To follow up on this, I’d look to network segmentation as another useful security barrier. I’ve just started playing around with VLANs, but the way I plan on setting things up is to have individual VLANs for services, management and IoT, with the LAN for all other user-land devices. On top of this you add strict firewall rules to what can talk to what, on which ports, etc. So all devices on the network can do DNS queries to my two DNS servers, for instance, but things from my services VLAN can’t reach anything outside of this VLAN…

Seconding this, I’m currently running Proxmox on 3 small NUC-type PCs (two Dell Optiplexes and a Topton from AliExpress). The Topton has a slower Celeron, the two Dells have a i5-6500 and i3-8100t and are both very snappy running a few different containers and VMs (including HomeAssistant).

You could, but for many of us, the point of having access to our services is to have access from anywhere :-)

Fair enough, would love to read something like this :-)

Yeah, I’ve been into Linux for 20 years, sometimes a bit on/off, as an all-around-sysadmin in mainly Windows places. And learned just enough of Docker to use it instead of apt - which I’d prefer, but as you said, many newer services don’t exist in debian repos or as .deb packages, only docker or similar.

Follow-up question: do you have any good resources to start with for a simple overview on how we should be using containers? I’m not a developer, and from my experiences most documentation on the topic I’ve come across targets developers and devops people. As someone else mentioned, I use docker because it’s the way lots of things happen to be packaged - I’m more used to the Debian APT way of doing things.

Honestly, I never really thought of installing Docker directly on Proxmox. I guess that might be a simpler solution, to run Dockers directly, but I kind of like to keep the hypervisor more stripped down.

It’s a dedicated server (a small Dell micro-pc). Thanks for the comment, I understand the logic, I was approaching it more from an end-user perspective of what’s easier to work with. Which given my skill set are LXC containers. I have a VM on top of Proxmox specifically for Docker :-)

Yup, this is me exactly. I’ve been planning on going more indepth but haven’t found the time. Inunderstand Linux and how to use LXCs, docker less so.

Ghostfolio looks really neat, thanks! I wonder, can it import data from say Interactive Brokers?

Seconding Caddy. I’ve been using it for a couple of years now in an LXC and it’s been very easy to setup, edit and run.