Selfhosted

Docker is a set of tools, that make it easier to work with some features of the Linux kernel. These kernel features allow several degrees of separating different processes from each other. For example, by default each Docker container you run will see its own file system, unable to interact (read: mess) with the original file system on the host or other Docker container. Each Docker container is in the end a single executable with all its dependencies bundled in an archive file, plus some Docker-related metadata.

I've never posted on Lemmy before. I tried to ask this question of the greater community but I had to pick a community and didn't know which one. This shows up as lemmy.world but that wasn't an option.

Anyway, what I wanted to know is why do people self host? What is the advantage/cost. Sorry if I'm hijacking. Maybe someone could just post a link or something.

A program isn't just a program: in order to work properly, the context in which it runs — system libraries, configuration files, other programs it might need to help it such as databases or web servers, etc. — needs to be correct. Getting that stuff figured out well enough that end users can easily get it working on random different Linux distributions with arbitrary other software installed is hard, so developers eventually resorted to getting it working on their one (virtual) machine and then just (virtually) shipping that whole machine.

Please don't call yourself stupid. The common internet slang for that is ELI5 or "explain [it] like I'm 5 [years old]".

I'll also try to explain it:

Docker is a way to run a program on your machine, but in a way that the developer of the program can control.
It's called containerization and the developer can make a package (or container) with an operating system and all the software they need and ship that directly to you.

You then need the software docker (or podman, etc.) to run this container.

Another advantage of containerization is that all changes stay inside the container except for directories you explicitly want to add to the container (called volumes).
This way the software can't destroy your system and you can't accidentally destroy the software inside the container.

good answers already so i will give you a different example.

my basic understanding of it is that docker was created originally for developers. im not sure if anyone planned for it to be a way to package up software for end users.

before docker existed you would have this issue where devs would be working on an app, say jellyfin, but each dev might be on a different platform (windows, mac, linux), or be using a different OS version, or different versions of whatever software... which meant it happened often that the app would work for one dev but not another. maybe one dev updated C# to version 2.3 and told everyone else to update, but someone missed the memo and is still running version 2.2 and now jellyfin wont work for them and time would be wasted trying to figure out where the mismatch was

so docker was a way to fix that "version hell" problem. every single thing that is needed for the app to run is kept inside the container. one dev will update something to a new version, then that container is shared to all other devs and each dev only has to worry about updating to the newest container before they start working on something.

app settings are kept in a separate location and the app data in another. in the case of jellyfin, the app data would be the movies or tv shows folder for example. then when you start the docker container, it will symlink those 2 locations/folders inside the container and the jellyfin app can access them as if they were folders that were actually stored inside the container.

so having the settings and data separate like that makes it very easy to update the container to a new version, or for a developer is probably useful being able to rollback to an older container for testing. its similar to how say windows puts the program files in one location and settings in the appdata folder

for end users its handy if theres a new version of jellyfin or whatever that isnt released yet but you want try it out, you can run 2 containers at the same time and both of them can access the same settings and data. (maybe with the newer one in read-only mode so it doesnt mess up your settings or data!)

It’s a container service. Containers are similar to virtual machines but less separate from the host system. Docker excels in creating reproducible self contained environments for your applications. It’s not the simplest solution out there but once you understand the basics it is a very powerful tool for system reliability.

I'm not sure how familiar you are with computers in general, but I think the best way to explain Docker is to explain the problem it's looking to solve. I'll try and keep it simple.

Imagine you have a computer program. It could be any program; the details aren't important. What is important, though, is that the program runs perfectly fine on your computer, but constantly errors or crashes on your friend's computer.

Reproducibility is really important in computing, especially if you're the one actually programming the software. You have to be certain that your software is stable enough for other people to run without issues.

Docker helps massively simplify this dilemma by running the program inside a 'container', which is basically a way to run the same exact program, with the same exact operating system and 'system components' installed (if you're more tech savvy, this would be packages, libraries, dependencies, etc.), so that your program will be able to run on (best-case scenario) as many different computers as possible. You wouldn't have to worry about if your friend forgot to install some specific system component to get the program running, because Docker handles it for you. There is nuance here of course, like CPU architecture, but for the most part, Docker solves this 'reproducibility' problem.

Docker is also nice when it comes to simply compiling the software in addition to running it. You might have a program that requires 30 different steps to compile, and messing up even one step means that the program won't compile. And then you'd run into the same exact problem where it compiles on your machine, but not your friend's. Docker can also help solve this problem. Not only can it dumb down a 30-step process into 1 or 2 commands for your friend to run, but it makes compiling the code much less prone to failure. This is usually what the Dockerfile accomplishes, if you ever happen to see those out in the wild in all sorts of software.

Also, since Docker puts things in 'containers', it also limits what resources that program can access on your machine (but this can be very useful). You can set it so that all the files it creates are saved inside the container and don't affect your 'host' computer. Or maybe you only want to give permission to a few very specific files. Maybe you want to do something like share your computer's timezone with a Docker container, or prevent your Docker containers from being directly exposed to the internet.

There's plenty of other things that make Docker useful, but I'd say those are the most important ones--reproducibility, ease of setup, containerization, and configurable permissions.

One last thing--Docker is comparable to something like a virtual machine, but the reason why you'd want to use Docker over a virtual machine is much less resource overhead. A VM might require you to allocate gigabytes of memory, multiple CPU cores, even a GPU, but Docker is designed to be much more lightweight in comparison.

Learn Docker even if you have a single app. I do the same with a Minecraft server.

• No dependency issues
• All configuration (storage/network/application management) can be done via a single file (compose file)
• Easy roll-backs possible
• Maintain multiple versions of the app while keeping them separate
• Recreate the server on a different server/machine using only the single configuration file
• Config is standardized so easy to read

You will save a huge amount of time managing your app.

PS: I would like to give a shout out to podman as the rootless version of Docker

If 'but it works on my computer' was a software service

A little box you can put your app.

If the app does bad, it doesn't sink your ship. Just throw the box over board and repackage the app.

I'm not sure most people need it, but it could be fun to use a new app inside a container. Also makes updating that needs a restarting without shutting down your other services.

Containerized software. The main advantage of this is that every application, or stack of applications, runs in its own ecosystem. You can restart a container whenever without having to reboot your entire system. You can store all data off a container in a volume, so if you hit a snag, you can recreate the container without actually losing any of your configs.

You can also create networks so that apps run in different subnets than other apps.

Very simply put, a docker container is like a mini system that runs on your main system.

Something else I like about docker is docker compose. You can create a container or stack of containers with a single simple YAML file without actually having to install anything yourself. I manage my containers in Portainer.

You can think of Docker as something that lets you run all of your self-hosted services inside of their own virtual machine. To each service, it looks like that service is running on its own separate computer. (A Docker container is not actually a virtual machine, it's something much faster than that, but I like to think about it the same way. It has similar advantages.)

This has a few advantages. For example, if there is a security vulnerability in one of your services, it's less likely to affect your whole server if that vulnerable service is inside of a Docker container. Even if the vulnerability lets an attacker see files on your system, the only "system" they can see is the one inside of the Docker container. They can't look at anything else on the rest of your actual computer, they can only see the Docker "virtual machine" that you created for that one service.

Okay, so way back when, Google needed a way to install and administer 500 new instances of whatever web service they had going on without it being a nightmare. So they made a little tool to make it easier to spin up random new stuff easily and scriptably.

So then the whole rest of the world said "Hey Google's doing that and they're super smart, we should do that too." So they did. They made Docker, and for some reason that involved Y Combinator giving someone millions of dollars for reasons I don't really understand.

So anyway, once Docker existed, nobody except Google and maybe like 50 other tech companies actually needed to do anything that it was useful for (and 48 out of those 50 are too addled by layoffs and nepotism to actually use Borg / K8s/ Docker (don't worry they're all the the same thing) for its intended purpose.) They just use it so their tech leads can have conversations at conferences and lunches where they make it out like anyone who's not using Docker must be an idiot, which is the primary purpose for technology as far as they're concerned.

But anyway in the meantime a bunch of FOSS software authors said "Hey this is pretty convenient, if I put a setup script inside a Dockerfile I can literally put whatever crazy bullshit I want into it, like 20 times more than even the most certifiably insane person would ever put up with in a list of setup instructions, and also I can pull in 50 gigs of dependencies if I want to of which 2,421 have critical security vulnerabilities and no one will see because they'll just hit the button and make it go."

And so now everyone uses Docker and it's a pain in the ass to make any edits to the configuration or setup and it's all in this weird virtualized box, and the "from scratch" instructions are usually out of date.

The end