this post was submitted on 10 Jan 2024
78 points (86.8% liked)

Selfhosted

39250 readers
259 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
78
Why docker (feddit.it)
submitted 8 months ago by [email protected] to c/[email protected]
70 comments fedilink hide all child comments
 

Hi! Question in the title.

I get that its super easy to setup. But its really worthwhile to have something that:

  • runs everything as root (not many well built images with proper useranagement it seems)
  • you cannot really know which stuff is in the images: you must trust who built it
  • lots of mess in the system (mounts, fake networks, rules...)

I always host on bare metal when I can, but sometimes (immich, I look at you!) Seems almost impossible.

I get docker in a work environment, but on self hosted? Is it really worth while? I would like to hear your opinions fellow hosters.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 29 points 8 months ago* (last edited 8 months ago) (2 children)

Imo, yes.

  • only run containers from trusted sources (btw. google, ms, apple have proven they cant be trusted either)
  • run apps without dependency hell
  • even if someone breaks in, they’re not in your system but in a container
  • have everything web facing separate from the rest
  • get per app resource statistics

Those are just what was in my head. Probably more to be said.

[–] [email protected] 6 points 8 months ago (1 children)

Also the ability to snapshot an image, goof around with changes, and if you don’t like them restore the snapshot makes it much easier to experiment than trying to unwind all the changes you make.

[–] [email protected] 1 points 8 months ago

I havent actually tried that. Might need to check it out. :)

[–] [email protected] -3 points 8 months ago (1 children)
  1. Even if someone breaks in, they are not a user, but root 🤝
[–] [email protected] 3 points 8 months ago

*in that container, not in the system