Docker on Proxmox LXC 🚀 Zero Bloat and Pure Performance!
Рет қаралды 17,068
Күн бұрынRunning Docker on Proxmox LXC is the best to get maximum performance without unnecessary overheard, all the while, maintaining the much-desired system isolation.
But if you want security then an Unprivileged LXC is better than a Privileged Proxmox LXC. My home server and media server are both Proxmox LXCs and unprivileged.
This walkthrough shows you how to install Docker on an unprivileged Proxmox LXC. Knowing this can be very helpful while following my guides and Github repo.
#proxmox #homelab #minilab #homeserver #plex #docker
TIMESTAMPS
0:00 Introduction
1:03 Proxmox and Proxmox LXC
2:58 Setting up Ubuntu 22.04 Unprivileged Proxmox LXC
9:57 Preparing Ubuntu 22.04 Operating System for Docker
10:20 Create a New Non-Root User
11:11 System Update
12:03 Edit SSH Config
13:24 Installing Basic/Required Packages
14:20 System Tweaks (sysctl.conf)
15:05 Enable Firewall (UFW)
17:30 Automated Setup
18:22 Docker Setup
ULTIMATE DOCKER SERVER SERIES:
Playlist: • Mini Homelab Tour - I ...
RELEVANT GUIDES:
🔗 www.smarthomebeginner.com/ult...
🔗 www.smarthomebeginner.com/doc...
🔗 www.smarthomebeginner.com/tra...
AUTO-TRAEFIK
📰 www.smarthomebeginner.com/aut...
🎞️ • Auto Traefik 2 - Docke...
GITHUB REPOSITORIES:
📜 github.com/htpcbeginner/docke...
MY PROXMOX HOST:
🖥️ Topton V700 Intel i7-13800H Mini PC with 64 GB RAM: www.smarthomebeginner.com/go/... (Affiliate Link)
SUPPORT MY WORK:
🤝 www.smarthomebeginner.com/mem...
JOIN THE COMMUNITY:
👋 www.smarthomebeginner.com/dis...
🌐 www.smarthomebeginner.com/
FOLLOW US ON SOCIAL
Get updates or reach out to Get updates on our Social Media Profiles!
👥 Twitter: / anandslab
👥 Facebook: / anandslab
👥 Instagram: / smarthomebeginr
@AnandsLab 12 күн бұрын
Some key points based on community feedback: 1. 7:20 we are specifying the maximum available resources to be used when needed. It does not mean all these resources are blocked. 2. 12:15 Never port-foward or expose SSH port to the internet. 3. 13:00 Its obvious but I should have mentioned, SSH with key is the best way to maximize security. Password is not.
@reyastaroth 6 сағат бұрын
Brilliant!! Bravo for your decision to start from scratch the old way!! To follow!!
@sl7085 20 күн бұрын
Many thanks for this detailed setup video and the guides, really appreciate
@AnandsLab 19 күн бұрын
Glad you enjoyed it!
@Felix-ve9hs 14 күн бұрын
12:16 With tools like nmap, it takes an attacker less than one minute to figure out your SSH port, no matter to what you change it to. Just disable passwords and use ssh-keys for login.
@AnandsLab 13 күн бұрын
This is the way to go. But majority of the hits I get on my server are on Port 22.
@casperghst42 13 күн бұрын
I'd rather say; do not expose ssh to the internet - use VPN.
@AnandsLab 13 күн бұрын
@@casperghst42 of course. Not sure if I mentioned it. To me it’s obvious but I should be more explicit about it.
@Thiccalus 12 күн бұрын
do you know of a decent tutorial to go over implementing ssh keys?
@sybren-srb 10 күн бұрын
who the hell allows port scanning on his firewall anyway?
@tuxino 5 күн бұрын
I have a small thing you should consider in the future when running multiple commands in sequence. When you separate the commands with a semi-colon as in "apt update ; apt upgrade", if something went wrong with the update, it will still try to upgrade. If you look away after pressing enter, you will not notice the error from update, and might think that everything went as planned. Instead, consider using double ampersand as in "apt update && apt upgrade". Then, if the first command fails, it will not run the second, and when you look at the screen, the error message from the first is still visible.
@AnandsLab 4 күн бұрын
This is a great point. I started out wrong and it became a habit that is hard to break. Thanks for nudge and sharing your point of view.
@manit77 6 сағат бұрын
Try docker swarm. I gave up trying lxc. You may run into issues running HA when clustered.
@RedVelocityTV 4 күн бұрын
Good video but you kept interrupting the screen with your fullscreen video, unneeded disruption when you've already got a webcam on screen
@AnandsLab 3 күн бұрын
Thanks! Already being addressed in the newer videos :-)
@ggoessler 14 күн бұрын
I also have it in lxc Containers with zfs in proxmox. It works but Backups are not restorable
@AnandsLab 14 күн бұрын
What??? I just recently switched to zfs. I have to check the backups then.
@firefox7530 9 күн бұрын
Well, I cannot even take backups anymore of my docker LXC. The proxmox guys clearly do NOT advise to install docker on proxmox. They are strongly against it as mentioned several time in the proxmox forums on people who have problems with docker on proxmox.
@ggoessler 6 күн бұрын
@@AnandsLab have you also some issues?
@fbifido2 6 күн бұрын
One Question on Debian 12.5: - I install the Debian 12 Minimal install - I then install docker - I created two nginx container, with ports 8080 and 8081 respectively. - I then make sure that I can access each container site, plus ping the Debian host. - Now I install UFW, allow port 2052/tcp, then enable it. - I can still ping the Debian host & also access the two nginx site { WHY ??? } My question: How can I block everything and only allow access to ports that I need, like 2052, 8080, 8081/tcp?
@AnandsLab 6 күн бұрын
This is a docker problem and one reason why some prefer podman. Docker by default adds firewall rules to allow traffic to all containers. Take a look at ufw-docker on GitHub.
@gdr189 13 күн бұрын
How does including LXD alongside LXC change things? I am still having difficulty understanding LXD.
@zparihar 13 күн бұрын
Proxmox is not using LXD. I would ignore it in this case
@KryptoJanusz Ай бұрын
16:00 Why you dont use Proxmox firewall instead?
@AnandsLab Ай бұрын
That is definitely an option and offers a firewall outside the system. I tried to showcase something that could work not only for Proxmox LXC but also barebones Ubuntu.
@xavierejarque7827 13 күн бұрын
Becareful, ufw does not work with docker containers! You will have all container ports opened to internet.
@AnandsLab 13 күн бұрын
Yes, this is correct and something to watch out for. Its why UFW-Docker is nice to implement so you can continue to leverage the networking capabilities built into docker while also respective the firewall rules.
@fbifido2 6 күн бұрын
@@AnandsLab I tried UFW-Docker, in 2024 it does not work. to protect my containers, i just install UFW in the docker container itself.
@egokhanturk 13 күн бұрын
7:20 you are not allocating cpu cores or memory. You are just giving the limitation. This is advantage of LXC. If im wrong correct me.
@AnandsLab 13 күн бұрын
Yes, good point. Thanks for clarifying. It is the upper limit. This does not mean all the allocated resources are used.
@ascomp2002 12 күн бұрын
We are learning of you and you are supposed to be showing us what you are teaching us, please after introduction I think it will be better to leave your face at the corner of the video and leave what you are teaching more on the screen so that we can follow better otherwise I am fighting more to pause to see what you want to show and teach between your face. Just a humble opinion, thank you.
@AnandsLab 12 күн бұрын
Feedback noted🙂
Fabiosa Best Lifehacks
Рет қаралды 6 МЛН
SmartHomeBeginner
Рет қаралды 611
WunderTech
Рет қаралды 24 М.
Amway Home Goodies
Рет қаралды 26 МЛН
notebook-31
Рет қаралды 994 М.