this post was submitted on 22 Dec 2024
44 points (97.8% liked)

Selfhosted

40871 readers
628 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Currently I'm running some services though Docker on a Proxmox VM. Before I had Proxmox, I thought containers were a very clean way of organizing my system. I'm currently wondering if I can just install the services I always use on the VM directly. What are the pros and cons of that?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 1 week ago* (last edited 4 days ago) (2 children)

Cons of containers are slightly worse disk and memory consumption.

Pros:

  • ease of installation
  • declarative, consistent configuration
  • ~~security~~ some degree of sandboxing
  • dependency management is solved

Stick with the containers

[–] [email protected] 4 points 1 week ago (1 children)

Wait, ease of installation? As someone who had to walk away from a semi-homebrew, mildly complicated cloud storage setup recently, that's not the experience I had. Networks within networks, networks next to networks not talking to each other, mapped volumes, even checking logs is made more complicated by containerising. Sure, I'm a noob, but that only reinforces my point.

[–] [email protected] 1 points 1 week ago

I definitely see your point, but the difference is that it’s one thing to learn. Once you know docker, you can deploy and manage anything.

[–] vegetaaaaaaa 1 points 1 week ago* (last edited 1 week ago)

security

with containers, software maintainers also need to keep their image up-to-date with latest security fixes (most of them don't) - whereas these are usually handled by unattended-upgrades or similar in a VM. Then put out a new release and expect users to upgrade ASAP. Or rebuild and encourage redeploying the latest image every day or so, which is bad for other reasons (no warning for breaking changes, the software must be tested thoroughly after every commit to master).

In short this adds the burden of proper OS/image maintenance for developers, something usually handled by distro maintainers.

trivy is helpful in assessing the maintenance/vulnerability level of OCI images.