Selfhosted

This blog post explains it well:

https://cosmicbyt.es/posts/demistifying-containers-part-1/

Essentially, containers are means of creating environments in which you can run software, and those environments are:

• isolated, which makes it a very controlled environment. Much harder to run into errors
• reproducible: we have tools that reproduce the same container from an image file
• easy to distribute: just have the container image.
• little to no compromises on performance (at least on Linux)

It is essentially a way for you to run a program without having to worry how to set up the environment, why it didn't work as expected, what dependencies you're missing, etc.

It's virtual machines but faster, more configurable with a considerably larger set of automation, and it consumes less computer resources than a traditional VM. Additionally, in software development it helps solve a problem summarized as "works on my machine." A lot of traditional server creation and management relied on systems that need to be set up perfectly identical every deployment to prevent dumb defects based on whose machine was used to write it on. With Docker, it's stupid easy to copy the automated configuration from "my machine" to "your machine." Now everyone, including the production systems, are running from "my machine." That's kind of a big deal, even if it could be done in other ways naturally on Linux operating systems. They don't have the ease of use or the same shareability.

What you're doing is perfectly expected. That's a great way of getting around using Docker. You aren't forced into using it. It's just easier for most people

For your use case, consider it to be a packaging format (like AppImage, Flatpak, Deb, RPM, etc.) that includes all the dependencies (including services, not just libraries) for the app in question.

Should I change this?

If it's not broken don't fix it.

Use Podman (my preferred - the SystemD approach is awesome), containerd, or Incus. Docker is a graveyard of half-finished pet projects that have no reason for existing. Podman has a Docker-compatible socket, so 100% of Docker tooling will work with it.

IMHO with docker and containerization in general you are trading drive space for consistency and relative simplicity.

a hypothetical:
You set up your mumble server and it requires the leftpad 3.7 package to run. you install it and everything is fine.
Now you install your ftp server but it needs leftpad 5.5. what do you do? hope the function that mumble uses in 3.7 still exists in 5.5? run each app in its own venv?

Docker and containerization resolve this by running each app in its own mini virtual machine. A container running mumble and leftpad 3.7 can coexist on host that also has a container running a ftp server with leftpad 5.5.

Here is a good video on what hole docker and containerization looks to fill
https://www.youtube.com/watch?v=Nm1tfmZDqo8

There have been some great answers on this so far, but I want to highlight my favourite part of Docker: the disposability.

When you have a running Docker container, you can hop in, fuck about with files, break stuff as you try to figure something out, and then kill the container and all of the mess you've created is gone. Now tweak your config and spin up a fresh one exactly the way you need it.

You've been running a service for 6 months and there's a new upgrade. Delete your instance and just start up the new one. Worried that there might be some cruft left over from before? Don't be! Every new instance is a clean slate. Regular, reproducible deployments are the norm now.

As a developer it's even better: the thing you develop locally is identical to the thing that's built, tested, and deployed in CI.

I <3 Docker!

I feel that a lot of people here are missing the point. Docker is popular for selfhosted services for a few main reasons:

1. It is one package that can be used on any distribution (or even OS with a Linux VM).
2. The package contains all dependencies required to run the software so it is pretty reliable.
3. It provides some basic sandboxing against non-malicious services. Basically the service can't scribble all over your filesystem. It can only write to specific directories that you have given it access to (via volumes) other than by exploiting security vulnerabilities.
4. The volume system also makes it very obvious what data is important and needs to be backed up or similar, you have a short list.

Docker also has lots of downsides. I would generally say that if your distribution packages software I would prefer the distribution's package over the docker image. A good distribution package will also solve all of these problems. The main issue you will see with distribution packages is a longer delay before new versions are made available.

What Docker completely dominates was previous cross-distribution packaging options which typically took one of the previous strategies.

1. Self-contained compiled tarball. Run the program inside as your user. It probably puts its data in the extracted directory, maybe. How do you upgrade? Extract and copy a data directory? Self-update? Code is mutable and mixed with data, gross.
2. Install script. Probably runs as root. Makes who-knows what changes to your system. Where is the data, is the service running? Will it auto-start on boot. Hope that install script supports your distro.
3. Source tarball. Figure out the dependencies. Hope they don't conflict with the versions your distro has. Set up users and setup scripts yourself. Hope the build doesn't take too long.

Install Portainer, it helps you get used to managing docker images and containers before going full command line.

I started self-hosting a bit prior to when Docker took off, and getting multiple services running was much harder. Service A wants a certain version of PHP installed with certain plugins while Service B wants a different version. You'd follow a tutorial for installing Service C and desperately hope that it wouldn't somehow break Service A or B. You installed Service D for a bit despite all the installation pain and now want to uninstall it - I hope you tracked exactly what config changes you made throughout the system so you can undo it.

Docker fixed all of this by making each service independent through containers which made self-hosting 10x easier. I'd also add that I love how easy it is to transfer my setup to a new server - I keep all of my container volumes in a specific directory and my docker-compose files in another and that's all I need to backup / transfer. Without Docker you'd have to specifically handle each & every configuration file and database location, and if you later upgrade to a newer version of the OS or a different distro you'd have to handle possible conflicts between your versions and what the distro expects.

Try to run something that requires php7 and something else that requires php8 on the same web server; or python 2 and python 3.

You actually can, but it's not pretty.

(The thing about a declarative setup isn't much of a difference, you can do it for any popular Linux distro.)

I have a reason I don't think is covered. A few programs I have come across that I want to try recommend docker and some only provide instructions for docker. They can spend less time trying to help you with dependencies and installations knowing they've included everything you need in the docker file. I don't have a background in Linux or programming so unless they tell you exactly how to install something, I can struggle. Their installation page is then just the docker compose file with a note on the environment variables you can change.

There is like 5mln tutorials

One of the the main reasons why docker and kubernetes take off is they standardized the deployment process. Say, you have 20 services running on your servers. It's much easier to maintain those 20 services as a set of yaml files that follow certain standard than 20 config files each with different format. If you only have a couple of services, the advantage is probably not apparent. But as you add more and more services, you'll start to appreciate it.

The thing that confused me when first learning about docker was, that everybody compares it to a virtual machine. It's not. Containers dont virtualize anything. They take a (single) process from the host OS and separate that into its own environment. All system calls, memory access, file writes etc are still handled by the same os (same kernel). However the process is separated both on the file system and process level. It can't see other processes outside of the container and it also doesn't see the real filesystem. It sees a filesystem provided by the container. This also means it sees different file and user permissions. When you run a alpine Linux docker container on an Ubuntu system, the container only containes the (few) files for alpine but no Linux kernel no desktop environment. A process inside that container only sees the alpine files and not the Ubuntu files. It also means all containers see a filesystem independent of each other and can use libraries and dependencies of different versions (they are only files after all).

For administration it makes running complex services easy. You define how to setup that service (what base Linux distro to use, what packages to install, what commands to run, and how to start the process). You can then be save to assume the setup of that service did not interfere with the setup of any other service. "Service 1 needs a certain system wide config changed? Service 2 needs that config in the default state? And both need a different version of the same library?" In containers you can have all at the same time because they each see a different version of the same config and library.

And all this is provided by the kernel itself. All docker does is provide an "easy" way to create and manage containers but could could do all of that using chroot, runc and a few other.

As a note, containers usually don't come with systemd as they don't need an init system. You would run the service directly inside the container and then use systemd outside the container to make sure the container is started/restarted, or just docker as it can already do that.

I found a great article demystifying containers recently

Vs. LXD?

Recent video that explains Docker very well: https://www.youtube.com/watch?v=rIrNIzy6U_g

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

8 acronyms in this thread; the most compressed thread commented on today has 12 acronyms.

[Thread #592 for this sub, first seen 11th Mar 2024, 17:25] [FAQ] [Full list] [Contact] [Source code]

A lot of people here really do be describing docker like flatpak