Podman pods + systemd units to manage pods lifecycle. Ansible to deploy the base OS requirements, the ancillary services (SSH, backups, monitoring…), and the pods/containers/services themselves.
I know enough to be dangerous. I know enough to follow faqs but dumb enough to not backup like I should.
So I’d be running my server on bare metal and have a couple services going and sooner or later, shit would get borked. Shit that was miles past my competence to fix. Sometimes I’d set up a DB wrong, or break it, or an update would screw it up, and then it would all fall apart and I’m there cursing and wiping and starting all over.
Docker fixes that completely. It’s not perfect, but it has drastically lowered my time working on my server.
My server used to be a hobby that I loved dumping hours into. Now, I just want shit to work.
If you’re hosting websites and not applications, perhaps you can use SSGs like Hugo/Gatsby. You could deploy your site in a bucket and put cloudflare in front. They can also be used on your own server of course. If you are hosting applications and want to keep them on 4g, you could put a CDN (CloudFlare or …) in frint of it. That would cache all static resources and greatly improve response times.
If you’re hosting websites and not applications, perhaps you can use SSGs like Hugo/Gatsby. You could deploy your site in a bucket and put cloudflare in front. They can also be used on your own server of course. If you are hosting applications and want to keep them on 4g, you could put a CDN (CloudFlare or …) in frint of it. That would cache all static resources and greatly improve response times.
7 daily backups, 4 weekly backups, 6 monthly backups (incremental, using rsnapshot). The latest weekly backup is also copied to an offline/offsite drive.
Portability is the key for me, because I tend to switch things around a lot. Containers generally isolate the persistent data from the runtime really well.
Docker is not the only, or even the best way IMO to run containers. If I was providing services for customers, I would definetly build most container images daily in some automated way. Well, I do it already for quite a few.
The mess is only a mess if you don’t really understand what you’re doing, same goes for traditional services.
Netdata (agent only/not the cloud-based features), and a bunch of scanners running from cron/systemd timers, rsyslog for logs (and graylog for larger setups)
Since your question is also related to securing your setup, inspect and harden the configuration of all running services and the OS itself. Here is my common ansible role for basic stuff. Find (prefereably official) hardening guides for your distribution and implement hardening guidelines such as DISA STIG, CIS benchmarks, ANSSI guides, etc.
I concur with most of your points. Docker is a nice thing for some use cases, but if I can easily use a package or set up my own configurations, then I will do that instead of use a docker container every time. My main issues with docker:
Containers are not updated with the rest of the host OS
firewall and mounting complexities which make securing it more difficult
There should be a whitepaper you can reference based on sales scenario. As others have said hourly, daily, weekly snapshots are not backups, unless you also have a btrfs or zfs send that IS backing up the snapshots to another remote device
Docker can be run rootless. Podman is rootless by default.
I build certain containers from scratch. Very popular FOSS software can be trusted, but if you’re as paranoid, you should probably run the bare-minimum software in the first-place.
It’s a mess if you’re not used to it. But yes, normal unix networking is somewhat simpler (like someone mentioned, LXC containers can be a decent idea). Well, you’ll realise that Docker is not really top-dog in terms of complexity when you start playing with the big boys like full-fledged k8s
I’ll say that as someone who stopped using docker and went back to deploying from source in lxc containers: dockers is a great tool for the majority of people and that is exactly what it aims to be, easily reusable in as many different setups as possible.
On the flip side, yes it may happen that you would not benefit from docker for a reason or another. I don’t, in my case docker only adds another layer over my already containerized setup and many of the services I deploy are already built from source in a CI/CD workflow and deployed through ansible.
I do have other issues with docker but those are usually less with the tool and more with how some project use docker as a mean to replace proper deployment documentations.
It has been years since I played with it but OpenStack is a suite of tools to build a data center like AWS or Azure. You can get the VM bit up and running pretty quick with basic packages on an Ubuntu system if you want to play with it, but again it has been years.
What is your goal? Playing with kvm may be a better path if you want to understand virtualization.
If you want to upskill for a job, I’d see if there is a certificate to work on. Even if you don’t want the cert, the curriculum might be a good starting point.
selfhosted
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.