Isolation mechanisms in ascending order of abstraction level and, accordingly, ease of use
- an add-on over lxc designed for convenient containerization of one application, and not a full-fledged OS, unlike lxd
On FreeBSD, this is implemented by jail , bhyve mechanisms, which seem to be better, but rarely anyone can do them due to the low prevalence of FreeBSD.

LXC is severely limited but might fit. Try to deploy the server in a container, and better in LXD (there is a rest-api there).
If there are problems, the next step I would try on OpenVZ / Virtuozzo.
And only then virtualization at the hardware level (KVM/Vmware/etc.).

Enough chroot'a. It is he who is used for such tasks, if you just need to isolate processes.

The choice of tool is correct, but if you don't really understand how LXC works, then you should either read the documentation or abandon the task, but certainly not write such a question on the toaster. =) No one can help you understand a rather complex topic with a couple of phrases in response to a question.
And so, yes - to create a separate container for each instance, of course.
In fact, there are a lot of wrappers for managing containers, but in general it’s quite enough for you to solve your LXC task, it doesn’t make much sense to go up the levels and use more complex wrappers over the same mechanisms.
In general, you need to read about what you will manage, namely namespaces and cgroups first of all. Perhaps this will put everything in its place for you ...

try playing around with systemd unit limits.
limitation on the use of the processor, memory and disks it has built-in.
there are a couple of old articles in the memos 0pointer.de/blog/projects/resources.html vladimir-stupin.blogspot.com/2013/03/systemd-3.html
well man https://www.freedesktop.org/software/systemd /man/s...