Yeah there are plenty of advantages of a full system backup, like not having to worry that you’re backing up all the specific directories needed, and super easy restores since the whole bootable system is saved.
Personally I do both, I have a full system backup to local storage using Proxmox Backup Server, and then to Backblaze B2 using Restic I backup only the really important stuff.
I first decided to do a full-system backup in the hopes I could just restore it and immediately be up and running again. I’ve seen a lot of comments saying this is the wrong approach, although I haven’t seen anyone outline exactly why.
The main downside is the size of the backup, since you’re backing up the entire OS with cache files, log files, other junk, and so on. Otherwise it’s fine.
Then I started reading about backing up databases, and it seems you can’t just back up the data directory (or file in the case of SQLite) and call it good. You need to dump them first and backup the dumps.
You can back up the data directory, that works fine for selfhosted stuff generally because we don’t have tons of users writing to the database constantly.
If you back up /var/lib/docker/volumes, your docker-compose.yaml files for each service, and any other bind mount directories you use in the compose files, then restoring is as easy as pulling all the data back to the new system and running docker compose up -d on each service.
I highly recommend Backrest which uses Restic for backups, very easy to configure and supports Healthchecks integration for easy notifications if backups fail for some reason.
If you exclusively use cloudflare tunnels you don’t need a proxy on your end unless you want to do split-horizon DNS for local access.
But otherwise, nginx, caddy, traefik, npm, etc… all work fine with Cloudflare. Personally I’m using Traefik and Caddy on my setups right now.
Also, a bit off-topic, but is Cloudflare’s proxy really needed? I heard it’s insecure to self host sites without Cloudflare because you’re exposing your ip address and leaving yourself vulnerable but is it really bad to self host without Cloudflare?
Up to you, cloudflare is a recent thing and hosting was done without it just fine before it came along. Personally I don’t use cloudflares proxy very much, I just use it mostly for DNS management.
How do you handle backups? Install restic or whatever in every container and set it up? What about updates for the OS and docker images, watchtower on them I imagine?
It sounds like a ton of admin overhead for no real benefit to me.
Regardless of VM or LXC, I would only install docker once. There’s generally no need to create multiple docker VMs/LXCs on the same host. Unless you have a specific reason; like isolating outside traffic by creating a docker setup for only public services.
Backups are the same with VM or LXC on Proxmox.
The main advantages of LXC that I can think of:
Dockers ‘take-over-system’ style of network management will interfere with proxmox networking.
It’s in beta, so large changes are to be expected. I don’t think it’s fair to blame them for design changes right now.