I have ~10 LCXs,2 VMs and around 10 docker containers running in proxmox.

When I started with my homelab I found the same article you posted and it threw my away from the idea.

However docker containers have their use cases. I settled for a Debian lxc in proxmox with nesting feature enabled and running the containers in there. On the proxmox instance you have to enable the overlay and aufs Kernel models otherwise the lxc will quickly run out of space. To do that:

# add overlay and aufs kernel module for docker lxc
echo -e "overlay\naufs" >> /etc/modules-load.d/modules.conf
# reboot
# verify that the modules are active
lsmod | grep -E 'overlay|aufs'

After that create an unprivileged container

This is my Debian docker lxc config:

arch: amd64
cores: 1
features: keyctl=1,nesting=1
hostname: docker
memory: 1024
mp0: /mnt/bindmounts/,mp=/share
net0: name=eth0,bridge=vmbr0,hwaddr=0A:00:00:00:00:25,ip=dhcp,type=veth
onboot: 1
ostype: debian
rootfs: local-lvm:vm-125-disk-1,size=16G
startup: order=1
swap: 1024
lxc.apparmor.raw: mount,

You have to add the last line after you created the lxc. The file is located under /etc/pve/<ct_id>.conf It's is due to a bug. It could be fixed now have to check it in the future.

In the container this is how I installed docker and changed the storage type to overlay:

# Docker
apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common -y
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"
apt-get update
apt-get install docker-ce -y
# change storage driver otherwise a lot of storage will be used
echo -e "{\n  "storage-driver": "overlay2"\n}" >> /etc/docker/daemon.json

Try it out, works flawlessly for me. This way you have to "normal" security concerns with lxc/lxd. Docker runs in a separate lxc and not directly on the host. This also has the benefit that you can easily backup the whole lxc and restore it easily

This would make a great blog post, thanks for sharing!

I run my docker containers in a stripped down debian VM.
I just can't imagine how much of a nightmare running docker on the host would be.
It's so much easier to manage, secure, and backup with that layer of abstraction.

+1 to just spin up Debian vm and do whatever you want in there.

I run docker in a debian VM.

I prefer to leave the Proxmox host with only Proxmox and minimal fiddling. Everything runs in a VM or a CT.

The best way would be to spin up a VM (pick your image at your liking, RancherOS is popular for a 100% docker VM otherwise Debian or minideb is just fine).

I agree with running it in a Debian VM, just wanted to add you may wanna try out RancherOS as well.

I'd... not?

I know, I know, it says 'easiest'... but you've got containers *right there*. Just set up an entirely dedicated debian/ubuntu instance in a container directly to do the same thing. I've found this with a lot of Docker stuff; it's actually 'easier' to harden a Debian install how I want it, then setup whatever packages I need, and pull up the software I want directly in the CT.

A lot if services are a lot easier to spin up as docker containers. Like 1 command to run Nexctloud VS 2 pages of instructions on setting it up with all deps and nginx and such. Just virtualize docker host as separate VM or CT and ot works great.