Skip to content
Home » Docker in Proxmox CT / LCX Container or VM – Best practices

Docker in Proxmox CT / LCX Container or VM – Best practices

Advertisements

Some of the links shared in this post are affiliate links. If you click on the link and make a purchase, we will receive an affiliate commission at no additional cost to you.

The Proxmox hypervisor natively supports two types of virtualization: Proxmox CT or LXC (Linux Container) and KVM (Kernel-based Virtual Machine) VMs. Docker is not supported directly.

  • LXC Container: Lightweight, fast and resource-saving virtualization, ideal for scalable applications and environments based on the same kernel.
  • KVM VMs: Complete, isolated operating systems with greater isolation and support for different operating systems, ideal for safety-critical and heterogeneous environments.

LXC containers are more resource-efficient than full-fledged VMs as they share the kernel with the host, i.e. the Proxmox server itself. However, this also causes some problems: If you want to use features such as NFS, CIFS or GPU passthrough, the CT container must be created with privileges.

Proxmox LXC: Create NFS / CIFS Mount / Mount Folder

This gives the container root rights, even on the host itself. If an intruder can penetrate the CT, it is easy to compromise the entire host. Privileged LXC / CT containers should therefore only be used in absolutely exceptional cases.

Proxmox LXC: Privileged vs Unprivileged – The differences

CT or VM as Docker host?

The VM clearly wins in terms of flexibility and security. The KVM VM is much better isolated from the host than the CT container, can have full root rights, use features such as GPU passthrough and thus supports live migration. The official Proxmox documentation also recommends implementing Docker hosts as VMs.

What is a Live Migration?

Live migration is the process of moving a running virtual machine (VM) from one physical host to another without interrupting the operation of the VM. This allows maintenance work to be carried out or loads to be better distributed without the users accessing the VM’s services noticing any downtime. The VM remains active and accessible during the entire process, ensuring high availability and minimal service interruptions.

If you want to run application containers, for example, Docker images, it is recommended that you run them inside a Proxmox QEMU VM. This will give you all the advantages of application containerization, while also providing the benefits that VMs offer, such as strong isolation from the host and the ability to live-migrate, which otherwise isn’t possible with containers.

Proxmox Documentation: 11th Proxmox Container Toolkit

While you can certainly use Docker in Proxmox CT containers and this makes sense in some use cases, it is generally better to use a VM.

Can I install Docker in a Proxmox CT / LXC container?

Yes, you can install Docker in a Proxmox CT container.

Can I install Docker in a Proxmox VM?

Yes, Docker can be installed in a VM.

What consumes fewer resources: Proxmox CT containers or VMs?

Proxmox CT / LXC containers consume fewer resources than fully-fledged VMs.

Tags:

Related Posts

Synology fixes critical Pwn2Own vulnerabilities

Home Assistant: Install Paperless-NGX addon with Ingress

unRaid Alternatives: The best free alternatives

Proxmox: Install unRAID as VM in Proxmox

Installing Proxmox on a USB stick: advantages and disadvantages

Proxmox: Install Paperless-ngx as LXC container

Instructions: Install Home Assistant as LXC container in Proxmox

Home Assistant: The right backup options and strategies

Unraid LincStation N1: A New Approach to Energy Efficient Home Servers

Mastodon