For something like this I’d use Docker every time. For a few reasons:
Docker is lighter. You aren’t running an operating system or hypervisor, both of which are going to add overhead to varying degrees. Now, there’s things you can do to mitigate this a bit, but it’s going to add complexity to your system, and still not going to get the performance of a Docker or containerized system.
Docker is easier to manage. If you use Docker Compose, all of your containers are configured, pulled/built, updated, and started with one command, from one configuration file.
Docker is more portable. You can set it up so that pertinent data you don’t want to lose lives in your OS, and if your Docker container dies, your data will persist, even if you reboot your Docker, or rebuild it even. I just completely killed and then rebuilt my NextCloud image and all my data was still there, as if nothing ever happened. Now, you can do shared folders with VMs, but it’d be much more work to get it set up so that you can kill the VM completely and then recreate it and have everything ready to go on first boot.
Even if you use VMs, you’ll still need to run things like your reverse proxy outside of the VM. With Docker, you can run the reverse proxy (such as Traefik) directly in a Docker container.
Some applications only release official installs for Docker. For instance, Discourse and Bitwarden are two that come to mind that, officially, you must use Docker for. Now you most likely could hack it so you don’t have to, but that’s going to be a lot of work, and honestly you may give up entirely before you get anywhere. If you’re running VMs, there’s a high chance you’ll be running Docker on them.
Overall, learning Docker has made my life a million times easier, and I have really grown to love it. In my opinion, for what you’re trying to do, it’s a much better solution than separating everything in a virtual machine. Right now, this is what I’m running on the $10/mo 2GB Linode:
Traefik reverse proxy
NextCloud, and a separate MariaDB database for it. However, I’m not using it a whole lot as a file server, but more as a CalDAV/CardDAV server, as well as a few other things.
Bitwarden (using the bitwarden_rs image because it’s much lighter and easier to deploy)
OpenVPN Server which my pfSense home network is connected to, so it’s handling all that traffic
3 WordPress containers, each with a corresponding MariaDB database (one for me, one for my wife, one for my friend)
BookStack wiki, with a MariaDB database
The overhead is astoundingly low. Here’s my CPU utilization for the month of December:
I’m running Ubuntu Sever 18.04 LTS. I can’t comment as to what is used the most, but I can say there is a lot of documentation and many tutorials for Ubuntu Server.
As far as securing it goes, basic steps are disable root login, disable password authentication and only use key based authentication. Use SFTP instead of FTP to move files to it. And keep it updated. That should cover the most basic aspects.
So far it has been fun I have the minecraft server running.
Alright I need to look more into this and play with it, seems there is no right answer so far.
Before I asked this i knew I need to RTFM, but just wanted to see if anyone knew of tutorials that walked helped or other resources.
I will test it should only be 2 users max and I really do not know about that even. Mostly a learning project even if I don’t use it a ton I feel like i will learn more this way than from a book. or at least reinforce what I know.
Did not know that Nextcloud had other uses I will look into this heard about it from a podcast called Ask Noah thought it would be fun. Host on git is a great idea.
I may try the setup on each EXSI, xenserver and proxmox see what i like best and get an idea of how each work.
All of this is extreamly useful advice. Fall2ban is something I did not think about. Docker I have never played with, but am interested in I think Bitwarden uses Docker, mostly why i wanted to play with it.
I tried Xenserver and Proxmox. Proxmox Is much easier to get running so far. Mostly because of how to load ISOs on to the machine. Xenserver seems to want you to use another PC with SMB share with the ISO. ZFS I want to play with I know almost nothing about and have heard great things. Docker I am trying to play with as well. Debian centos and ubuntu server seems to all be great choices and I have no idea may try each and just see what i like.
Yeah, I am working on them in a row not all at once. Right now A+.
I am thinking about trying both for each thing, just to know how it would change things Containers seem harder from my perspective but that is probably bias.
I need to look into this more and learn about this. Sounds really cool.
Docker sound like a much better way to set this up. I kind of knew that coming into it, but know nothing about Docker. Would you know any good resources to learn docker or just play with it? Would Docker be something I could just run in a VM under Proxmox? Also could it handle a modded minecraft server or more of a VM task? You sir (as well as other post) have me very interested in playing with Docker. The overhead is crazy low compared to what I was thinking it would be. Distro seems to not really matter as long as it is a server based distro.
There’s actually not a great guide on getting a Docker/Traefik/NextCloud stack operational. I ran into all sorts of problems due to out of date information, or tutorials that just didn’t work for some reason. For that reason, I’ve been working on a guide series on my website (for several months now). I’m not an expert, but they should be enough to get you up and running if you want to give it a shot. I do plan to adapt these for Discourse and put them in the Level1 Wiki, but right now I have three parts finished:
It’s impossible to predict every possible scenario, but they should be fairly thorough. If you try it and run into any issues, let me know and I can probably help you work it out. Once you get the basics down (which the 3rd part should more-or-less do for you) it’s easy to expand and add containers thanks to how good of a reverse proxy Traefik is, and how easy Docker makes it to install containers.
Yes, but you’d have to run an additional reverse proxy in front of the VM as well, depending on the setup. I’m not sure how well that’d play out with Traefik since it looks specifically for incoming URLs to determine the port. There might be another way to set it up by sorting the incoming URL on the bare-metal machine with something like HAProxy, and an access control list, and sending the request on the port directly to the VM where Docker can just listen on the proper port without having to know where the request came from. That said, I’ve never done something like that, so other members are probably more knowledgeable.
It depends. You can make a Docker image of just about anything, but it is a bit more advanced to build an image and takes a fair bit of trial and error. As long as you know the ports you need and set them up, though, it should be possible. That said, the Docker Hub has entire Ubuntu images so with enough practice you can do anything. A simple search shows several Minecraft servers, so I’d imagine that might be simpler.
Put it this way, it took me less than 40 minutes to go from knowing nothing about next cloud to a full next cloud container running and working in docker. Docker is great.
I’m also seing some stuff here i will look up, Ty guys
I got the impression you would enjoy some Docker specifics:
Docker is great and similar to a hypervisor there are many many network options. So you can create vlans to control connectability and specify hostnames when creating the docker, Wich you can use in configuration your services making deployment even easier.
But keep in mind you are giving containers bare metal access if you are running it on your host, Wich can open you up vulnerabilities.
So yes running it in a separate VM is great. You can put a cap on resources for each container or just let them share whatever you gave to the VM freely.
However i’m going to keep running my containers bare metal becose of GPU encoding, wanting to share my GPU with my Emby container and how sr-iov is not available to me yet.
My absolutely favorite thing about dockers is how easy you can add storage to it and how well that works compared to something like a shared folder on VirtualBoX. You can expect the full write/read speeds of your docker host.
Docker can also make use of the ZFS storage drive and thus ZFS datasheets, However i have not had the oportunity of trying it yet.
I have bin running docker on my ubuntu server for a couple of years now, Initially the plex container kept locking up the docker service. WIch is another reason to run docker in a vm. However for the last year everything has bin great. And now i’m on Emby becose privacy.
I have not looked into proxmox and sync writes but i asume that is a thing with VM like on EsXi. So if you decide to use ZFS with proxmox.
You can signifcantly increase your sync writes speed with a separate ZFS intent log often callled a SLOG.
The benefits can be seen here:
Ps: that post continues in multiple sections down the entire page. Eventually testing with a intel optane.
And the reason he forces sync writes with ISCSIis that with the default behavior i believe it does not do sync writes.
Alright will most likely use this to get it up and running. I will let you know if I have any issues with it thanks for the help.
Aright I need to think about and look into this more than need to learn about reverse proxy and how this would work more before I jump in.
Alright for now I may just run the Minecraft Server In a VM for the time being.
Alright I hope that I pick it up that quickly as well.
So far Docker look like a great way to get everything running, just need to learn about it. I want to run it in a VM so i can also use the rest of the resources on the machine for random projects. ZFS I need to learn about I know what it is but not really why one would use it if that makes since like I know it is a file system that people seem to love, but not why Need to research it seems to be vast amounts of information on it.
Yooo that seems really cool. Since it has a Xenserver would it let me learn the basics of Xenserver or more of it own thing?
it might not be exactly as xenserver but xenorchestra (web management) works for both so they have a lot in common, there used to be a free release of xenserver but they nerfed it and that sparked the creation of xcp-ng
If you want to keep it free, consider oVirt, which is as i understand it the open source variant of whatever redhat call theirs.
As an enterprise guy who’s been running a few vSphere clusters since 08, hypervisors are becoming commodity.
HyperV and vSphere are on borrowed time, the open equivalents are very close now and the licensing fees for vSphere (and Windows server in a datacenter) are bullshit. They’re seriously almost as expensive (if not more so) as the fucking hardware to run them on.
It’s only a matter of time before enterprise dumps vSphere and HyperV en-masse if you ask me.
Eh doubt it, they make solid products. Thats like saying cisco is. vSphere is safe as it has tons of brand and product recognition. People have options to buy besides cisco yet most people still end up with their gear if they have the coin.
also remember FOSS =/ Support contracts that people want
Yeah kind of why I haven’t just jumped on Xenserver. That sounds like a great solution to play with.
So I have seen this idea other places. I am not necessarily doing this just to get a job working so I am trying to keep it free. I am not 100% against using non-free, but just seems the free alternatives are really good.
Don’t dispute that they make solid products, but KVM is also solid these days and red hat support cost for their KVM solution is FAR, FAR cheaper. Like HALF. And mostly feature comparable.
Doesn’t matter how solid your product is, if there is a free or low cost competitor that is just as good and covers the 90% of features that your customer base actually use.
Don’t get me wrong, i use and do like VMware’s products, but they’re pricing themselves out of the market. I’ve been a workstation customer since 04, Fusion since 2011, an enterprise vSphere client since 08 and in all cases i’m seriously considering the jump off their platform due to licensing and support costs.
Their licensing department also wouldn’t let us transfer a license we purchased from one of our subsidiaries to another. Even though we paid for the fucking thing. Fuck VMware licensing with a rake.
i think the posters goal was to find out what to try and learn first on his new servers, that could be useful for a career.
So that info is solid aslong as we can keep it civil, While i think some sort of containerisation is here to stay, Learning a hypervisor can be considered needed knowledge to fit in
Just wanted to let you know that your links have greatly helped me. I was planning on a server re-design, and now that I’ve learned to use docker, my prototype is working beautifully. The let’s encrypt certs didn’t work at first, but after some looking around, I found some information to get it working properly.
