In this article, we will see how to run Docker inside an unprivileged container in Proxmox. At Bobcares, with our Proxmox Support Services, we can handle your Proxmox issues.
How to run Docker inside an unprivileged container in Proxmox?
The process of running Docker inside an unprivileged container in Proxmox includes the following steps:
- Configuring Proxmox
- Making an unprivileged LXC container
- Installing Docker in LXC
- Testing Docker
Let’s see each step in detail.
Configuring Proxmox
1. We have to enable the overlay and aufs* in Proxmox. This is done to support Docker-LXC-Nesting.
echo -e "overlay\naufs" >> /etc/modules-load.d/modules.conf
2. In order to verify the modules are active, we have to reboot the Proxmox using the below code:
lsmod | grep -E 'overlay|aufs'
Making an unprivileged LXC container
We can use web UI or shell script to make an unprivileged LXC container. (Follow the Proxmox docs to create an unprivileged LXC container)
1. This LXC container configuration will be kept at:
/etc/pve/lxc/100.conf2. Add the below code after opening the configuration (To enable these features, we can also use the Proxmox GUI):
features: keyctl=1,nesting=1
3. Following that, the 100.conf will look like this:
arch: amd64 cores: 2 features: keyctl=1,nesting=1 hostname: docker memory: 4096 nameserver: 192.168.40.1 net0: name=eth0,bridge=vmbr1,firewall=1,gw=192.168.40.1,ip=192.168.40.9/24,tag=40,type=veth ostype: debian rootfs: storagedocker:100/vm-100-disk-0.raw,size=60G searchdomain: local.mytld.com startup: order=1 swap: 4096 unprivileged: 1
Installing Docker in LXC
1. Log into the new LXC container via ssh.
2. Install sudo if needed:
apt install sudo3. Set the time zone using the code:
dpkg-reconfigure tzdata4. Now update the other packages:
apt-get update && apt-get upgrade && apt-get dist-upgrade && apt-get autoremove5. Finally, install Docker. Before copying and pasting, always check the official instructions from the manuals for obsolete code.
sudo apt-get install \ ca-certificates \ curl \ gnupg \ lsb-release curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io
6. Change the storage driver to overlay2.
echo -e '{\n "storage-driver": "overlay2"\n}' >> /etc/docker/daemon.json 7. Adjust Docker subnets
8. Install docker-compose, if desired.
Testing Docker
Restart the LXC container and test the Docker configuration.
systemctl status docker docker run hello-world
Output:
Hello from Docker!
With these steps, we were able to run Docker inside an unprivileged container in Proxmox.
Docker is explicitly encouraged to run inside full VMs rather than unprivileged containers. One of the primary differences is that VMs are fully virtualized, whereas LXC containers merely run all processes on the host machine (the hypervisor). Unprivileged containers employ a combination of app-armor rules and uid-mapping to prevent dangerous access to the host, but if we are conducting important production work or suspect that the Docker tools are unsafe, use a VM rather than LXC.
[Need assistance with another Proxmox query? We’re here to assist.]
Conclusion
The article provides a 4-step method from our Tech team to run Docker inside an unprivileged container in Proxmox.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
0 Comments