This advisory discusses the choice between using helper scripts and Docker LXCs (Linux Containers) for setting up services in Proxmox, a popular virtualization platform. The key consideration is whether to rely on pre-configured helper scripts provided by third parties or to set up services directly with Docker containers inside LXC environments. Using helper scripts can simplify initial setup but introduces dependencies on the script maintainers, potentially leading to security risks if the maintainer stops updating them. On the other hand, setting up native Docker LXCs allows for greater control over configurations and updates while reducing reliance on external scripts. This approach aligns with best practices in system administration by enabling more direct management of dependencies and facilitating better security through regular patching.
- Proxmox VE
- Docker
- Ensure all Docker images are using the latest security patches: `docker pull
:latest` followed by `docker image prune -a` to clean up old unused images. - Upgrade Proxmox VE to the latest stable release available from official repositories, ensuring compatibility with your hardware and existing infrastructure.
- Regularly review and update Docker Compose files (`docker-compose.yml`) for services running in LXCs to align with best practices and security advisories.
This choice directly impacts homelab stacks that utilize Proxmox VE for virtualization, particularly those managing multiple services via containerization. Specific configurations, such as `proxmox-ve` version and Docker images used in LXCs, are crucial to maintain security and efficiency.