The overlay2 folder should contain all image layers and the copy-on-write layer container files are written in. The gmodserv data should be there twice, one time from the layer and one time in the merged folder, which is the ultimate view the container sees. If you see it a third time, I guess it means you modifly files in the running container, which will end up in the copy-on-write layer. This should give you a clean result for du: sudo du --max-depth=1 --human-readable --no-dereference --one-file-system /var/lib/docker/overlay2

Your mounted folder has nothing todo with overlay2, it is mountend within the filesystem of the container.

You could optimize your Dockerfile and merge the RUN instructions from “Prepare Gmod server and CSS content” and “Cleanup” into a single block, the cleanup block has no meaning as the files are already fixed in the layer the first RUN instruction created. The apt upgrade -y command inside the “Prepare Gmod server and CSS content”, will result in files existing in the base-image, will be overwritte in this layer. The files of the base image still exist, but get flagged in the layer as replaced. Usualy apt upgrade without squashing the image results in a bigger image.