Anyone else just sick of trying to follow guides that cover 95% of the process, or maybe slightly miss a step and then spend hours troubleshooting setups just to get it to work?
I think I just have too much going in my “lab” the point that when something breaks (and my wife and/or kids complain) it’s more of a hassle to try and remember how to fix or troubleshoot stuff. I lightly document myself cuz I feel like I can remember well enough. But then it’s a style to find the time to fix, or stuff is tested and 80%completed but never fully used because life is busy and I don’t have loads of free time to pour into this stuff anymore. I hate giving all that data to big tech, but I also hate trying to manage 15 different containers or VMs, or other services. Some stuff is fine/easy or requires little effort, but others just don’t seem worth it.
I miss GUIs with stuff where I could fumble through settings to fix it as is easier for me to look through all that vs read a bunch of commands.
Idk, do you get lab burnout? Maybe cuz I do IT for work too it just feels like it’s never ending…
I don’t run a service unless it has reasonably good documentation. I’ll go through it first and make sure I understand how it’s supposed to run, what port(s) are used, and if I have an actual, practical use case for it.
You’re absolutely correct in that sometimes the documentation glosses over or completely omits important details. One such service is Radicale. The documentation for running a Docker container is severely lacking.
My biggest problem is every docker image thinks they’re a unique snowflake and how would anyone else be using such a unique port number like 80?
I know I can change, believe me I know I have to change it, but I wish guides would acknowledge it and emphasize choosing a unique port.
Most put it on port 80 with the perfectly valid assumption that the user is sticking a reverse proxy in front of it. Container should expose 80 not port forward 80.
There are no valid assumptions for port 80 imo. Unless your software is literally a pure http server, you should assume something else has already bound to port 80.
Why do I have vague memories of Skype wanting to use port 80 for something and me having issues with that some 15 years ago?
Edit: I just realized this might be for containerized applications… I’m still used to running it on bare metal. Still though… 80 seems sacrilege.
Why expose any ports at all. Just use reverse proxy and expose that port and all the others just happen internally.
Still gotta configure ports for the reverse proxy to access.
Reverse proxy still goes over a port
Yes, I get lab burnout. I do not want to be fiddling with stuff after my day job. You should give yourself a break and do something else after hours, my dude.
BUT
I do not miss GUIs. Containers are a massive win in terms because they are declarative, reproducible, and can be version controlled.
Yeah, since Christmas, I more it sounds silly, but I’ve been playing a ton of video games with my kids lol. But not like CoD, more like Grounded 2, Gang Beasts, and Stumble Guys lmao
You’re doing i right. Playing cool games with your kids sounds like a blast and some great memories :)
If you’ll let me self promote for a second, this was part of the inspiration for my Ansible Homelab Orchestration project. After dealing with a lot of those projects that practically force you to read through the code to get a working environment, I wanted a way to reproducably spin up my entire homelab should I need to move computers or if my computer dies (both of which have happened, and having a setup like this helped tremendously). So far the ansible playbook supports 117 applications, most of which can be enabled with a single configuration line:
immich_enabled: true nextcloud_enabled: trueAnd it will orchestrate all the containers, networks, directories, etc for you with reasonable defaults. All of which can be overwritten, for example to enable extra features like hardware acceleration:
immich_hardware_acceleration: "-cuda"Or to automatically get a letsencrypt cert and expose the application on a subdomain to the outside world:
immich_available_externally: trueIt also comes with scripts and tests to help add your own applications and ensure they work properly
I also spent a lot of time writing the documentation so no one else had to suffer through some of the more complicated applications haha (link)
Edit: I am personally running 74 containers through this setup, complete with backups, automatic ssl cert renewal, and monitoring
That’s neat. I never gave ansible playbooks any thought because I thought it would just add a layer of abstraction and that containers couldn’t be easier but reading your post I think I have been wrong.
While it is true that Ansible is a different tool that you need to learn the basics of (if you want to edit/add applications), all of the docker stuff is pretty comparable. For example, this is the equivalent of a docker compose file for SilverBullet (note taking app): https://github.com/Dylancyclone/ansible-homelab-orchestration/blob/main/roles/silverbullet/tasks/main.yml
You can see it’s volumes, environment variables, ports, labels, etc just like a regular docker compose (just in a slightly different format, like environment variables are listed as
envinstead ofenvironment), but the most important thing is that everything is filled in with variables. So for SilverBullet, any of these variables can be overwritten, and you’d never have to look at/tweak the “docker compose.” Then, if any issue is found in the playbook, anyone can pull in the changes and get the fix without any work from themselves, and if manual intervention is needed (like an app updated and now requires a new key or something), the playbook can let you know to avoid breaking something: https://dylancyclone.github.io/ansible-homelab-orchestration/guides/updating/#handling-breaking-changes
Yeah, self promote away lol
I reject a lot of apps that require a docker compose that contains a database and caching infrastructure etc. All I need is the process and they ought to use SQLite by default because my needs are not going to exceed its capabilities. A lot of these self hosted apps are being overbuilt and coming without defaults or poor defaults and causing a lot of extra work to deploy them.
Databases.
I ran PaperlessNGX for a while, everything is fine. Suddenly I realize its version of Postgresql is not supported anymore so the container won’t start.
Following some guides, trying to log into the container by itself, and then use a bunch of commands to attempt to migrate said database have not really worked.
This is one of those things that feels like a HUGE gotcha to somebody that doesn’t work with databases.
So the container’s kinda just sitting there, disabled. I’m considering just starting it all fresh with the same data volume and redoing all that information, or giving this thing another go…
…But yeah I’ve kinda learned to hate things that rely on database containers that can’t update themselves or have automated migration scripts.
I’m glad I didn’t rely on that service TOO much.
Some apps really go overboard, I tried out a bookmark collection app called Linkwarden some time ago and it needed 3 docker containers and 800MB RAM
Found an alternative solution to recommend?
No, but I’d like to hear it if anyone else finds one
You should take notes about how you set up each app. I have a directory for each self hosted app, and I include a README.md that includes stuff like links to repos and tutorials, lists of nuances of the setup, itemized lists of things that I’d like to do with it in the future, and any shortcomings it has for my purposes. Of course I also include build scripts so I can just “make bounce” and the software starts up without me having to remember all the app-specific commands and configs.
If a tutorial gets you 95% of the way, and you manage to get the other 5% on your own, write down that info. Future you will be thankful. If not, write a section called “up next” that details where you’re running into challenges and need to make improvements.
I found a git repo with docker compose and the config files works well enough as long as you are willing to maintain a backup of the volumes and an .env file on KeePass (also backed up) for anything that might not be OK on a repo (even if private) like passwords and keys.
I started a blog specifically to make me document these things in a digestable manner. I doubt anyone will ever see it, but it’s for me. It’s a historical record of my projects and the steps and problems experienced when setting them up.
I’m using 11ty so I can just write markdown notes and publish static HTML using a very simple 11ty template. That takes all the hassle out of wrangling a website and all I have to do is markdown.
If someone stumbles across it in the slop ridden searchscape, I hope it helps them, but I know it will help me and that’s the goal.
While I am gaining plentiful information from this comments section already, wanted to add that the IT brain drain is real and you are not alone.
Haha, thanks! It’s probably more problematic being a solo IT guy as it feels like I don’t always have did dedicated time to get projects done. Part of why my lab is overkill is because I want something at work, so I spend a little time at home figuring stuff out, but, you know, family time n all…
Its still fun mostly, but work keeps assuming I must’ve freed up a lot of time in automating or improving stability so I keep being rewarded with more work outside of IT.
🤮 I hate gui config! Way too much hassle. Give me cli and a config file anyday! I love being able to just ssh into my server anytime from anywhere and fix, modify or install and setup something.
The key to not being overwhelmed is manageable deployment. Only setup one service at a time, get it working, safe and reliable before switching to actually using full time, then once certain it’s solid, implement the next tool or deployment.
My servers have almost no breakages or issues. They run 24/7/365 and are solid and reliable. Only time anything breaks is either an update or new service deployment, but they are just user error by me and not the servers fault.
Although I don’t work in IT so maybe the small bits of maintenance I actually do feel less to me?
I have 26 containers running, plus a fair few bare metal services. Plus I do a bit of software dev as a hobby.
Story of my life (minus the dev part). I self host everything out of a Proxmox server and CasaOS for sandboxing and trying new FOSS stuff out. Unless the internet goes out, everything is up 24/7 and rarely do I need to go in there and fix something.
I love cli and config files, so I can write some scripts to automate it all.
It documents itself.
Whenever I have to do GUI stuff I always forget a step or do things out of order or something.exactly this! notes in the config files is all the documentation i need. and scripting and automating is so important to a self running and self healing server.
If a project doesn’t make it dead simple to manage via docker compose and environment variables, just don’t use it.
I run close to 100 services all using docker compose and it’s an incredibly simple, repeatable, self documenting process. Spinning up some new things is effortless and takes minutes to have it set up, accessible from the internet, and connected to my SSO.
Sometimes you see a program and it starts with “Clone this repo” and it has a docker compose file, six env files, some extra fig files, and consists of a front end container, back end container. Database container, message queueing container, etc… just close that web page and don’t bother with that project lol.
That being said, I think there’s a bigger issue at play here. If you “work in IT” and are burnt out from “15 containers and a lack of a gui” I’m afraid to say you’re in the wrong field of work and you’re trying to jam a square peg in a round hole
I agree with that 3rd paragraph lol. That’s probably some of my issue at times. As far IT goes, does it not get overwhelming of you had a 9 hour workday just to hear someone at home complain this other thing you run doesn’t work and you have to troubleshoot that now too?
Without going into too much detail, I’m a solo operation guy for about 200 end users. We’re a Win11 and Office shop like most, and I’ve upgraded pretty much every system since my time starting. I’ve utilized some self-host options too, to help in the day to day which is nice as it offloads some work.
It’s just, especially after a long day, to play IT at home can be a bit much. I don’t normally mind, but I think I just know the Windows stuff well enough through and through, so taking on new Docker or self host tools stuff is Apple’s and oranges sometimes. Maybe I’m getting spoiled with all the turn key stuff at work, too.
I’m an infrastructure guy, I manage a few datacenters that host some backends for ~100,000 IoT devices and some web apps that serve a few million requests a day each. It sounds like a lot, but the only real difference between my work and yours is that at the scale I’m working with, things have to be built in a way that they run uninterrupted with as little interaction from me as possible. You see fewer GUIs, and things stop being super quick and easy to initially get up and running, but the extra effort spent architecting things right rewards you with a much lighter troubleshooting and firefighting workload.
You sorta stop being a mechanic that maintenances and fixes problem cars, and start being an engineer that builds cars to have as few problems as possible. You lose the luxury of being able to fumble around under a car and visually find an oil filter to change, and start having to make decisions on where to put the oil filter from scratch, but to me it is far more rewarding and satisfying. And ultimately the way that self hosting works these days, it has embraced the latter over the former. It’s just a different mindset from the legacy click-ops sysadmin days of IT.
What this looks like to me in your example is, when I have users of my selfhosted stuff complain about something not working, I’m not envisioning yet another car rolling into the shop for me to fix. I envision a puzzle that must be solved. Something that needs optimization or rearchitecting that will make the problem that user had go away, or at the very least fix itself, or alert me so I can fix it before the user complains.
This paradigm I work under is more work, but the work is rewarding and it’s “fun” when I identify a problem that needs solving and solve it. If that isn’t “fun” to you, then all you’re left is the bunch more work part.
So ultimately what you need to figure out is what your goal is. If you’re not interested in this new paradigm and you just want turnkey solutions there are ways of self hosted that are more suited to that mindset. You get less flexibility, but there’s less work involved. And to be clear there’s absolutely nothing wrong with that. At the end of the day you have to do what works for you.
My recommendations to you assuming you just want to self hosted with as little work and maintenance as possible:
- Stick with projects that are simple to set up and are low maintenance. If a project seems like a ton of work get going, just don’t use it. Take the time to shop around for something simpler. Even I do this a lot.
- Try some more turn key self hosting solutions. Anything with an App Store for applications. UnRAID, CasaOS, things of that nature that either have one click deploy apps, or at least have pre-filled templates where all you need to do is provide a couple variable values. You won’t learn as much career wise this way, but it’ll take a huge mental load off.
- When it comes to tools your family is likely to depend on and thus complain about, instead of selfhosting those things perhaps look for a non-big tech alternative. For example, self hosting email can be a lot of work. But you don’t have to use Gmail either. Move your family to ProtonMail or Tutanota, or other similar privacy friendly alternatives. Leave your self hosting for less critical apps that nobody will really care if it goes down and you can fix at your leisure.
That being said, I think there’s a bigger issue at play here. If you “work in IT” and are burnt out from “15 containers and a lack of a gui” I’m afraid to say you’re in the wrong field of work and you’re trying to jam a square peg in a round hole.
Honestly, this is the kind of response that actually makes me want to stop self hosting. Community members that have little empathy.
I work in IT and like most we’re also a Windows shop. I have zero professional experience with Linux but I’m learning through my home lab while simultaneously trying extract myself from the privacy cluster fuck that is the current consumer tech industry. It’s a transition and the documentation I find more or less matches the OPs experience.
I research, pick what seems to be the best for my situation (often most popular), get it working with sustainable, minimal complexity, and in short time find that some small, vital aspect of its setup (like reverse proxy) has literally zero documentation for getting it to work with some other vital part of my setup. I guess I should have made a better choice 18 months ago when I didn’t expect to find this new service accessible. I find some two year old Github issue comment that allegedly solves my exact problem that I can’t translate to the version I’m running because it’s two revisions newer. Most other responses are incomplete, RTFM, or “git gud n00b”, like your response here
Wherever you work, whatever industry, you can get burnt out. It’s got nothing to do with if you’ve “got what it takes” or whatever bullshit you think “you’re in the wrong field of work and you’re trying to jam a square peg in a round hole” equates to.
I run close to 100 services all using docker compose and it’s an incredibly simple, repeatable, self documenting process. Spinning up some new things is effortless and takes minutes to have it set up, accessible from the internet, and connected to my SSO.
If it’s that easy, then point me to where you’ve written about it. I’d love to learn what 100 services you’ve cloned the repos for, tweaked a few files in a few minutes, and run with minimal maintenance all working together harmoniously.
You’ve completely misread everything I’ve said.
Let’s make a few things clear here.
My response is not “Git gud”. My response is that sometimes there are selfhosted projects that are really cool and many people recommend, but the set up for them is genuinely more complex than it should be, and you’re better off avoiding them instead of banging your head against a wall and stressing yourself out. Selfhosting should work for you, not against you. You can always take another crack at a project later when you’ve got more hands on experience.
Secondly, it’s not a matter of whether OP “has what it takes” in his career. I simply pointed out the fact that everything he seems to hate about selfhosting, are fundamental core principals of working in IT. My response to him isn’t that he can’t hack it, it seems more like he just genuinely doesn’t like it. I’m suggesting that it won’t get better because this is what IT is. What that means to OP is up to him. Maybe he doesn’t care because the money is good which is valid. But maybe he considers eventually moving into a career he doesn’t hate, and then the selfhosting stuff won’t bother him so much. As a matter of fact, OP himself didn’t take offense to that suggestion the way you did. He agreed with my assessment.
As you learn more about self hosting, you’ll find that certain things like reverse proxy set up isn’t always included in the documentation because it’s not really a part of the project. How reverse proxies (And by extension http as a whole) work is a technology to learn on its own. I rarely have to read documentation on RP for a project because I just know how reverse proxying works. It’s not really the responsibility of a given project to tell you how to do it, unless their project has a unique gotcha involved. I do however love when they do include it, as I think that selfhosting should be more accessible to people who don’t work in IT.
If it’s that easy, then point me to where you’ve written about it. I’d love to learn what 100 services you’ve cloned the repos for, tweaked a few files in a few minutes, and run with minimal maintenance all working together harmoniously.
Most of them TBH. I often don’t engage with a project that involves me cloning a repo because I know it means it’s going to be a finicky pain in the ass. But most things I set up were done in less than 20 minutes, including secure access from the internet using a VPS proxy with a WAF and CrowdSec, and integration with my SSO. If you want to share with me your common pain points, or want an example of what my workflow looks like let me know.
I’ve misread the tone, I agree. I apologize for that. However, I find that his complaints were not about things that are always “fundamental core principals of working in IT”. For some, sure, but where I work I’m by far the employee with the most familiarity with CLI/powershell and scripting. Almost everything is done via a GUI or web interface if it can be. I would tell any of my coworkers that maybe IT isn’t for them.
I also, in a rush to finish, misremembered and incorrectly reread some of your words too quickly. You did not recommend the “clone a repo” solutions, you advised against them. Again, I apologize. I still am suspicious of this massive collection of self hosted services that work perfectly with each other after like 20 minutes of tweaking and little maintenance. That was what I was trying to imply with that section. I’ve lost close to a dozen 6-10 hour sessions on Saturdays pulling my hair out because I can’t seem to find out how to do some specific things that it seems like I need to do to make some “easy” new service to work with my setup. It’s like that Malcom in the Middle (?) clip of the dad 5 projects deep at the end of the day trying to fix some simple problem in the morning.
I’ll try to document some of my issues this weekend. I would honestly appreciate any help or recommendations.
For some, sure, but where I work I’m by far the employee with the most familiarity with CLI/powershell and scripting. Almost everything is done via a GUI or web interface if it can be.
I don’t mean this in a disparaging way because I too got my start in an environment like that, but that’s a very legacy environment. When I talk about core principles of working in IT, I mean the state of IT today in 2026, as well as where it’s headed in the future. It sounds like your workplace is one of those SMBs that’s still stuck in the glory days. Thats not what IT is it’s what IT was. And so unless you’re currently end of career, you’re going to have to give that up and embrace this new paradigm or be washed out eventually. So when I say “It isn’t the field for you” in the context of OP I just mean that it isn’t going to get better. It’ll be less and less like the way you know it every day, and more and more like the way OP doesn’t like it.
For example you say you are the most familiar in your entire workplace with “powershell and scripting”, however I literally got teased just the other day by solving a niche problem with a powershell script. “How very 2010 of you”.
I don’t say this to belittle you, as I was the same guy as you not too many years ago. And I get that you’re banging your head against this new paradigm, but this is the stuff you really do want to stick with IF it’s your goal to grow in IT long term. It will click eventually given enough time. I am definitely willing to help you with any questions you might have or perhaps if I have time I can try and demonstrate my workflow for a standard container deployment.
Some questions I would ask you are
- How are you running your docker containers? Run commands? Compose? Portainer or some alternative?
- are you trying to expose them to the internet, or only internally?
- do you use a reverse proxy or are you just exposing direct ports and connecting that way?
- do you have an example of a specific project you struggled to get running?
Honestly, this is the kind of response that actually makes me want to stop self hosting. Community members that have little empathy.
why. it was not telling that they should quit self hosting. it was not condescending either, I think. it was about work.
but truth be told IT is a very wide field, and maybe that generalization is actually not good. still, 15 containers is not much, and as I see it they help with not letting all your hosted software make a total mess on your system.
working with the terminal sometimes feels like working with long tools in a narrow space, not being able to fully use my hands, but UX design is hard, and so making useful GUIs is hard and also takes much more time than making a well organized CLI tool.
in my experience the most important here is to get used to common operations in a terminal text editor, and find an organized directory structure for your services that work for you. Also, using man pages and --help outputs. But when you can afford doing it, you could scp files or complete directories to your desktop for editing with a proper text editor.IT is a very wide field, and maybe that generalization is actually not good
That was what set me off. I was having a bad morning and misread the tone to be more dismissive than it likely was.
You’re not alone.
The industry itself has become pointlessly layered like some origami hell. As a former OS security guy I can say it’s not in a good state with all the supply-chain risks.
At the same time, many ‘help’ articles are karma-farming ‘splogs’ of low quality and/or just slop that they’re not really useful. When something’s missing, it feels to our imposter syndrome like it’s a skills issue.
Simplify your life. Ditch and avoid anything with containers or bizarre architectures that feels too intricate. Decide what you need and run those on really reliable options. Auto patching is your friend (but choose a distro and package format where it’s atomic and rolls back easily).
You don’t need to come home only to work. This is supposed to be FUN for some of us. Don’t chase the Joneses, but just do what you want.
Once you’ve simplified, get in the habit of going outside. You’ll feel a lot better about it.
That’s true, I’ve done a lot of stuff as testing that I thought would be useful services but then never really got used by me, so I didn’t maintain.
I didn’t take the time to really dive in and learn Docker outside of a few guides, probably why is a struggle…
Sounds like you haven’t taken the time to properly design your environment.
Lots of home gamers just throw stuff together and just “hack things till they work”.
You need to step back and organize your shit. Develop a pattern, automate things, use source control, etc. Don’t just file follow the weirdly -opinionated setup instructions. Make it fit your standard.
This. I definitely need to take the time to organize. A few months ago, I setup a new 4U rosewill case w 24 hotswap as bays. Expanded my storage quite a bit, but need to finish moving some services too. I went from a big outdated SMC server to reusing an old gaming mobo since its an i7 but 95w vs 125wx2 lol.
It took a week just to move all my Plex data cuz that Supermicro was only 1GbE.
only 1gbE
What needs more than 1gbe? Are you streaming 8k?
Sounds like you are your own worst enemy. Take a step back and think about how many of these projects are worth completing and which are just for fun and draw a line.
And automate. There are tools to help with this.
What needs more than 1gbe? Are you streaming 8k?
I think they wanted to mean it was a bottleneck while moving to the new hardware
Yeah, transferring 80TB took what felt like an eternity. My Plex has a 2.5GbE and my switch is 10GbE but my SFP+ NIC in the storage wasn’t playing well…
Use portainer for managing docker containers. I prefer a GUI as well and portainer makes the whole process much more comfortable for me.
+1 for Portainer. There are other such options, maybe even better, but I can drive the Portainer bus.
just know that sometimes their buggy frontend loads the analytics code even if you have opted outm there’s an ages old issue of this on their github repo, closed because they don’t care.
It’s matomo analytics, so not as bad as some big tech, but still.
Why did I never think of that?! That would make sense lol. Thank you!
No problem. I have been using it for a while and I really like it. There’s nothing stopping you from doing it the old fashioned way if you find you don’t like portainer but once you familiarize yourself with it I think you’ll be hooked on the concept.
I’m sick of everything moving to a docker image myself. I understand on a standard setup the isolation is nice, but I use Proxmox and would love to be able to actually use its isolation capabilities. The environment is already suited for the program. Just give me a standard installer for the love of tech.
unless you have zillion gigabytes of RAM, you really don’t want to spin up a VM for each thing you host. the separate OS-es have a huge memory overhead, with all the running services, cache memory, etc. the memory usage of most services can largely vary, so if you could just assign 200 MB RAM to each VM that would be moderate, but you can’t, because when it will need more RAM than that, it will crash, possibly leaving operations in half and leading to corruption. and to assign 2 GB RAM to every VM is waste.
I use proxmox too, but I only have a few VMs, mostly based on how critical a service is.
For VMs, I fully agree with you, but the best part about Proxmox is the ability to use containers, or CTs, which share system resources. So unlike a VM, if you specify a container has two gigs of RAM, that just means that it has two gigs of RAM that it can use, unlike the VM where it’s going to use that amount (and will crash if it can’t get that amount)
These CT’s do the equivalent of what docker does, which is share the system space with other services with isolation, While giving an easy to administrate and backup system, while keeping it able to be seperate by service.
For example, with a Proxmox CT, I can do snapshots of the container itself before I do any type of work, if where if I was using Docker on a primary machine, I would need to back up the Docker container completely. Additionally, having them as CTs mean that I can run straight on the container itself instead of having to edit a Docker file which by design is meant to be ephemeral. If I had to take troubleshooting bare bones versus troubleshooting a Docker container, I’m going to choose bare bones every step of the way.(You can even run an Alpine CT if you would rather keep the average Docker container setup)
Also for the over committing thing, be aware that your issue you’ve stated there will happen with a Docker setup as well. Docker doesn’t care about the amount of RAM the system is allotted. And when you over-allocate the system, RAM-wise, it will start killing containers potentially leaving them in the same state.
Anyway, long story short, Docker containers do basically the same thing that a Proxmox CT does. it’s just ephemeral instead of persistent, And designed to be plug-and-go, which I’ve found in the case of running a Proxmox-style setup, isn’t super handy due to the fact that a lot of times I would want to share resources such as having a dedicated database or caching system, Which is generally a pain in the butt to try to implement on Docker setups.
oh, LXC containers! I see. I never used them because I find LXC setup more complicated, once tried to use a turnkey samba container but couldn’t even figure out where to add the container image to LXC, or how to start if not that way.
but also, I like that this way my random containerized services use a different kernel, not the main proxmox kernel, for isolation.
Additionally, having them as CTs mean that I can run straight on the container itself instead of having to edit a Docker file which by design is meant to be ephemeral.
I don’t understand this point. on docker, it’s rare that you need to touch the Dockerfile (which contains the container image build instructions). did you mean the docker compose file? or a script file that contains a docker run command?
also, you can run commands or open a shell in any container with docker, except if the container image does not contain any shell binary (but even then, copying a busybox or something to a volume of the container would help), but that’s rare too.
you do it like this: docker exec -it containername command. bit lengthy, but bash aliases helpAlso for the over committing thing, be aware that your issue you’ve stated there will happen with a Docker setup as well. Docker doesn’t care about the amount of RAM the system is allotted. And when you over-allocate the system, RAM-wise, it will start killing containers potentially leaving them in the same state.
in docker I don’t allocate memory, and it’s not common to do so. it shares the system memory with all containers. docker has a rudimentary resource limit thingy, but what’s better is you can assign containers to a cgroup, and define resource limits or reservations that way. I manage cgroups with systemd “.slice” units, and it’s easier than it sounds
They are very nice. They share kernelspace so I can understand wanting isolation but, the ability to just throw a base Debian container on, assign it a resource pool and resource allocation, and install a service directly to it, while having it isolated from everything without having to use Docker’s emphereal by design system(which does have its perks but I hate troubleshooting containers on it) or having to use a full VM is nice.
And yes, by Docker file I would mean either the Docker file or the compose file(usually compose). By straight on the container I mean on the container, My CTs don’t run Docker period, aside from the one that has the primary Docker stack. So I don’t have that layer to worry about on most CT’s
As for the memory thing, I was just mentioning that Docker does the same thing that containers do if you don’t have enough RAM for what’s been provisioned. The way I had taken that original post is that specifying 2 gigs of RAM to the point the system exhausts it’s ram would cause corruption and the system crashes, which is true but docker falls for the same issue if the system exhausts it’s ram. That’s all I meant by it. Also cgroups sound cool, I gotta say I haven’t messed with them a whole lot. I wish proxmox had a better resource share system to designate a specific group as having X amount of max resources, and then have the CT or vm’s be using those pools.
I’m really confused here, you don’t like how everything is containerized, and your preferred method is to run Proxmox and containerize everything, but in an ecosystem with less portability and tooling?
I don’t like how everything is docker containerized.
I already run proxmox, which containerizes things by design with their CT’s and VM’s
Running a docker image ontop of that is just wasting system resources. (while also complicating the troubleshooting process) It doesn’t make sense to run a CT or VM for a container, just to put docker on it and run another container via that. It also completly bypasses everything that proxmox provides you for snapshotting and backup because proxmox’s system is for the entire container, and if all services are running on the same container all services are going to be snapshotted.
My current system allows me to have per service snapshots(and backups), all within the proxmox webUI, all containerized, and all restricted to their own resources. Docker is just not needed at this point.
A docker system just adds extra headway that isn’t needed. So yes, just give me a standard installer.
Nothing is “docker containerized”. Docker is just a daemon and set of tools for managing OCI compliant containers.
Running a docker image ontop of that is just wasting system resources.
No? If you spun up one VM in Proxmox and installed docker and used it to run 10 containers, that would use fewer system resources than running 10 LXC containers directly on Proxmox.
Like… you don’t like that the industry has adapted this efficient, portable, interchangeable, flexible, lightweight, mature technology, because you prefer the one that is heavier, less flexible, less portable, non-OCI compliant alternative?
are you are saying running docker in a container setup(which at this point would be 2 layers deep) uses less resources than 10 single layer deep containers?
I can agree with the statement that a single VM running docker with 10 containers uses less than 10 CT’s with docker installed then running their own containers(but that’s not what I do, or what I am asking for).
I currently do use one CT that has docker installed with all my docker images, which I wouldn’t do if I had the ability not to but some apps require docker) but this removes most of the benefits you get using proxmox in the first place.
One of the biggest advantages of using the hypervisor as a whole is the ability to isolate and run services as their own containers, without the need of actually entering the machine. (like for example if I"m screwing with a server, I can just snapshot the current setup and then rollback if it isn’t good) Throwing everything into a VM with docker bypasses that while adding headway to the system. I would need to backup the compose file (or however you are composing it) and the container, and then do my changes. My current system is a 1 click make my changes, if bad one click to revert.
For resource explanation. Installing docker into a VM on proxmox then running every container in that does waste resources. You have the resources that docker requires to function (which is currently 4 gigs of ram per their website but when testing I’ve seen as low as 1 gig work fine)+ cpu and whatever storage it takes up which is about half a gig or so) in a VM(which also uses more processing and ram than CT’s do as they no longer share resources). When compared to 10 CT’s that are finetuned to their specific app, you will have better performance running the CT’s than a VM running everything, while keeping your ability to snapshot and removing the extra layer and ephemeral design that docker has(this can be a good and bad thing, but when troubleshooting I learn towards good).
edit: clarification and general visibility so it wasnt bunched together.
are you are saying running docker in a container setup(which at this point would be 2 layers deep) uses less resources than 10 single layer deep containers?
If those 10 single layer deep containers are Proxmox’s LXC containers then yes, absolutely. OCI containers are isolated processes that run single services, usually just a single binary. There’s no OS, no init system. They’re very lightweight with very little overhead. They’re “containerized services”. LXC containers on the other hand are very heavy “system containers” that have a full OS and user space, init system, file systems etc. They are one step removed from being full size VMs, short of the fact that they can share the hosts kernel and don’t need to virtualize. In short, your single LXC running docker and a bunch of containers inside of it is far more resource efficient than running a bunch of separate LXC containers.
One of the biggest advantages of using the hypervisor as a whole is the ability to isolate and run services as their own containers, without the need of actually entering the machine
I mean that’s exactly what docker containers do but more efficiently.
I can just snapshot the current setup and then rollback if it isn’t good
I mean that’s sort of the entire idea behind docker containers as well. It can even be automated for zero downtime updates and deployments, as well as rollbacks.
When compared to 10 CT’s that are finetuned to their specific app, you will have better performance running the CT’s than a VM running everything
That is incorrect. Let’s break away from containers and VMs for a second and look deeper into what is happening under the hood here.
Option A (Docker + containers): One OS, One Init system, one full set of Linux libraries.
Option B (10 LXC containers): Ten operating systems, ten separate init systems, 10 separate sets of full Linux libraries.
Option A is far more lightweight, and becomes a more attractive option the more services you add.
And not only that, but as you found out, you don’t need to run a full VM for your docker host. You could just use an LXC. Though in that case I’d still prefer the one VM, so that your containers aren’t sharing your Proxmox Host’s kernel.
Like LXCs do have a use case, but it sounds like you’re using them to an alternative to regular service containers and that’s not really what it’s for.
I thought that was the point of supporting OCI in the latest version so you can pull docker images and run them like an lxc container
If there’s a way of pulling a Docker container and running it directly as a CT on Proxmox, please fill me in. I’ve been using it for a year and a half to two years now, but I haven’t seen any ability to directly use a Docker container as an LXC.
This was added in Proxmox 9.1
Will be looking into that, I haven’t upgraded from 8.4 yet. That sounds like a pretty decent thing to have. Thanks!
honestly, i 100% do not miss GUIs that hopefully do what you want them to do or have options grayed out or don’t include all the available options etc etc
i do get burnout, and i suffer many of the same symptoms. but i have a solution that works for me: NixOS
ok it does sound like i gave you more homework, but hear me out:
- with NixOS and flakes you have a commit history for your lab services, all centralized in one place.
- this can include as much documentation as you want: inline comments, commit messages, living documents in your repository, whatever
- even services that only provide a Docker based solution can be encapsulated and run by Nix, including using an alternate runtime like podman or containerd
- (this one will hammer me with downvotes but i genuinely do think that:) you can use an LLM agent like GitHub Copilot to get you started, learn the Nix language and ecosystem, and create Nix modules for things that need to be wrapped. i’ve been a software engineer for 15 years; i’ve got nothing to prove when it comes to making a working system. what i want is a working system.
I will check that out even though, yes is homework lol.
And +1 for the contribution to help a stranger out!
I just have yunohost do like 90% of the work nowadays. My day job is docker/cli so the last thing i want to do is more of it.
Never heard of that, definitely checking it out!
Yunohost is a pretty solid package. I think it has the most apps in it’s catalog. Point, click, enjoy pretty much. If you were looking for something that doesn’t require a lot upfront to get going, I would recommend Yunohost. There are others in that category as well.
