LXC or Docker for network services?

I Have an Esxi server with several VMs running. I am trying to consolidate some of my services. I would like to put my local DNS, Guacamole, and media wiki. Under a single VM to free up some overhead. My OS of choice is CentOS since it is what I use at work and I would like to practice using it at home. I am stuck between what to use: LXC or Docker. I am unfamiliar with both and I am trying to narrow my research focus down.

This might be a more even choice if you are developing or writing your own containers, but if you want to run containers that other people made then Docker is the better choice. AFAIK, docker is a layer on top of LXC.

Docker just has way more pre built containers available. For example, there are guacamole containers available here-
https://hub.docker.com/u/guacamole

Also, I would suggest using docker-compose to manage your containers. docker run is fine for testing or development, but for using over a long period, docker-compose has much easier updates and has built in documentation of what options you setup the container with.

I have a guacamole instance using the docker-compose template from here-

In general, the main draw of Docker is the ecosystem (images, etc.)… Lots of info and guides out there for it. Plus it’s a lot of fun, and you can decide how you want to use it (dev, IT, devops, etc.).

If you’re looking for a biased opinion, go with Docker and learn LXC later if required.

Also, just an FYI, Docker switched to containerd + runc (OCI projects) from LXC (and libcontainer) a while ago.

1 Like

I have been experimenting with Docker lately myself, but I haven’t had much luck setting it up the way I would like. I installed it on Fedora 31 Server running on bare metal. I had trouble with Firewalld. I don’t know if CentOS using it or not. Apparently Docker doesn’t work well with Firewalld without some advanced firewall setup that is beyond me since this is just a hobby. I ended up disabling Firewalld and switching to iptables to keep from losing access to the containers. You may have more luck than me.

My ultimate goal was to move away from using plugins and jails on my FreeNAS box for media servers like Plex but my current hardware is just fine for running FreeNAS. Plus, the updates for the plugins are few and far between. Some of them haven’t update in years.

can you set up network bridge with docker? It looks like it sets up it’s own virtual network like vmware or virtbox does

Yes, Docker sets up a bridge by default and the containers can be configured to use bridge networking , host, or macvlan. The default for a new container is bridged. The problem with Docker and Firewalld is that Docker runs with elevated privileges and makes its own iptable entries. There is supposed to a method for getting it work with Firewalld but I didn’t have any luck implementing it.


I lost all connection to my containers the first time I rebooted the server.