191
What is Docker? (lemmy.world)
submitted 1 month ago* (last edited 1 month ago) by Jofus@lemmy.world to c/selfhosted@lemmy.world
85 comments fedilink hide all child comments

Hi! Im new to self hosting. Currently i am running a Jellyfin server on an old laptop. I am very curious to host other things in the future like immich or other services. I see a lot of mention of a program called docker.

search this on The internet I am still Not very clear what it does.

Could someone explain this to me like im stupid? What does it do and why would I need it?

Also what are other services that might be interesting to self host in The future?

Many thanks!

EDIT: Wow! thanks for all the detailed and super quick replies! I've been reading all the comments here and am concluding that (even though I am currently running only one service) it might be interesting to start using Docker to run all (future) services seperately on the server!

(page 2) 36 comments
sorted by: hot top controversial new old
[-] CodeBlooded@programming.dev 2 points 1 month ago* (last edited 1 month ago)

Docker enables you to create instances of an operating system running within a “container” which doesn’t access the host computer unless it is explicitly requested. This is done using a Dockerfile, which is a file that describes in detail all of the settings and parameters for said instance of the operating system. This might be packages to install ahead of time, or commands to create users, compile code, execute code, and more.

This instance of an operating system, usually a “server,” is great because you can throw the server away at any time and rebuild it with practically zero effort. It will be just like new. There are many reasons to want to do that; who doesn’t love a fresh install with the bare necessities?

On the surface (and the rabbit hole is deep!), Docker enables you to create an easily repeated formula for building a server so that you don’t get emotionally attached to a server.

[-] LovableSidekick@lemmy.world 1 points 1 month ago

Pretty good intro for absolute beginners here...

https://www.youtube.com/watch?v=pg19Z8LL06w

[-] Wytch@lemmy.zip 1 points 1 month ago

Thanks for asking this question. These replies are so much more helpful in understanding the basic premise than anything I've come across.

[-] Professorozone@lemmy.world 1 points 1 month ago

Wow! Thank you all for the civilized responses. This all sounds so great. I am older and I feel like I've already seen enough ads for one lifetime and I hate all this fascist tracking crap.

But how does that work? Is it just a network on which you store your stuff in a way that you can download it anywhere or can it do more? I mean, to me that's just a home network. Hosting sounds like it's designed for other people to access. Can I put my website on there? If so, how do I go about registering my domain each year. I'm not computer illiterate but this sounds kind of beyond my skill level. I'll go search Jellyfin, weird name, and see what I can find. Thanks again!

load more comments (1 replies)
[-] possiblylinux127@lemmy.zip 1 points 1 month ago

I would start with a premade docker compose file. From there learn how to tweak it.

[-] zer0squar3d@lemmy.dbzer0.com 0 points 1 month ago

Now compare Docker vs LXC vs Chroot vs Jails and the performance and security differences. I feel a lot of people here are biased without knowing the differences (pros and cons).

[-] jagged_circle@feddit.nl 0 points 1 month ago

Its an extremely fast and insecure way to setup services. Avoid it unless you want to download and execute malicious code.

[-] Darioirad@lemmy.world 0 points 1 month ago

Please explain this to me

[-] jagged_circle@feddit.nl 2 points 1 month ago* (last edited 1 month ago)

Package managers like apt use cryptography to check signatures in everything they download to make sure they aren't malicious.

Docker doesn't do this. They have a system called DCT but its horribly broken (not to mention off by default).

So when you run docker pull, you can't trust anything it downloads.

[-] Darioirad@lemmy.world 1 points 1 month ago

Thank you very much! For the off by default part i can agree, but why it's horribly broken?

[-] jagged_circle@feddit.nl 0 points 1 month ago* (last edited 1 month ago)

PKI.

Apt and most release signing has a root of trust shipped with the OS and the PGP keys are cross signed on keyservers (web of trust).

DCT is just TOFU. They disable it because it gives a false sense of security. Docker is just not safe. Maybe on 10 years they'll fix it, but honestly it seems like they just dont care. The well is poisoned. Avoid. Use apt or some package manager that actually cares about security

[-] Darioirad@lemmy.world 0 points 1 month ago

So, if I understand correctly: rather than using prebuilt images from Docker Hub or untrusted sources, the recommended approach is to start from a minimal base image of a known OS (like Debian or Ubuntu), and explicitly install required packages via apt within the Dockerfile to ensure provenance and security. Does that make sense?

[-] jagged_circle@feddit.nl 1 points 1 month ago* (last edited 1 month ago)

Install the package with apt. Avoid docker completely.

If the docker image maintainer has a github, open a ticket asking them to publish a Debian package

[-] Darioirad@lemmy.world 2 points 1 month ago

I see your point about trusting signed Debian packages, and I agree that’s ideal when possible. But Docker and APT serve very different purposes — one is for OS-level package management, the other for containerization and isolation. That’s actually where I got a bit confused by your answer — it felt like you were comparing tools with different goals (due to my limited knowledge). My intent isn’t just to install software, but to run it in a clean, reproducible, and isolated environment (maybe more than one in the same hosting machine). That’s why I’m considering building my own container from a minimal Debian base and installing everything via apt inside it, to preserve trust while still using containers responsibly! Does this makes sense for you? Thank you again for wasting your time to reply to my dumb messages

[-] jagged_circle@feddit.nl 2 points 1 month ago

Containers have been around for decades. Look into lxc.

But for the best security, you want VMs. Look into proxmox.

load more comments (1 replies)
[-] festus@lemmy.ca -1 points 1 month ago

Entirely depends on who's publishing the image. Many projects publish their own images, in which case you're running their code regardless.

[-] jagged_circle@feddit.nl 1 points 1 month ago

Nope. See DCT. Its a joke.

Use apt.

[-] ianonavy@lemmy.world -1 points 1 month ago

You know container image attestations are a thing, right?

load more comments (3 replies)
load more comments
view more: ‹ prev next ›
this post was submitted on 28 Apr 2025
191 points (95.7% liked)

Selfhosted

48278 readers
236 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz