Data storage for containers in LCX / VM

conrad82@lemmy.world to Selfhosted@lemmy.world – 10 points –

I run my containers in an LCX on Proxmox (yes I heard I should use a VM, but it works..)

For data storage (syncthing, jellyfin ..) I make volumes in the LXC. But I was wondering if this is the best way?

I started thinking about restoring backups. The docker backups can get quite large with all the user data. I was wondering if a separate "NAS" VM and NFS shares makes more sense. Then restoring/cloning docker lxc would be faster, for troubleshooting. And the user data I could restore separately.

What do you guys do?

11

I run my dockers all in one VM, with persistent volumes over NFS. That way the entire thing could take a dump and as long as I have the nfs volume, we’re Gucci.

If you're using LXC and your filesystem is BTRFS you can use the built in snapshots.

Yes, before doing major changes i usually run a snapshot

I listened to https://thehomelab.show/ podcast today, and they mentioned that before doing major upgrades, you could create a clone VM from latest backups and test the upgrades before doing them for real. That way you both ensure safe upgrade and also make sure your backup is restorable.

It sounded like a good idea, but it got me thinking of the size of my LXC filled with user data.. So I was wondering if I was doing it wrong

With BTRFS you can take a snapshot, upgrade and if things go wrong rollback to the snapshot. Snapshot are incremental so you won't have issues with your data.

I use unpriveliged LXC für everything I have running in my proxmox.

Plex, syncthing, rclone, motioneye, pyload all in seperate Lxc on the boot drive.

All data of those is on my mirror raid, including the lxc backups. The rclone lxc backs the important data onto my cloud drive.

Do you use reverse proxy?

One of the reasons I use a single lxc is that I can reverse proxy containers without exposing ports / http to the LAN, it seemed like a good feature to me.

No reverse proxy. In LAN everything is seen and accessible.

No port is open to WAN, I connect via my router VPN from extern.

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
LXC Linux Containers
Plex Brand of media server package
VPN Virtual Private Network

3 acronyms in this thread; the most compressed thread commented on today has 10 acronyms.

[Thread #57 for this sub, first seen 17th Aug 2023, 17:45] [FAQ] [Full list] [Contact] [Source code]