%s\n" $ALPINE_MIRRORS | shuf); do
           if wget -q --spider --timeout=2 "http://$m/alpine/latest-stable/main/" 2>/dev/null; then
@@ -4444,13 +4605,16 @@ EOF
       pct exec "$CTID" -- bash -c "echo -e 'nameserver 8.8.8.8\nnameserver 1.1.1.1' >/etc/resolv.conf"
     fi
 
-    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- bash -c "set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || {
       local failed_mirror
       failed_mirror=$(pct exec "$CTID" -- bash -c "grep -m1 -oP '(?<=URIs: https?://)[^/]+' /etc/apt/sources.list.d/debian.sources 2>/dev/null || grep -m1 -oP '(?<=deb https?://)[^/]+' /etc/apt/sources.list 2>/dev/null" 2>/dev/null || echo "unknown")
       msg_warn "apt-get update failed (${failed_mirror})."
       msg_custom "ℹ️" "${YW}" "Probing alternate mirrors (this can take 1-2 minutes on network issues)"
       local mirror_exit=0
       pct exec "$CTID" -- env APT_BASE="$_base_pkgs" bash -c '
+        set -a
+        [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh
+        set +a
         DISTRO=$(. /etc/os-release 2>/dev/null && echo "$ID" || echo "debian")
         echo "  Mirror fallback for distro: $DISTRO"
 
@@ -5472,10 +5636,10 @@ check_storage_health() {
 
   [[ -z "$total_kb" || "$total_kb" == "0" || -z "$avail_kb" ]] && return 0
 
-  used_pct=$(( (total_kb - avail_kb) * 100 / total_kb ))
+  used_pct=$(((total_kb - avail_kb) * 100 / total_kb))
   free_gb_fmt=$(numfmt --to=iec --from-unit=1024 --suffix=B --format %.1f "$avail_kb" 2>/dev/null || echo "${avail_kb}KB")
 
-  if (( used_pct >= 95 )); then
+  if ((used_pct >= 95)); then
     msg_warn "Storage '${storage}' (${storage_type}) is ${used_pct}% full (${free_gb_fmt} free)"
     if ! is_unattended && command -v whiptail >/dev/null 2>&1 && [[ -t 0 ]]; then
       if ! whiptail --backtitle "Proxmox VE Helper Scripts" \
@@ -5484,11 +5648,11 @@ check_storage_health() {
         msg_error "Installation cancelled – storage nearly full"
         exit 214
       fi
-    elif (( used_pct >= 98 )); then
+    elif ((used_pct >= 98)); then
       msg_error "Storage '${storage}' is ${used_pct}% full – refusing install in unattended mode"
       exit 214
     fi
-  elif (( used_pct >= 85 )); then
+  elif ((used_pct >= 85)); then
     msg_warn "Storage '${storage}' (${storage_type}) is ${used_pct}% full (${free_gb_fmt} free)"
   fi
 
@@ -5721,8 +5885,8 @@ create_lxc_container() {
       msg_debug "No newer candidate for pve-container/lxc-pve (installed=$_pvec_i/$_lxcp_i, cand=$_pvec_c/$_lxcp_c)"
       return 0
     fi
-
+    local _disable_update="${DISABLE_UPDATE:-no}"
-    if [[ "${PHS_SILENT:-0}" == "1" || "${DISABLE_UPDATE,,}" == "yes" ]]; then
+    if [[ "${PHS_SILENT:-0}" == "1" || "${_disable_update,,}" == "yes" ]]; then
       msg_info "Skipping host LXC stack upgrade prompt (unattended mode)"
       return 2
     fi
@@ -5827,17 +5991,17 @@ create_lxc_container() {
   # Maps OS type + version to the release variant name used by ARM64 template sources.
   arm64_template_variant() {
     case "$1:$2" in
-      debian:12) echo "bookworm" ;;
+    debian:12) echo "bookworm" ;;
-      debian:13) echo "trixie" ;;
+    debian:13) echo "trixie" ;;
-      debian:) echo "$DEBIAN_DEFAULT_CODENAME" ;;
+    debian:) echo "$DEBIAN_DEFAULT_CODENAME" ;;
 
-      ubuntu:24.04) echo "noble" ;;
+    ubuntu:24.04) echo "noble" ;;
-      ubuntu:26.04) echo "questing" ;;
+    ubuntu:26.04) echo "questing" ;;
-      ubuntu:) echo "$UBUNTU_DEFAULT_CODENAME" ;;
+    ubuntu:) echo "$UBUNTU_DEFAULT_CODENAME" ;;
 
-      alpine:*) echo "${2:-$ALPINE_DEFAULT_VERSION}" ;;
+    alpine:*) echo "${2:-$ALPINE_DEFAULT_VERSION}" ;;
 
-      *) return 1 ;;
+    *) return 1 ;;
     esac
   }
 

misc/core.func

@@ -970,6 +970,53 @@ is_verbose_mode() {
   [[ "$verbose" != "no" ]]
 }
 
+# ------------------------------------------------------------------------------
+# configure_http_proxy()
+#
+# - Applies var_http_proxy / var_http_no_proxy inside the container
+# - Persists proxy env for login shells, systemd, and package managers
+# - Skips APT proxy config when APT Cacher-NG is active
+# ------------------------------------------------------------------------------
+configure_http_proxy() {
+  local proxy="${HTTP_PROXY:-${http_proxy:-${var_http_proxy:-}}}"
+  local noproxy="${HTTP_NO_PROXY:-${no_proxy:-${var_http_no_proxy:-}}}"
+  [[ -z "$proxy" ]] && return 0
+  [[ -z "$noproxy" ]] && noproxy="localhost,127.0.0.1,.local"
+
+  msg_info "Configuring HTTP proxy"
+  cat >/etc/profile.d/90-http-proxy.sh <<EOF
+export http_proxy="$proxy"
+export https_proxy="$proxy"
+export HTTP_PROXY="$proxy"
+export HTTPS_PROXY="$proxy"
+export no_proxy="$noproxy"
+export NO_PROXY="$noproxy"
+EOF
+  chmod 644 /etc/profile.d/90-http-proxy.sh
+
+  if ! grep -q '^http_proxy=' /etc/environment 2>/dev/null; then
+    cat >>/etc/environment <<EOF
+http_proxy=$proxy
+https_proxy=$proxy
+HTTP_PROXY=$proxy
+HTTPS_PROXY=$proxy
+no_proxy=$noproxy
+NO_PROXY=$noproxy
+EOF
+  fi
+
+  if [[ "${CACHER:-}" != "yes" && -d /etc/apt/apt.conf.d ]]; then
+    cat >/etc/apt/apt.conf.d/95http-proxy <<EOF
+Acquire::http::Proxy "$proxy";
+Acquire::https::Proxy "$proxy";
+EOF
+  fi
+
+  export http_proxy="$proxy" https_proxy="$proxy" HTTP_PROXY="$proxy" HTTPS_PROXY="$proxy"
+  export no_proxy="$noproxy" NO_PROXY="$noproxy"
+  msg_ok "Configured HTTP proxy"
+}
+
 # ------------------------------------------------------------------------------
 # is_unattended()
 #

misc/install.func

@@ -388,7 +388,8 @@ apt_update_safe() {
 # ------------------------------------------------------------------------------
 update_os() {
   msg_info "Updating Container OS"
-  if [[ "$CACHER" == "yes" ]]; then
+  configure_http_proxy
+  if [[ "$CACHER" == "yes" && -z "${HTTP_PROXY:-${http_proxy:-}}" ]]; then
     echo 'Acquire::http::Proxy-Auto-Detect "/usr/local/bin/apt-proxy-detect.sh";' >/etc/apt/apt.conf.d/00aptproxy
     local _proxy_raw="${CACHER_IP}"
     local _proxy_host _proxy_port _proxy_url
@@ -509,7 +510,7 @@ EOF
     systemctl restart "$(basename "$(dirname "$GETTY_OVERRIDE")" | sed 's/\.d//')"
     msg_ok "Customized Container"
   fi
-  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update
+  echo 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/'"${app}"'.sh)"' >/usr/bin/update
   chmod +x /usr/bin/update
 
   if [[ -n "${SSH_AUTHORIZED_KEY}" ]]; then

tools/pve/hw-acceleration.sh

@@ -54,6 +54,11 @@ if ! pveversion | grep -Eq "pve-manager/8\.[0-4](\.[0-9]+)*"; then
   exit
 fi
 
+if [ "$(dpkg --print-architecture 2>/dev/null)" = "arm64" ]; then
+  echo -e "${RD}Intel HW acceleration is only available on x86 (Intel) systems.${CL}"
+  exit 0
+fi
+
 whiptail --backtitle "Proxmox VE Helper Scripts" --title "Add Intel HW Acceleration" --yesno "This Will Add Intel HW Acceleration to an existing LXC Container. Proceed?" 8 72
 NODE=$(hostname)
 PREV_MENU=()

tools/pve/microcode.sh

@@ -139,6 +139,12 @@ if ! command -v pveversion >/dev/null 2>&1; then
   exit
 fi
 
+if [ "$(dpkg --print-architecture 2>/dev/null)" = "arm64" ]; then
+  header_info
+  msg_error "CPU microcode updates are only available for x86 (Intel/AMD) systems."
+  exit 0
+fi
+
 whiptail --backtitle "Proxmox VE Helper Scripts" --title "Proxmox VE Processor Microcode" --yesno "This will check for CPU microcode packages with the option to install. Proceed?" 10 58
 
 msg_info "Checking CPU Vendor"

tools/pve/pbs-microcode.sh

@@ -157,6 +157,12 @@ if [ ! -f /etc/proxmox-backup/user.cfg ]; then
   exit
 fi
 
+if [ "$(dpkg --print-architecture 2>/dev/null)" = "arm64" ]; then
+  header_info
+  msg_error "CPU microcode updates are only available for x86 (Intel/AMD) systems."
+  exit 0
+fi
+
 whiptail --backtitle "Proxmox Backup Server Helper Scripts" \
   --title "Proxmox Backup Server Processor Microcode" \
   --yesno "This script searches for CPU microcode packages and offers the option to install them.\nProceed?" 10 68

tools/pve/pbs3-upgrade.sh

@@ -175,4 +175,10 @@ while true; do
   esac
 done
 
+if [ "$(dpkg --print-architecture 2>/dev/null)" = "arm64" ]; then
+  header_info
+  msg_error "This upgrade script targets the amd64 Proxmox repositories and is not supported on ARM64."
+  exit 1
+fi
+
 start_routines

tools/pve/pbs4-upgrade.sh

@@ -199,4 +199,10 @@ while true; do
   esac
 done
 
+if [ "$(dpkg --print-architecture 2>/dev/null)" = "arm64" ]; then
+  header_info
+  msg_error "This upgrade script targets the amd64 Proxmox repositories and is not supported on ARM64."
+  exit 1
+fi
+
 start_routines

tools/pve/post-pbs-install.sh

@@ -135,6 +135,12 @@ EOF
   no) msg_error "Selected no to Correcting Debian Sources" ;;
   esac
 
+  if [[ "$(dpkg --print-architecture 2>/dev/null)" == "arm64" ]]; then
+    msg_ok "ARM64 detected - skipping Proxmox repository setup"
+    post_routines_common
+    return
+  fi
+
   # --- Enterprise repo ---
   read -r state file <<<"$(repo_state_list pbs-enterprise)"
   case $state in
@@ -209,6 +215,12 @@ EOF
   no) msg_error "Selected no to Correcting Debian Sources" ;;
   esac
 
+  if [[ "$(dpkg --print-architecture 2>/dev/null)" == "arm64" ]]; then
+    msg_ok "ARM64 detected - skipping Proxmox repository setup"
+    post_routines_common
+    return
+  fi
+
   # --- Enterprise repo ---
   if component_exists_in_sources "pbs-enterprise"; then
     CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "PBS Enterprise Repository" --menu \

tools/pve/post-pmg-install.sh

@@ -53,6 +53,11 @@ if ! dpkg -s proxmox-mailgateway-container >/dev/null 2>&1 &&
   exit 232
 fi
 
+if [ "$(dpkg --print-architecture 2>/dev/null)" = "arm64" ]; then
+  msg_error "Proxmox Mail Gateway does not support ARM64."
+  exit 1
+fi
+
 repo_state() {
   # $1 = repo name (e.g. pmg-enterprise, pmg-no-subscription, pmgtest)
   local repo="$1"

tools/pve/post-pve-install.sh

@@ -125,6 +125,12 @@ EOF
   no) msg_error "Selected no to Correcting Proxmox VE Sources" ;;
   esac
 
+  if [[ "$(dpkg --print-architecture 2>/dev/null)" == "arm64" ]]; then
+    msg_ok "ARM64 detected - skipping Proxmox repository setup"
+    post_routines_common
+    return
+  fi
+
   CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "PVE-ENTERPRISE" --menu "The 'pve-enterprise' repository is only available to users who have purchased a Proxmox VE subscription.\n \nDisable 'pve-enterprise' repository?" 14 58 2 \
     "yes" " " \
     "no" " " 3>&2 2>&1 1>&3)
@@ -282,6 +288,12 @@ EOF
     esac
   fi
 
+  if [[ "$(dpkg --print-architecture 2>/dev/null)" == "arm64" ]]; then
+    msg_ok "ARM64 detected - skipping Proxmox repository setup"
+    post_routines_common
+    return
+  fi
+
   # ---- PVE-ENTERPRISE ----
   if component_exists_in_sources "pve-enterprise"; then
     CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" \

tools/pve/pve8-upgrade.sh

@@ -131,6 +131,12 @@ if ! command -v pveversion >/dev/null 2>&1; then
   exit
 fi
 
+if [ "$(dpkg --print-architecture 2>/dev/null)" = "arm64" ]; then
+  header_info
+  msg_error "This upgrade script targets the amd64 Proxmox VE repositories and is not supported on ARM64."
+  exit 1
+fi
+
 if ! pveversion | grep -Eq "pve-manager/(7\.4-(16|17|18|19))"; then
   header_info
   msg_error "This version of Proxmox Virtual Environment is not supported"