Proxmox · July 24, 2021 · 3 min read

Install Docker on Proxmox

Running Docker inside an unprivileged LXC container with nesting, keyctl, and fuse features enabled. No bare-metal Docker on Proxmox.

DockerProxmoxLXCContainers

Proxmox is a solid hypervisor for home labs. It leans on KVM and LXC for virtualisation and containers. But Docker support is where it falls short. A lot of apps (Nextcloud being a prime example) ship official Docker images with no LXC equivalent.

The fix is straightforward: run Docker inside an LXC container. Installing Docker directly on the Proxmox host is a bad idea and generally discouraged, but an unprivileged LXC container gives you Docker with practically zero overhead. You just need to enable a few container features: nesting, keyctl, and fuse.

Install using SSH/CLI

SSH into your Proxmox host.

Download a base LXC system image

Update the template list:

pveam update

See what’s available:

pveam available --section system

Download the one you want. We’ll use Ubuntu 21.04:

pveam download Virt-dir ubuntu-21.04-standard_21.04-1_amd64.tar.gz

Check your storage pools with pvesm status if you’re not sure what’s available.

Create the Host Container

Create root storage

We’ll use local-zfs as the storage pool. Allocate space for the container:

pvesm alloc --format subvol <Target Storage Pool> <VMID> vm-<Diskname> <Desired Storage>
# e.g. pvesm alloc --format subvol local-zfs 111 subvol-111-disk-1 8G

Fix permissions. The LXC root user inside an unprivileged container maps to UID 100000 on the host:

chown -R 100000:100000 $(pvesm path <Storage Pool>:<Disk id>)
# e.g. chown -R 100000:100000 $(pvesm path local-zfs:subvol-111-disk-1)

Create the LXC container

pct create <VMID> \
  <Storage Pool>:<Base image> \
  --unprivileged <Container Privilege> \
  --onboot <Start on Boot> \
  --hostname <CT Hostname> \
  --cores <CPU Cores Allocated> \
  --memory <RAM allocated in MB> \
  --features <Set container features> \
  --password <CT Root Password> \
  --swap <Disable Swap> \
  --rootfs <CT Root disk> \
  --net0 <Define CT network>

Here’s a real example:

pct create 111 \
  Virt-dir:vztmpl/ubuntu-21.04-standard_21.04-1_amd64.tar.gz \
  --unprivileged 1 \
  --onboot 0 \
  --hostname "Docker-host" \
  --cores 4 \
  --memory 4096 \
  --features keyctl=1,fuse=1,nesting=1 \
  --password "hunter2" \
  --swap 0 \
  --rootfs local-zfs:subvol-111-disk-1 \
  --net0 name=eth0,bridge=vmbr0,ip=dhcp

Start it up and get a shell:

pct start <VMID>
pct exec <VMID> bash

Update:

apt update && apt dist-upgrade

Install Docker

Now follow the official Docker install guide for your distro. Or if you just want it working quickly:

apt update && apt install docker.io

Enable and start:

systemctl enable --now docker

Let me know if I missed anything.

← All posts
Category: Proxmox