Proxmox VM vs LXC Container: Which Should You Use?
When to use a Proxmox virtual machine and when to use an LXC container — the practical decision framework for homelab workloads.
If you’ve installed Proxmox, you’ve immediately hit the choice: create a VM or create an LXC container? The Proxmox UI offers both. They look similar from the outside. They behave very differently under the hood.
Here’s the practical breakdown for homelab use.
What’s actually different
Virtual Machines (VMs) emulate complete hardware. Proxmox acts as a hypervisor and runs a fully isolated operating system in each VM. The VM has its own kernel, its own memory allocation, its own virtual disk. It thinks it’s running on real hardware. The host OS and the VM OS are completely separate.
LXC Containers share the host kernel. They’re isolated processes that share the Linux kernel with Proxmox. No hardware emulation. Much lower overhead — a container starts in seconds and uses a fraction of the RAM a VM would require for the same workload.
The trade-offs
| VM | LXC Container | |
|---|---|---|
| Overhead | Higher (full OS per VM) | Low (shared kernel) |
| Start time | 30-60 seconds | 2-5 seconds |
| RAM usage | Allocate 1-2GB minimum | Can run useful services in 256MB |
| Isolation | Complete | Process-level |
| Can run any OS | Yes (Windows, macOS, other Linux) | Linux only |
| Docker support | Native (it’s a full Linux OS) | Possible, requires privileged mode |
| Snapshots | Yes | Yes |
| Proxmox backup | Yes | Yes |
When to use a VM
Running Docker containers: I run a single Ubuntu 24.04 VM as my Docker host. This is a deliberate choice — Docker inside an LXC container requires privileged mode (which weakens the isolation), and an LXC-in-LXC situation gets messy. A VM gives Docker a clean, isolated Linux environment that behaves exactly as documented.
Running Windows: If you need Windows for anything — game servers, Windows-only software, testing — it needs to be a VM. LXC is Linux-only.
Maximum isolation: If a service is internet-facing or you’re experimenting with something potentially destructive, a VM’s isolation is worth the overhead. Even a compromised VM doesn’t compromise the host.
Non-standard kernels: Some software requires specific kernel versions or modules. A VM has its own kernel you can configure without affecting the Proxmox host.
Testing and development: Snapshot a clean VM before destructive testing. Roll back in seconds if things go wrong.
When to use LXC
Lightweight services that don’t need Docker: Pi-hole, AdGuard Home, Nginx, simple web servers, databases. These run fine in a privileged or unprivileged LXC container with very low overhead.
Services that run directly on Linux: If the software has a .deb package and doesn’t need Docker, LXC is appropriate. An LXC container running a single service uses 50-100MB of RAM instead of the 512MB-1GB minimum you’d allocate to a VM.
DNS and networking services: I run Technitium DNS in an LXC container at 192.168.1.102. It starts instantly, uses almost no resources, and there’s no reason it needs full VM isolation.
High container count: If you want to run 20+ isolated services, LXC lets you do that on a machine with 16GB of RAM. You can’t run 20 VMs on the same machine.
What I actually run
On my Proxmox node (192.168.1.10):
| Workload | Type | Why |
|---|---|---|
| Docker host (Ubuntu 24.04) | VM | All Docker containers run here |
| Technitium DNS | LXC | Lightweight, no Docker needed |
| Authelia | Docker container | Runs inside the VM |
| NPM | Docker container | Runs inside the VM |
| Tailscale subnet router | LXC | Simple service, low overhead |
The VM runs everything that’s Docker-based. LXC handles the few things that run as system services.
The privileged LXC with Docker approach
Some homelab users run Docker inside privileged LXC containers and find it works fine. It does work. The caveats:
A privileged LXC container has reduced isolation compared to a VM — processes in a privileged container run as root on the host with fewer kernel protections. For a home network where you’re not a threat model for sophisticated attacks, this is probably fine. For a service exposed to the internet, I wouldn’t do it.
Unprivileged LXC with Docker is harder to make work and has more compatibility quirks. Not recommended unless you have a specific reason.
How to create an LXC container
In the Proxmox web UI, click Create CT (not Create VM).
- General: Give it a hostname, set a root password
- Template: Choose a template (download CT templates first via pve → local → CT Templates → Templates). Debian 12 or Ubuntu 22.04 LTS are good choices
- Disks: 8-20GB is fine for most services
- CPU: 1-2 cores
- Memory: 256-512MB for lightweight services, 1-2GB if you’re not sure
- Network: Set a static IP in the same range as your other services
Leave the defaults unless you know you need something specific.
How to create a VM
Click Create VM in the Proxmox UI.
- General: Name it
- OS: Upload or use an existing ISO (download Ubuntu Server 24.04 ISO to your local storage first via pve → local → ISO Images → Download from URL)
- System: Leave defaults (BIOS: SeaBIOS is fine, or OVMF for UEFI)
- Disks: 32-100GB depending on use. Enable SSD emulation if your underlying storage is SSD
- CPU: 2-4 cores for a Docker host
- Memory: 4-8GB for a Docker host running a dozen services
- Network: Set to your bridge interface (usually
vmbr0)
After creation, start it and connect via the Proxmox console to run through the OS installation.
For the full Docker setup guide, see the Docker homelab beginners guide. For Proxmox initial setup, check the post-install checklist.