Proxmox Docker – Should You Use a VM or LXC Container?

---

Introduction – Why Run Docker on Proxmox?

Docker is a lightweight containerization platform that lets you run isolated applications without the overhead of virtual machines. It’s widely used in DevOps, homelabs, and testing environments. When it comes to running Docker on Proxmox, often referred to as “Proxmox docker,” you have a few options to consider. While this article isn’t about Docker itself, I’ll show you the best way to run it inside your Proxmox environment—either in an LXC container or a virtual machine (VM).

Since Proxmox VE is my virtualization platform of choice, the next logical question is: how should I run Docker inside Proxmox?

There are two main options—either inside a VM or inside an LXC container. A third option, running Docker directly on the Proxmox host, comes up often too. In this article, I’ll walk you through the pros and cons of each setup and explain why I think the VM option is the best choice in most cases.

---

Can You Run Docker on the Proxmox Host?

Technically, yes—you can install Docker directly on the Proxmox host. After all, it’s just Debian underneath. But I don’t recommend it—and neither does the Proxmox community.

“Docker injects iptables rules that will interfere with the PVE firewall and will—per default—render networking useless.”
— Proxmox Forum

Docker reconfigures network chains and NAT tables, which can break networking for your VMs and containers. You’ll end up troubleshooting random connectivity issues every time Docker restarts. Unless you like that kind of pain, skip this route.

A top Reddit post summed it up perfectly:

“Proxmox is a hypervisor—and should be used as such. If you’re not thinking of using it that way, maybe you should start over and install a regular Linux distro instead.”

While Docker can run in LXC or even on the Proxmox host, running it inside a VM is the safest and cleanest option—especially for a stable and secure setup.

---

Docker in an LXC Container

Running Docker in an LXC container is possible—and quite popular among experienced Proxmox users.

Pros:

• LXC containers are lighter and faster
• Low memory and CPU overhead
• LXCs offer faster boot speeds compared to VMs when running Docker.
• Direct storage access with bind mounts
  LXC containers support native bind mounts to host storage, which is faster and more efficient than using network-based storage (like NFS or SMB).

Cons:

• Docker works best in a privileged container, but it can run in an unprivileged one with extra config
• Requires enabling nesting, keyctl, and usually adjusting cgroup and AppArmor settings
• Not all Docker features work reliably
• You may face issues with networking, like microstutters or disconnects (as reported with Plex streaming)
• Docker updates or kernel changes in Proxmox might break your setup

If you’re comfortable tweaking container settings and fixing things when they break, LXC is a valid option—especially for lightweight services.

---

Docker in a Virtual Machines (Recommended)

Running Docker in a VM offers full isolation from the Proxmox host. This setup is ideal when you need to test new applications, run production workloads, or deploy more complex container stacks like Mailcow.

Pros:

• Full compatibility with Docker, Docker Compose, Portainer, etc.
• Clean separation from the Proxmox host
• No firewall conflicts or networking issues
• Easy to snapshot, backup, and migrate

Cons:

• Uses more resources (but Docker is lightweight, so it’s still efficient)
• Slightly longer setup time

By installing Docker on a Debian or Ubuntu VM, you get all the benefits of Docker without the risk of breaking your virtualization platform. It’s stable, flexible, and more future-proof.

From a security perspective, a VM is better isolated than an LXC.

“My rule is this… if the service(s) are ever to be exposed outside of my LAN, I run Docker in a VM. If not, I usually use an LXC. My reasoning is simple: the LXC container shares the host kernel. So if a service gets compromised, it’s much closer to the host. A VM adds an abstraction layer and its own kernel — it’s the security onion idea.”
— Reddit user

---

How to Run Docker on Proxmox – Step-by-Step

Here’s how I typically set up Docker in Proxmox. I’ll walk you through both approaches—VM (my recommendation) and LXC (for advanced users only). This section includes OS and template suggestions to keep your setup clean and future-proof.

Option 1: Set Up Docker in a Proxmox VM (Recommended)

This setup gives you full compatibility, clean backups, and no interference with Proxmox’s internals.

Recommended ISO Downloads

Use one of the following server images:

• Ubuntu Server 24.04 LTS
• Debian 12 “Bookworm” Netinst ISO

Both are lightweight, stable, and Docker-friendly. I personally lean toward Debian for minimalism or Ubuntu for its wider support.

Step 1: Create a New VM in Proxmox

• Go to Proxmox note, Create VM
• Use one of the above ISOs as your boot media
• Choose:
• CPU: 2 vCPU (more for heavier workloads)
• Memory: 2–4 GB RAM
• Disk: 20+ GB on SSD storage
• Enable QEMU Guest Agent in “Options” after install
• CPU: 2 vCPU (more for heavier workloads)
• Memory: 2–4 GB RAM
• Disk: 20+ GB on SSD storage
• Enable QEMU Guest Agent in “Options” after install

Step 2: Install the OS

• Follow standard Ubuntu or Debian installation steps
• Enable OpenSSH during setup (or install it afterward)

Step 3: Install Docker

Once inside the VM:

sudo apt update
sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker

Optional: Add user to Docker group: – This command adds your current user to the docker group.

sudo usermod -aG docker $USER

This gives your user permission to run Docker commands without root. Just make sure to log out and back in after running the command so the change takes effect.

Log out and back in to apply group change.

Step 4: (Optional) Install Portainer

If you want a web UI to manage containers:

docker volume create portainer_data 
docker run -d -p 9000:9000 -p 9443:9443  
--name=portainer  
--restart=always  
-v /var/run/docker.sock:/var/run/docker.sock  
-v portainer_data:/data  
portainer/portainer-ce:latest

Portainer ports for http 9000 or https 9443

Option 2: Run Docker in a Proxmox LXC Container (Advanced Users)

This is for experienced users comfortable modifying container configs and troubleshooting. It’s lightweight, but not officially supported.

Recommended Container Templates

Use the Debian or Ubuntu templates directly from Proxmox:

• From your Proxmox web UI, go to local → CT Templates → Templates
• Download one of:
• debian-12-standard_*.tar.zst
• ubuntu-22.04-standard_*.tar.zst
• debian-12-standard_*.tar.zst
• ubuntu-22.04-standard_*.tar.zst

These base images are minimal and easy to customize.

Step 1: Create a Privileged LXC Container

• Go to Create CT
• Select the downloaded Debian or Ubuntu template
• Choose:
• CPU: 2 cores
• Memory: 1–2 GB
• Disk: 8–16 GB
• CPU: 2 cores
• Memory: 1–2 GB
• Disk: 8–16 GB
• Uncheck “Unprivileged container” (this must be a privileged container)
• Under Options, Features, enable:
  • nesting

Step 2: Modify the Container Config

Before starting the container , edit:

nano /etc/pve/lxc/<CTID>.conf

Add:

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

Then you can start the container

Step 3: Install Docker

Inside the container:

apt update
apt install -y docker.io docker-compose
systemctl enable --now docker

Docker should now work.

Be aware: some updates to Docker or Proxmox may break the container, and overlay networking might not function correctly.

---

Real-World Example – Why a VM Is Safer for Docker

A good example of why I recommend using a VM for Docker is Mailcow, a full mail server suite that runs entirely in Docker. It uses Docker Compose and relies on system-level networking and privileges. Running Mailcow in an LXC container often leads to broken services or permission issues. A dedicated VM ensures full compatibility and easier troubleshooting.

Conclusion – Should I run Docker in a VM or CT for Proxmox??

Both LXC and VM approaches have their advantages. LXC is efficient but fragile; VMs offer full compatibility and are better suited for critical or production-like workloads.

If you value stability and want all Docker features to just work, go with a VM. It’s slightly more resource-intensive, but much cleaner and easier to maintain.

LXC is tempting because of its performance and low overhead, but you need to be comfortable fixing things if updates break your container.

And running Docker directly on the Proxmox host? Just don’t.

I’d love to hear from you. Was this article helpful? Share your thoughts in the comments below. If you prefer, you can also reach me by email or connect with me on Reddit at Navigatetech.