I run docker exclusively in VMs and VPS and it works fine.

Yes there is.

https://github.com/grocy/grocy/issues/828

So Grocy doesn’t directly support OIDC/SAML but it does support auth being passed along via the reverse proxy. This is how my grocy is configured. No double logins required.

I’m going to add Hoarder to the pile of suggestions.

A VPS is already a VM and nesting VMs, even if you get it to work, is generally a Bad Idea™️.

What you’re asking for is squarely in “bare metal” territory. Does that reduce your flexibility? Sure. But it doesn’t entirely eliminate it. Down the road if you decide you need more RAM or disk those are things you can have added (at a cost). CPU would likely necessitate a migration to a different system so I’d keep that in mind during initial sizing. Also, if you are using proxmox, migration will be as simple as backing up a container/VM and restoring it at the destination.

Your other alternative is multiple VPSes or possibly augmenting the bare metal server with one or more VPSes.

As far as unified billing goes, just have all the services with the same provider. Most providers I’ve encountered offer both services.

I can’t speak to providers in our around Sydney, but I’d recommend checking out lowendbox.com to start your search.

Only by exposing the docker socket. And it doesn’t support managing network or volumes.

The constant argument in this space that you must know the arcane workings of everything you use, is exhausting.

Just because something doesn’t fit your use case doesn’t make it a terrible product. Portainer isn’t meant to complement managing docker via CLI. It’s meant to be the management interface.

If you want to manage your environment via CLI, I agree, don’t use Portainer. If you’re content (or prefer) a GUI, Portainer is a solid option. Esp if you have multiple hosts or want to manage more than just the compose stack. Last time I checked Dockge doesn’t do either.

Personal preference? I prefer the Portainer’s presentation over the CLI. I especially find it easier to manage networks and volumes.

But my main reason is I have multiple docker hosts and it gives me a “single pane on glass” to manage everything from.

Is feel a lot better about this if it was a “supporter” tag not this “unlicensed” crap.

That’s the business ed not the community. There’s no limit in aware of in the community ed

Wiki.js Nginx Proxy Manager.

I have this and an Atari 800 in a tote waiting for the day I have somewhere to put them.

No you’ve just misunderstood that notice. Everyone sees it.

Enough people have already commented on the “proxy at the vps solution”. Another option is to configure routing and nat on the VPS and have it route over the wg tunnel.

Requires you to have postup/predown scripts that modify your routing tables on the wg endpoint.

I made the plunge about a year ago. Spectrum assigns me a prefix but routing was spotty at best. In the end after all the troubleshooting pointed to the problem being the ISP I gave up and stuck with what works, IPv4.

DDOS protection is going to depend on the VPS. But for most services you could spin up a pretty lean Debian vm running a proxy like nginx proxy manager and run that over the tunnel. Something like opnsense seems like overkill.

B2 is about $5/TB.

If you keep your eyes open for deals (LowEndBox) you could find an inexpensive storage VPS. I’ve got one now providing 2 TB for $5/mo.

This is how I learn and half the reason my home lab exists. I need projects to get/stay motivated.