Follow

My life got measurably better since I deployed @yunohost and cleaned up my infra.

Damn I should have done that months ago!

· · Web · 1 · 9 · 23

@rysiek Could you share some details plz.? What was frustrating before and is now easier (or gone)?

@blub previously I was using a bespoke, home-brew docker-compose config (with LDAP as the authentication back-end). Updates and adding new applications was manual, and somewhat brittle. So these things are way easier now.

I still wish @yunohost would offer the option of running each service in a separate docker container, for compartmentalization sake, but well. Can't win them all.

@rysiek @blub @yunohost Oh? I always though people used docker because it's easier to install/backup/upgrade. but ynh already does all that stuff for you. What other advantages does docker have?

@ilja @yunohost @blub as I said, compartmentalization. this gives mainly three things:

1. Very well-defined interfaces. Since when running in docker stuff is closed-by-default, volumes are not mounted by default, etc, one has to be explicit how/where ports are being opened or volumes made available to the code running in a container.

2. Easier to make it into a multi-host system. This gives you additional flexibility.

3. Docker is not a security tool, but it does improve it in certain ways.

@ilja @yunohost @blub 2. and 3. are basically consequences of 1.

This means you can have a container with your pretty sensitive Nextcloud stuff running separately from a container running your BitTorrent downloads (delicious, delicious distro ISOs!). The BitTorrent container has no direct access to the data of the Nextcloud container. Getting from BItTorrent container out to the host system requires additional exploits.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!