No - i would advocate for not using docker if I need a network interface. But thats my opinion, and others will have a different one.

You can use macvlan networking, and if you need host<->container communication you give your host a macvlan interface instead or in addition to the root nic. Macvlan works “on top of” an existing interface, so theres no routing locally between the underlying nic and the macvlan nics.

If the host have several nic’s you can pass one through to a given container

There are other solutions than docker for that use-case that I think are better fits. It probably works fine, but for me other drivers including host mode and ipvlan seems to have been introduced to solve the wrong thing. Like how it needs privilege for them to work and how it exposes the containers network interface. For me it kinda breaks parts of why i would use docker.

Its my personal opinion and how i like to work.

You could probably make your setup work but it seems too complicated for me when you introduce a bridge as the root interface. Maybe with macvlan adapters on the host instead or in addition.

I dont get it - are you trying to mimic vm’s with you docker containers? docker works great using the normal way of exposing ports from the internal docker net through the host. Making technology work in ways it wasnt designed for usually gives you a hard to maintain setup

You have a mighty big hand if you reach l and a with the same one

I must have been doing websites wrong for decades by not forwarding through a reverse proxy. I admit a good one like caddy makes tls easy, but unless you have several backends for one site theres no need. The reverse proxy part of load balancer is very similar to a port forward, but on layer 7 instead of 3 or 4

There are other things to consider as well. Nfsv3 is good for large sequential reads/writes. There are no multichannel in nfs3 and no caching , and you should adapt technology to the use-case. For vm storage nfs sucks while for movie storage it works great.

For general file storage I would pick smbv3 for speed and ease of user/security

Multicast DNS uses multicasting (surprise!) so keep your devices on the same network and it just works. Docker is not very multicast friendly but lxc or a vm should have no issues.

By using its ip:port

If you have homeserver1 running stuff and that’s connected to the vps through vpn you make sure your homeserver1 service that you want to proxy runs on the homeserver1’s vpn ip.

For docker this is done by specifying that ip when you expose ports or use 0.0.0.0

I assume you can already ping homeserver1 from the vps by using the vpn address of homeserver1

You dont need or want docker on your vm host. But a bare metal docker host can solve many peoples needs.

Dont listen to them! The main issue with containers vs vm is security as you lxc runs in the hosts, while a vm runs on the host.

Use what you are familiar with and remember that lxc are containers and docker are containers, but the use of them are vastly different.

Because a lot of people don’t learn docker, they install docker because some software they want to use is distributed that way.

But aside from buying a real truck instead of a typhoon, intels memory support might not be hard limit. It probaly is but it might not be.

More likely the mb’s memory controller can handle 256gb so if a new processor comes along with support for 256gb it will work.

If i was considering one server with 256gb ram i would go for server hardware and not try to use consumer stuff.

I switched to caddy just for the certs. I get trusted certs on all my internal subdomains without maintenance.

I use haproxy, nginx and caddy at work including a caddy instance with internal CA. 4 lines in config and its signed by our normal CA, so its trusted by all our devices.

Without a 3rd they can get confused if they loose contact but both nodes are up. Like both are in charge as one vote is enough

So 3+ hosts for clustering or 2 hosts and an qdevice to fake it

Nobody will ever need more than 640kb anyways

This is not a truenas issue - its a docker thing. You’d do better by making your own docker-file and do your customisation the docker way.

Yeah - but it isnt

Its not open so it doesnt matter.