So, after spending many many hours in the last weeks, I have tried two different solutions: docker and LXC.
In both solutions I have installed Nextcloud, MariaDB and Apache.
I want to share my impressions for all those who come along here in search for a virtualization solution:
1. Docker
Docker seems to be an industry-standard for containers at the moment. It is used worldwide in professional software development. E.g. in my company there are dozens of SW-developers running a standardized build environment on their local machines. The focus is not on security, but to provide an isolated build environment with all dependencies inside the container and no dependencies to the rest of the machine. The benefit is that the builds of all those machines are exactly the same and reproducible. This prevents the “It works on my machine”-problem.
Since docker is used in the industry, the documentation and support is really amazing and up-to-date.
You do not need much more than the manuals on docker.com.
I followed the instructions on https://docs.docker.com/install/linux/docker-ce/debian/
If you really want to understand what you are doing then it will take you several hours to study the documentation. But if you just want to run through, then it does not take long.
To install Nextcloud I used a very convenient way: Just run docker and get the nextcloud image: https://hub.docker.com/_/nextcloud/
And, out of the box, the nextcloud webpage was available in my network.
Disadvantages:
The reason why I stopped this approach was:
If you stop the docker image and start it again, then all the data inside is lost. You have to configure bind mounts (or other mechanisms) to save the configurations and the MariaDB database outside of the container.
If you want to make changes to the system (e.g. updates or installing further programs) then you have to make those changes to the “image” of the container. And then start a new container from that image.
I didn´t like this, because it doesn´t feel like a virtual machine not at all.
2. LXC
LXC containers run like a full blown operating system (feels like a virtual machine) and you can log into it and configure and install what you want and everything stays there when you stop and start again the container.
One advantage for example is, that I could run a debian buster image on my debian stretch machine. This was necessary because nextcloud requires php >= 7.2 and that is not available in armbian stretch.
I followed the instructions on https://linuxcontainers.org/lxc/getting-started/ and https://linuxcontainers.org/lxc/articles/
For installation of nextcloud you can follow the instructions on: https://docs.nextcloud.com/server/18/admin_manual/installation/source_installation.html#
Disadvantages:
LXC is not an industry standard. Not everything works out of the box. It is not documented as good as docker.
I had some struggles with unprivileged containers running from an unprivileged user (for security reasons. If an attacker breaks out of the container he will be a nobody without privileges). But this makes things more complicated. For example starting the container at bootup automatically. I found a lot of different “solutions” in a lot of forums, but either they did not work (perhaps because they refer to other versions of LXC or OS) or were just ugly hacks. This is the reason why I have concerns to expose the server to the internet.
OK, perhaps my problem was that I am still running debian stretch with LXC 2.0. Perhaps everything will be fine when you run LXC 3.0 on debian Buster.
But, in the end it runs fine on my machine locally in my home network and I am happy in the moment.
My advice:
Use LXC > 3.0 on Debian Buster or greater. Perhaps everything will run fine out of the box. Do not expose the server to the internet if there are other services with sensitive data (e.g. NAS) on that machine. If you want to do that, then consider to run a separate hardware (without the sensitive data) instead of a container.