Selfhosted

42717 readers

480 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

[email protected]

Docker in LXC vs VM (lemmy.ml)

submitted 2 days ago by [email protected] to c/[email protected]

53 comments fedilink hide all child comments

I run a small server with Proxmox, and I'm wondering what are your opinions on running Docker in separate LXC containers vs. running a specific VM for all Docker containers?

I started with LXC containers because I was more familiar with installing services the classic Linux way. I later added a VM specifically for running Docker containers. I'm thinking if I should continue this strategy and just add some more resources to the docker VM.

On one hand, backups seem to be easier with individual LXCs (I've had situations where I tried to update a Docker container but the new container broke the existing configuration and found it easiest just to restore the entire VM from backup). On the otherhand, it seems like more overhead to install Docker in each individual LXC.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 2 days ago (3 children)

What's the purpose of running container in a container? Why not install docker on your host machine?

[–] [email protected] 8 points 2 days ago (2 children)

If you do that, Docker is stuck on that host. If it’s in an LXC it can move to another host. Plus, backing up and snapshotting are easier IMO.

[–] [email protected] 5 points 2 days ago

Snapshotting in docker is as easy as docker commit. After that you can back it up with docker save. Then move to another host, but not without downtime.

However normally you need to backup/move only volumes attached to containers. If that's not the way how you like to organize your services, you likely don't need docker.

[–] [email protected] 4 points 2 days ago

Docker doesn't need to portable because containers are...

I don't even understand this logic.

[–] [email protected] 2 points 2 days ago (2 children)

Dockers 'take-over-system' style of network management will interfere with proxmox networking.

[–] [email protected] 1 points 1 day ago

Well, I don't use proxmox, however docker coexists with libvirt and other virtualization systems. If there are overlapping networks that docker ant proxmox attempt to manage, they are configurable.

[–] [email protected] 1 points 2 days ago* (last edited 2 days ago) (1 children)

I don't use proxmox, but it works absolutely fine for me on my regular Linux system, which has a firewall, some background services, etc. Could you be more specific on the issues you're running into?

Also, I only really expose two services on my host:

Caddy - handles all TLS and proxies to all other services in the internal docker network
Jellyfin - my crappy smart TV doesn't seem to be able to handle Jellyfin + TLS for some reason, it causes the app to lock up

Everything else just connects through an internal-only docker network.

If you're getting conflicts, I'm guessing you've configured things oddly, because by default, docker creates its own virtual interface to explicitly not interfere with anything else on the host.

[–] [email protected] 3 points 1 day ago (1 children)

A couple posts down explains it, docker completely steamrolls networking when you install it. https://forum.proxmox.com/threads/running-docker-on-the-proxmox-host-not-in-vm-ct.147580/

The other reason is if it's on the host you can't back it up using proxmox backup server with the rest of the VMs/CTs

[–] [email protected] 2 points 1 day ago (1 children)

I don't use proxmox, so I guess I don't understand the appeal. I don't see any reason to backup a container or a VM, I just backup configs and data. Backing up a VM makes sense if you have a bunch of customizations, but that's pretty much the entire point of docker, you quarantine your customizations to your configs so it's completely reproducible if you have the configs and data.

[–] [email protected] 2 points 1 day ago* (last edited 1 day ago) (1 children)

Ease of use mostly, one click to restore everything including the OS is nice. Can also easily move them to other hosts for HA or maintenance.

Not everything runs in docker too, so it's extra useful for those VMs.

[–] [email protected] 1 points 1 day ago

That's fair.

That said, I can't think of anything I'd want to run that doesn't work in docker, except maybe pf? But I'd probably put that on a dedicated machine anyway. Pretty much everything else runs on Linux or has a completely viable Linux alternative, so I could easily built a docker image for it.

[–] [email protected] 1 points 2 days ago

Honestly, I never really thought of installing Docker directly on Proxmox. I guess that might be a simpler solution, to run Dockers directly, but I kind of like to keep the hypervisor more stripped down.