Yunohost on a LXC container - Would everything work properly?

charly · February 7, 2023, 4:08pm

/ Message template (english)

Hello dear people from th Yunohost world,

I’m running a Yunohost instance on a rapsberry 4 for a few years now.
I just purchased a little x86 computer and installed Promox.

I’m fine with virtual machines, but I’m a bit of a newbie with Proxmox and LXC containers.

But I kind of like the flexibility containers offer and would be delighted to run my Yunohost in a Debian container.

Question : Do the people that already run their Yunohost inside a LXC container could confirm that everything ?

I know that OpenVPN need a little tweaking on the hypervisor (but that should not be an issue)
What about everything else ?
Is there any app that did not work ?
What about OnlyOffice ? Nextcloud ?

Thanks very much for your kind help,
Best

Aleks · February 7, 2023, 6:35pm

Yes, it works, actually yunohost.org (the website, doc and a whole bunch of other stuff) runs inside a LXC

But you’ll probably need to tweak stuff for reverse proxying which is not straightforward

You may also need to enable nesting security option for the LXC to work properly (not really related to YunoHost itself, I think just stock Debian kind of needs it)

charly · February 7, 2023, 7:31pm

Thanks for your quick and kind answer.

My Yunohost is working with a VPN, ala briqueinternet style, so too cool for school.

Alright.

One more question though : Shall I run the container privileged or unprivileged ?

Thanks again !

cocoyuno · February 7, 2023, 8:41pm

The LXC design really leans towards unprivileged containers, which is the “normal” and recommended way. You get process isolation via different user/groups to those of the host machine, without any loss of performance. A few tweaks might be needed to mount volumes to make sure permissions don’t get in the way.
Try and stick with unprivileged container if you can.

charly · February 8, 2023, 7:31am

Alright then.
Thanks a lot for your kind help

Benance · February 8, 2023, 7:34am

Hello
My yunohost instance with nextcloud and onlyoffice is running very well on a LXC container on proxmox VE
This instance was migrated from a raspberry pi 3 two or three years ago

roukydesbois · February 8, 2023, 10:00am

Hello!

I’m running one of my yunohosts in an LXC container (on a rpi4 ^^).

OpenVPN: not using it, can’t say. I’m using Tailscale on the host to administrate it, and I have already run tailscale in some lxc containers to access them and it works great
Everything else is working for me, as I’m not using a VPN but redirecting ports from my router I had to add some proxy devices, but really nothing fancy. I also have set it up so that it can only take part of the available CPU and RAM, so that I can always ssh in the host to fix issues
None not working apps that I know of
Nextcloud is running fine, I haven’t tried OnlyOffice

As for the privileged/unprivileged container, I guess it depends on what you want to do with it. Mine is running fine in an unprivileged container, the containers I access using tailscale are also unprivileged, the only time I needed to use a privileged container is when I want to run docker in them.

Hope this helps, enjoy the lxc journey

Benjamin · February 14, 2023, 10:02am

Hello,

I’m also running several instance of Yunohost in LXC container with happyness
some (maybe outdated) documentation here Yunohost dans un container LXC [Labomedia Ressources]

This instances are running beside an apache proxy, sometimes you have to tweak the headers setting (I’m not an expoert, beware of security consequences) and create firewall rules so as so send specifi port directly to the container (for visio for example)

hope it helps

system · March 1, 2023, 10:03am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.