Complete guide to running Docker in rootless mode — no root daemon, no privileged containers. Covers installation, networking workarounds, Docker Compose, Proxmox LXC compatibility, and production readiness.
Master Docker multi-stage builds to shrink production images from 1.2GB to under 50MB. Covers Go, Python, and Node.js patterns with real Dockerfiles and build cache strategies.
Run Docker containers inside Proxmox LXC with full performance. Covers nesting, overlay2 on ZFS, privileged vs unprivileged tradeoffs, cgroup resource limits, and security hardening for production homelab workloads.
Hardening Docker containers in your homelab isn’t optional — it’s how you prevent container escapes and privilege escalation. This guide covers non-root users, capability drops, read-only filesystems, and seccomp profiles with real Compose configs.
Grafana Alloy is the official Promtail replacement with EOL in March 2026. This guide covers a complete Docker logging stack with Alloy, Loki, and Grafana — including Alloy config syntax, Docker auto-discovery, host log collection, and the migration path from Promtail.
Secure your Docker socket with a proxy that grants granular API permissions to Portainer, Watchtower, Traefik, and Dozzle — without exposing root-level access.
Practical Docker Compose patterns for reliable homelab deployments. Healthchecks, conditional dependencies, profiles for optional services, secrets management, extension fields, and restart policies with real compose files.
Step-by-step Docker MACVLAN and IPVLAN guide — give containers real LAN IPs for Pi-hole, Home Assistant, Scrypted. Host communication fix, Proxmox gotcha, multi-network Compose examples.
Docker Compose is the default orchestration tool for most homelab setups. It’s not Kubernetes, but it doesn’t need to be — a well-structured Compose file with proper environment management, networking, and health checks will serve a single-host stack for years without drama. This post covers the patterns I use across my Proxmox Docker hosts. These aren’t theoretical — they’re what’s running right now on the homelab. Note: Some examples are partial Compose snippets meant to demonstrate one pattern at a time. When copying them into a real compose.yml, make sure referenced services, images, secrets, volumes, and networks are also defined. ...
If you run Proxmox VE, you’ve got two container runtimes at your fingertips — LXC (built into Proxmox) and Docker (nested in an LXC or VM). Both are “containers” in the broad sense, but they solve different problems. Picking wrong means performance you don’t need or isolation you don’t have. This post walks through the decision criteria, backed by configs from an existing homelab running Proxmox 8.x with VLAN segmentation. ...