Glossary

In Docker, a bind mount maps a host path into the container; a named volume is managed by Docker on a host path you don't pick. Bind mounts are easier to back up; volumes are easier to manage and don't depend on host paths.

Two or more nodes coordinating to provide HA, live migration, or shared storage. Proxmox clusters need 3 nodes for quorum (or a Q device); Ceph wants 3 nodes minimum; k3s servers want 3 for etcd HA.

An isolated process tree sharing the host kernel but with its own filesystem, network namespace, and resource limits. Lighter than a VM (no kernel boot) but with weaker isolation. Docker, Podman, and LXC are the common runtimes.

A YAML-based way to declare multi-container applications. "docker compose up" pulls images, creates networks, and starts the stack. The standard format for distributing self-hosted apps.

Software that runs virtual machines on physical hardware. Type 1 (bare-metal: Proxmox, ESXi) installs directly on the host; Type 2 (hosted: VirtualBox, VMware Workstation) runs on top of a regular OS. Homelabs almost always run Type 1.

A lightweight Kubernetes distribution from Rancher/SUSE. Single-binary, sqlite-backed default storage, runs on a Raspberry Pi. The realistic on-ramp to Kubernetes for homelab use.

ZFS's parity-based redundancy levels: RAID-Z1 (one parity, ~RAID5), Z2 (two parity, ~RAID6), Z3 (three parity). Unlike legacy RAID, ZFS detects and corrects silent corruption via checksums during scrubs.

A server that terminates connections from clients and forwards them to backend services. Handles HTTPS, routing by hostname/path, auth, and rate limits. Traefik, Caddy, and nginx-proxy-manager are the popular options.

An outbound persistent connection from your homelab to a public relay (Cloudflare, Tailscale Funnel) that lets external users reach internal services without an open inbound port. Useful behind CGNAT or restrictive ISP.

Commercial mesh VPN built on WireGuard with a free tier suitable for most homelabs. Handles NAT traversal and key distribution. Headscale is the open-source coordination server.

Modern in-kernel VPN protocol. Used both for remote access to homelab (instead of OpenVPN) and as the transport beneath mesh-VPNs like Tailscale and Netbird.

Copy-on-write filesystem with built-in volume management, snapshots, send/receive replication, and end-to-end checksums. The default storage layer for serious homelabs. RAM-hungry but worth it.