Posted inVirtualization

Guide to installing and using LXC containers on Proxmox VE: Lighter than VMs, faster than Docker

Virtualization tutorial - IT technology blog
Virtualization tutorial - IT technology blog

Guide to installing and using LXC containers on Proxmox VE: Lighter than VMs, faster than Docker

Those involved in homelab setups or managing small servers are undoubtedly familiar with Proxmox VE. It’s a powerful, flexible virtualization platform. Currently, I’m running my homelab with Proxmox VE, managing up to 12 VMs and containers. I consider it a ‘playground’ for testing everything before deploying to a real-world environment. However, a common challenge I face is resource optimization, especially when needing to run multiple small services.

The Headache of Proxmox VE Resources: When VMs Become Too “Heavy”

Initially, I often created a separate virtual machine (VM) for each service. But in reality, even a minimal Ubuntu Server VM can ‘devour’ hundreds of MBs of RAM and several GBs of disk space just for the operating system. Even if I only wanted to run small services like Pi-hole or Nginx Proxy Manager, allocating significant resources to the VM’s entire OS was still mandatory. Moreover, VM startup times are not quick at all, often taking tens of seconds, sometimes even minutes.

This situation becomes even more evident when I want to experiment with various projects. Each service having its own VM quickly ‘drains’ the physical server’s resources. Clearly, resources are limited. I needed a lighter, faster-starting alternative that still ensured isolation and stability for each service.

The Root Cause: Differences Between VMs, Containers, and LXC

To understand why VMs are “heavy” and what the optimal solution is, let’s look at how these virtualization technologies work.

Virtual Machines (VMs): Perfect Isolation, but “Expensive” in Resources

Essentially, a virtual machine is a complete computer simulated by software. Each VM has its own operating system (Guest OS), including its kernel. A hypervisor (like Proxmox VE) manages hardware virtualization and then allocates virtual resources to each VM. The isolation between VMs is almost perfect: if one VM encounters an issue, it won’t affect other VMs or the Proxmox host.

Advantages: Strong isolation; flexibility to run any operating system (Windows, Linux, BSD); easy migration between compatible hypervisors.

Disadvantages: High overhead as each VM must run its own OS kernel; costly in resources (RAM, CPU, disk I/O) even when not fully utilized; long startup times.

Docker: Lighter, but Still Needs a Host OS

Docker is an extremely popular container technology. It allows packaging applications along with all dependencies into a single “container.” Docker containers share the host operating system’s kernel. As a result, they start incredibly fast and use resources much more efficiently than VMs.

Advantages: Extremely fast startup (only a few seconds); high resource efficiency; easy packaging, distribution, and migration of applications.

Disadvantages: Requires a host operating system to run the Docker Engine. On Proxmox, this typically means you have to run Docker inside a Linux VM, adding an extra layer of overhead to that VM.

LXC (Linux Containers): A Balanced Solution for Proxmox VE

LXC (Linux Containers) is an operating-system-level virtualization technology. It allows running multiple isolated Linux environments on the same Linux host server. Like Docker, LXC also shares the host operating system’s kernel. However, LXC provides a more complete environment, almost like a ‘real’ virtual machine, rather than just a Docker container. Each LXC container can have its own init system (systemd), SSH server, private IP address, and be managed like an independent operating system.

Advantages:

  • Lighter than VMs: No separate kernel needed, significantly saving RAM and CPU.
  • Faster than VMs: Starts up in just a few seconds.
  • Good Isolation: Provides operating system-level isolation, sufficient for most services.
  • Tight Integration with Proxmox VE: Easy to create, manage, back up, and snapshot directly from Proxmox’s web interface.
  • VM-like: Services can be installed and managed as if on a regular VM.

Disadvantages: Can only run Linux operating systems as guests. Less portable than Docker images if needing to run on non-Linux platforms or platforms without LXC.

Solutions and Why LXC is the Best Choice on Proxmox VE

Continuing to Use VMs (and their limitations)

Using VMs is still necessary for some specific cases. For example, when you need to run Windows Server or other non-Linux operating systems. Or if the service requires absolute security isolation and does not want to share the host kernel. However, for most lightweight Linux services in a homelab, VMs represent a significant waste of resources.

Running Docker in a VM (double overhead)

This is a solution I see many people use: creating a Linux VM (e.g., Ubuntu Server), then installing the Docker Engine into that VM and running Docker containers inside. This approach is suitable for complex CI/CD development environments or when you already have Docker Compose files. However, the drawback is that you still incur the overhead of a full Linux VM, plus the resources consumed by the Docker Engine. In other words, you are layering two virtualization technologies, which is not optimal for performance.

LXC on Proxmox VE: The Optimal Choice

With Proxmox VE, LXC containers are the answer to resource optimization while maintaining isolation. Proxmox VE has LXC integrated, allowing you to create and manage containers directly from the host. This means LXC containers will run on the Proxmox host’s Linux kernel, significantly reducing resource consumption compared to VMs.

I often use LXC for most lightweight services like Pi-hole for ad blocking, Home Assistant for smart home automation, WireGuard VPN server, Plex Media Server, or reverse proxies like Nginx Proxy Manager. They start quickly, use little RAM, and I can manage them as independent servers via SSH or Proxmox’s web interface. This is the perfect solution for me to test everything before going into production, ensuring my ‘playground’ always runs smoothly.

Detailed Guide to Installing and Configuring LXC Containers on Proxmox VE

Now, I will walk you through the step-by-step process of creating and configuring an LXC container on Proxmox VE.

Step 1: Download Operating System Template

Proxmox uses pre-packaged templates for LXC, enabling quick deployment. You can download them via the web interface or command line.

Via web interface: Go to Datacenter > Storage > Select Storage (e.g., local) > CT Templates > Templates. Choose the template you want (e.g., debian-11-standard) and click Download.

Via command line (SSH into Proxmox host):

# Update the list of available templates
pveam update

# List available Linux templates (system section)
pveam available --section system

# Download Debian 11 standard template (replace with your desired template name)
pveam download local debian-11-standard_11.0-1_amd64.tar.gz

Step 2: Create LXC Container

You can create an LXC via the web interface or by using the pct create command.

Via web interface: Click the “Create CT” button in the top right corner. Fill in the necessary information such as hostname, password, CPU, RAM, disk, network. Always remember to select “Unprivileged container” in the OS tab to enhance security.

Via command line: I prefer using the pct create command because it’s fast and can be scripted. For example, to create LXC ID 101 with Debian 11, 512MB RAM:

pct create 101 local:vztmpl/debian-11-standard_11.0-1_amd64.tar.gz \ 
    --hostname mylxc-server \ 
    --password your_secure_password \ 
    --memory 512 \ 
    --swap 0 \ 
    --cores 1 \ 
    --net0 name=eth0,bridge=vmbr0,ip=192.168.1.101/24,gw=192.168.1.1 \ 
    --rootfs local-lvm:8 \ 
    --unprivileged 1 \ 
    --onboot 1

Explanation of key parameters:

  • 101: Unique ID of the container.
  • local:vztmpl/debian-11-standard_11.0-1_amd64.tar.gz: Specifies the storage (local) and OS template.
  • --hostname mylxc-server: Hostname of the container.
  • --password your_secure_password: Password for the root user.
  • --memory 512: 512 MB RAM.
  • --swap 0: No swap usage (can be increased if needed).
  • --cores 1: 1 CPU core.
  • --net0 name=eth0,bridge=vmbr0,ip=192.168.1.101/24,gw=192.168.1.1: Configures the first network card (eth0), connected to bridge vmbr0, assigned a static IP.
  • --rootfs local-lvm:8: 8GB root filesystem on local-lvm storage.
  • --unprivileged 1: Very important! Runs the container in unprivileged mode to enhance security.
  • --onboot 1: Container will automatically start with the Proxmox host.

Step 3: Basic Configuration After Creation

After creation, the container does not start automatically. You need to start it up.

# Start container with ID 101
pct start 101

# Access the container's console
pct enter 101

Inside the container, you can install and configure it like a regular Linux operating system. The first thing I usually do is update the system:

apt update && apt upgrade -y

If you want to access via SSH, install an SSH server:

apt install openssh-server -y

After that, you can exit the console (exit) and SSH into the container using the configured IP address.

Advanced Configurations and Best Practices

  • Mount Point (Bind Mounts): Share directories from the Proxmox host into the container. This is extremely useful when you want the container to access large amounts of data without having to copy it into the container. For example, a directory containing movies for Plex, or configurations for other services. To do this, you need to add the following line to the container’s configuration file on the Proxmox host (e.g., /etc/pve/lxc/101.conf):
# On the Proxmox host, open the file /etc/pve/lxc/101.conf
# Add the following line to the end of the file:
mp0: /path/on/host,mp=/path/in/container

# Example: Share the media directory from the host to the Plex container
mp0: /mnt/data/media,mp=/var/lib/plexmedia
  • Unprivileged Container Permissions: As mentioned above, always prioritize using unprivileged containers (--unprivileged 1). This significantly enhances security, as processes inside the container will not have root privileges on the Proxmox host.
  • Resource Limits: Allocate just enough resources (RAM, CPU) for the container. Do not allocate too much RAM if the service only needs a little. Proxmox allows you to flexibly change these limits after the container has been created.
  • Network Customization: You can configure multiple virtual network cards for the container, or configure VLAN tags if your network infrastructure supports it.

Daily Management of LXC Containers on Proxmox VE

Daily management of LXC containers is quite simple; you can perform it via the web interface or using the pct command on the Proxmox host.

  • Start: pct start <ID> (e.g., pct start 101)
  • Stop: pct stop <ID>
  • Restart: pct restart <ID>
  • List all containers: pct list
  • Access console: pct enter <ID> (faster than SSH if you only want to run a quick command)

A useful tip is to utilize Proxmox’s Backup and Snapshot features for LXC. This helps me immensely when needing to test a major change. I create a snapshot beforehand. If something goes wrong, I can simply roll back to the previous state in a few seconds. It’s very convenient and safe.

To further optimize, I also often write small scripts to automate the creation and configuration of identical LXCs. This saves time and ensures consistency.

Conclusion: LXC – The Indispensable Companion for Proxmox VE

From personal experience, I find LXC containers to be an excellent choice for optimizing resources on Proxmox VE. They offer a perfect balance between Docker’s performance and VM’s isolation capabilities, especially well-suited for lightweight Linux services. Using LXC not only helps me save RAM and CPU but also accelerates service deployment and management in my homelab.

If you are looking for an effective way to run lightweight services on Proxmox VE, don’t hesitate to explore and implement LXC containers. I believe you will be satisfied with the lightness, speed, and ease of management they provide. This is truly one of the valuable lessons I learned while working with Proxmox.

Share: