Why docker - eviltoast

Hi! Question in the title.

I get that its super easy to setup. But its really worthwhile to have something that:

  • runs everything as root (not many well built images with proper useranagement it seems)
  • you cannot really know which stuff is in the images: you must trust who built it
  • lots of mess in the system (mounts, fake networks, rules…)

I always host on bare metal when I can, but sometimes (immich, I look at you!) Seems almost impossible.

I get docker in a work environment, but on self hosted? Is it really worth while? I would like to hear your opinions fellow hosters.

  • haui@lemmy.giftedmc.com
    link
    fedilink
    English
    arrow-up
    30
    arrow-down
    1
    ·
    edit-2
    10 months ago

    Imo, yes.

    • only run containers from trusted sources (btw. google, ms, apple have proven they cant be trusted either)
    • run apps without dependency hell
    • even if someone breaks in, they’re not in your system but in a container
    • have everything web facing separate from the rest
    • get per app resource statistics

    Those are just what was in my head. Probably more to be said.