That won’t migrate watch history

Ease of use mostly, one click to restore everything including the OS is nice. Can also easily move them to other hosts for HA or maintenance.

Not everything runs in docker too, so it’s extra useful for those VMs.

How do you handle backups? Install restic or whatever in every container and set it up? What about updates for the OS and docker images, watchtower on them I imagine?

It sounds like a ton of admin overhead for no real benefit to me.

A couple posts down explains it, docker completely steamrolls networking when you install it. https://forum.proxmox.com/threads/running-docker-on-the-proxmox-host-not-in-vm-ct.147580/

The other reason is if it’s on the host you can’t back it up using proxmox backup server with the rest of the VMs/CTs

Regardless of VM or LXC, I would only install docker once. There’s generally no need to create multiple docker VMs/LXCs on the same host. Unless you have a specific reason; like isolating outside traffic by creating a docker setup for only public services.

Backups are the same with VM or LXC on Proxmox.

The main advantages of LXC that I can think of:

• Slightly less resource overhead, but not much (debian minimal or alpine VM is pretty lightweight already).
• Ability to pass-through directories from the host.
• Ability to pass-through hardware acceleration from a GPU, without passing through the entire GPU.
• Ability to change CPU cores or RAM while it’s running.

Dockers ‘take-over-system’ style of network management will interfere with proxmox networking.

Ahh gotcha, selective sync or virtual file system are the common terms for that. Nextcloud supports it, Owncloud does too and I think Owncloud Infinite Scale does but it’s not 100% clear.

When you say Owncloud couldn’t keep files local without uploading, was that with VFS enabled on the client?

Syncthing works great, if you want a web based file browser you can install one of the many available on a server with syncthing.

Is it just you that needs access? VPN like Tailscale or Wireguard is the most secure option then, as it’s not exposing any services to the internet.

Otherwise a reverse proxy in front of things like Traefik or Nginx, make sure things are automatically updated ASAP, and make sure auth is enabled on the services.