Docker on Proxmox LXC 🚀 Zero Bloat and Pure Performance!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
running Docker in a prox boox lxc is one of the best ways to reduce resource overhand and get the best performance but doing so is a bit tricky in this video I'm going to show you how I do it what's up geek arm me Anand here in my last video I gave you a tour of my mini lab or mini home lab and prox MOX virtual environment was a core component of my setup I run my Home Server media server home assistant adguard home bunch of different things on my proxmox server but many of you wanted to know how I run my Docker based Home Server and media server in a proxmox unprivileged lxc the response I got from my previous video was amazing I'm hoping that just like my previous video you will hit the like button for this one and more importantly more than 93% of the people who watched my previous video were not subscribers let's change that this would be a good opportunity to hit the Subscribe button so you get notified of future videos first let's start with a little bit of background in my article comparing prox marks to vmwares esxi I picked proxmox most of the home labers are gravitating towards proxmox with the recent announcement from VMware that the free esxi is going away I predict that more and more home labers will gravitate towards proxmox one of the biggest advantages of a hypervisor like proxmox is the ability to run multiple virtual systems isolated from each other and from the proxmox host or or the host system I'm not going to claim to be an expert on this topic so let's take an example from ubu's documentation here you have a picture of our schematic of a virtual machine and system containers or Linux containers R lxc in a virtual machine you have the host kernel and you have the hypervisor and then you have a full fledged operating system on top with its own kernel this adds overhead this also provides real good isolation but it does add overhead in a Linux container on the other hand you have a shared kernel between the container and the host this reduces the overhead significantly while still offering some level of isolation which brings us to the next part proxar lxc can be privileged or or or unprivileged in the privilege proxmox lxc if the attacker gets control of the lxc then they can theoretically get into your host operating system and take control of it too this is the main reason why I really like to run all of my containers in unprivileged more in fact I do not have any privileged containers on my proxmox but installing Docker in an unprivileged proxmox lxc is a bit tricky let's see how to do that at this point I'm going to assume that you are already have prox MOX running if not let me know in the comment section and I will consider making a video on how I install my proxmox server but for now let's assume that you have proxmox let's head over to my proxmox right here we're going to create a new container but before that we will have to download the template and this usually goes where you normally store your isos and container templates in my case it goes into the ssle so I'm going to head over to container templates right here you can already see that I have two templates downloaded debn and open to 22.041 in this case it is UB do so I'm going to hit the longterm support Edition which is 22.4 right now in about a month the next version of the LTS release will come out 24.4 but at this point this is the most recent long-term release so we're going to select that and hit download and within few seconds you should have it downloaded Now using this we're going to create a new container how do we do that right here create containers so we're going to hit create containers we're going to pick the node name is PBE we're going to leave it as this we'll pick a random number for this container and for host let's call it udm which goes along with my Docker and traffic guides ultimate Docker media server so we'll we'll pick that it is going to be an unprivileged container so we'll keep that checked nesting this is this is important so once again let's switch over to this picture again okay so Docker is a containerization engine when you install it in an operating system you have the OS and then Docker on top but lxc is a container in itself Linux container lxc so when you take a container and you install another docker containerization engine you have container on container and this is nesting therefore we will have to enable nesting here then for password this is the password for the root user will'll pick something this is not a strong password I recommend you to pick something long and strong even better would be to use your own SSH Keys which would be the best form of security so let's pick that and let's head over to the next tab for template we have it stored on in the SSD storage so we're going to pick SSD and we're going to pick the container that we just downloaded or the template we just downloaded so it next for diss this entirely depends on your situation in my case I have 2 TB hard drive for proxmox and I have a 4 tab hard drive for storage if you're really interested in what type of Hardware I have in my proxmox server I'll put the links in the description below those are affiliate links your prices won't change but I get a small commission so I would really appreciate it if you plan to make a purchase to use my affiliate links okay back again so in this case I have 2 terabytes I'm going to pick 64 GB just because I want to remind my environment I have the Home Server which is self-contained all the media is stored in a Nas the Home Server pulls this Media stuff from my Nas and sends it to the clients so I don't need a lot of space if your situation is different I would bump up this number to whatever you feel comfortable if you also have a huge Plex library for example the metadata can grow a lot in this case I would probably go higher than 64 but for my purposes 64 is more than enough so let's just pick 64 at least for this test another thing I like to do is pick enable no access time which reduces wear and tear on the hard drives or ssds then I'm going to also enable ACLS which would allow us to set some Advanced permissions hit next then we're going to set the number of course this again depends on your post in my case I have 16 CPUs I'm going to pick I'm not going to allocate all of it in fact for my media server and Home Server I only have 12 course allocated off the 16 in this case it's a test I'm going to allocate let's say four and let's keep going and then memory again the same deal on my host I have 64 GB in my home server and media server containers I have 24 GB allocated in this case let's just go with 8 GB it's always a good idea to have swap so let's just go 4 GB of swap memory then let's keep moving the next step is to set a static IP address or IP address but I always recommend setting a static IP this way the IP address of your home server or media server never changes and you always know what IP to use to reach your Home Server okay to set the IP address static IP address you will have to pick an IP address that is not available in your network so open your router Page look look through the list of IP addresses for various clients pick something that is available so in my case I'm going to pick something random it has to be off the format as shown in the screen sl24 which covers the entire network of 192.168.1 then we're getting into networking so we'll just leave it at that my Gateway IP is usually the IP address of the internet gway or the router so 192.168.1.1 everything else remains as this we'll keep moving for DNS we're not going to set anything right now so we'll just pick the defaults and keep moving and I want to start it after creation so we're going to check that box and and in a few seconds my container should be ready there you go it's done now before I go to my container I would just show you quickly the the the resources I use in my home server for example here you go as I said 24 GB from memory for memory 4 GB for swap 12 cores and then I have a few different Mount points that are set there don't worry about all of that stuff you shouldn't have anything in fact you will have only this one right here I am sharing some of the folders from my host system and making them available inside the container for few other uh purposes we won't get into that right now at least okay so let's head over to the container we just created it already started it's ready to go let here you can see the the settings that we picked let's go over to console and try to log in root and there you go we're in now it's not a good idea to continue as root so the first step we're going to do is create a generic user how do we do that I would refer you to my guide uh which is the first part of the ultimate Docker series which covers preparing the operating system and if you scroll down you're going to see some of the steps I normally like to do before I get started so and we're going to do the first one right here create a new user so let's head over to this tab again and we're going to create a new user add user on it notice that I'm not using pseudo here because I'm already logged in as root and a password for it password for it let's just keep Golding and I'm going to say yes so the user is created the next thing I want to do is add this user to the PSE sudo group so when needed I can use the sud sudo command to elevate my privileges we're going to use the add user command again user anend and in this case we're going to provide the group name PSE sudo so now now this should add me to the pseudo group I'm done let's test it out so I'm going to exit and I'm going to log in as myself and there you go I am in so everything works so far let's head over to the guide one more time see what the next step is the next step is to update the operating system how do we do that using these two commands right here so going back to BR Marx pseudo app update and pseudo app upgrade I'm using a semicolon to separate the commands this is a shorter way to issue multiple commands in one line so let's do that asword now this is going to update all the packages and pull in any updates that need to be installed so let's let it run and come back when it's done it looks like I have about 56 MB to pull and install Okay the update is done if you're still watching this video then there is obviously something here that you like so hit that like button and subscribe subcribe to my channel so you get notified of all future videos okay The Next Step let's head over to my guide one more time we're going to make some security changes here first just to change the default Port of SSH which is 2022 everybody knows SSH Port is 2022 and so it it's an easy attack point for the attacker so we're going to uh it's not a full security but it makes it a little bit difficult for attackers to get into your system if they can't guess the port num that you are in so we're going to pseudo Nano ec/ SSH SL hd.com the only thing we're going to do here is scroll down right here and change the port to 2015 through okay there are a few more things that you can change here in fact I normally do change some of these things here for example disallowing root login using a password that's a good security measure to have but it's outside the scope of this video so we're going to skip for now we're just going to change the port number so let's save this by pressing contrl x y and enter so we're done with this change now we do have to restart SSH to for this to take effect so let's copy this and let's go over here paste and enter that's it we're done with the next step so moving on then we're going to install some packages that I normally like to install what these packages are I will explain while it's installing so I'm going to paste this right there curl or is something that is used by many applications so we're going to install that we're going to install zip unzip we're also going to install Network time protocol we're going to install htop which is a really nice utility to monitor the resource usage on your system then I also like to install Network Tools also finally ncdu which is an awesome tool to to look at the space usage in your system so let's hit enter and let the system pull all the packages that are needed and install them we'll come back when it's done okay we've installed all the packages that are needed so let's head over and see what is the next step that we need to do I normally like to to make some minor tweaks to the con system configuration so it runs better now there might be people that would argue CH this but but for home lab environment I try to reduce the number of Rights made system cuz it's unnecessary rights so I put these things in my CIS cdl.com to reduce the number of amount of Rights so Nano rudo Nano Etc C.C and I'm going to go all the way to the end and paste those right there save it and exit that's it now when you restart these things should take effect there's a way to to uh to implement it right now but I'm not going to do that the last thing I want to do is enable firewall by default ubu does not have firewall enabled we're going to do that right now and add some rules to to make it work okay how do we enable the firewall before we enable the firewall we're going to add some default rules the first one is we're going to deny all incoming connections so let's copy paste that command pseudo um ufw default deny incoming the same way we're going to allow all outgoing so we let's copy that and paste it right there oh by the way if you don't know where to find this guide I'll put the link in the description below so you have it the final thing that we're going to add is that we're going to allow all incoming connections from the local network so this way all all your network devices have access to your home server now people who have multiple vlands and all of that stuff for security purposes obviously may maybe against something like this but it's it's a matter of personal preference and also how you have your environment set up also people who have multiple whe lanss already understand the networking concept so they I am sure you can figure out a way to implement what you want to implement so that is done and that is about it so we do have to enable the firewall which we didn't so pseudo ufw enable now if you notice one thing we did set the port number for SSH to 2053 now if I do pseudo ufw status numbered I think that's the command I only have one which is all the incoming connections from my local network which is fine I can SSH from my local network right so this is good so 2053 is already covered here if for any reason you want to expose your SSH port to the internet which I do not recommend doing instead look at a solution like quacamole or something that would help you reach the servers that you want in a more secure way if you want to do that you will have to add 2053 to the allowed list of ports but for now we're not going to do any of that let's head over to my guy so we've completed every step that is needed to set up the operating system at this point you can decide to do what you want to do if I scroll back to the top of this guide you can follow guide number two right here setting up Docker and Docker apps and keep moving from there alternatively if you prefer an automated way to do this take a look at Auto trffic I developed Auto traffic with years of experience it automates setting up Docker containers reverse proxies you can even pull SSL certificate so and all your services will be available through fully qualified domain names you can even set up an authentication layer like aelia which would give you multiactor authentification so if you decide to try it out it would support my work so it's this is available for you if you're interested but in this guide we're going to do it the old school way we're going to install Docker manually so let's head over to my proxmox right here and how do we install Docker for this we're going to head over to the docker's documentation so here I am on the documentation for installing Docker engine on uent 2 so if I scroll all the way down there are several steps listed here that you're welcome to go through one at a time manually but Docker also gives you a convenience script that makes it really simple to install Docker in any environment so let's we're going to use the convenience script here so right here is the command we're going to copy this Command right here head over here paste it and this is going to download the install script let's check yes it is installed we do have to make it executable so we're going to do pseudo CH mod plus X get Docker and that's it now what do we have to do next let's head over we have to run the script obviously I'm going to skip the dry run part right here because it's I've tested it I know it works so we're just copy we're going to copy the first part of the command put it right here and let's let it run this is going to go through a bunch of different steps pull the right darker image and have it installed on your system let's wait for it to continue and then come back when it's stop okay it's done it it just took a few seconds but notice that there's something here I just want to bring your attention to this Docker compost plugin the docker compose is now automatically installed when you install Docker this wasn't the case previously you so uh the compost is now a plugin and you can use it you don't need to go through extra steps to install Docker compost that's it we went through setting up an lxc container un privileg lxc container and installing Docker on it at this point you're ready to get started on your Docker Journey follow one of my many guides to install Docker uh or Docker apps and then move on to traffic and then set up your ailia the eats an ocean from here on out if you really like this video hit that like button if you haven't already subscribe to my channel and what would also really help me is if you check out some of the subscription options I have on my website I have many different levels that give you several different privileges so check it out subscribe if you do it it would really help me out thank you for watching Go Geek Army
Info
Channel: SmartHomeBeginner
Views: 1,259
Rating: undefined out of 5
Keywords: docker, proxmox, lxc, linux containers, homelab
Id: -ZSQdJ62r-Q
Channel Id: undefined
Length: 20min 52sec (1252 seconds)
Published: Sat Mar 30 2024
Related Videos
Zabbix - Open Source Monitoring System | Proxmox Home Server Series | Proxmox Home Lab
MRP
4.8K
Getting the Most Performance out of TrueNAS and ZFS
Techno Tim
49K
The ULTIMATE Raspberry Pi 5 NAS
Jeff Geerling
488K
A deep dive into using Tailscale with Docker
Tailscale
32K
Mini Homelab Tour - I do a LOT with this Little Proxmox Server and 100+ Docker Apps
SmartHomeBeginner
7.9K
Exploring Proxmox from a VMware User's Perspective
2GuysTek
96K
Building a Mini PC Home Server: Proxmox, Docker, Jellyfin + Hardware Acceleration
WunderTech
19K
New Proxmox Import Wizard for Migrating VMware ESXi VMs
VirtualizationHowto
27K
Setting Up NAS Server On Proxmox
Novaspirit Tech
55K
Split A GPU Between Multiple Computers - Proxmox LXC (Unprivileged)
Jim's Garage
24K
NAS Shares On LXC - Unprivileged - Jellyfin Example
Jim's Garage
18K
Secure Your Self-Hosted Network with Wazuh
Techdox
29K
HomeLab and Colocation Architecture Review!
Techno Tim
32K
Must-Have OpenWrt Router Setup For Your Proxmox
Novaspirit Tech
28K
Proxmox 10 tweaks you need to know
VirtualizationHowto
18K
Secure authentication for EVERYTHING! // Authentik
Christian Lempa
75K
Tailscale inside LXC | Secure remote access to your server | Proxmox Home Server | Home Lab
MRP
30K
Setting up Proxmox CLUSTER and STORAGE (Local, ZFS, NFS, CEPH) | Proxmox Home Server Series
MRP
19K
Proxmox LXC - How To Guide - Better Than A VM?
Jim's Garage
40K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.