Now compare Docker vs LXC vs Chroot vs Jails and the performance and security differences. I feel a lot of people here are biased without knowing the differences (pros and cons).
this post was submitted on 28 Apr 2025
255 points (95.7% liked)
Selfhosted
46671 readers
363 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 2 years ago
MODERATORS
Hi! Im new to self hosting. Currently i am running a Jellyfin server on an old laptop. I am very curious to host other things in the future like immich or other services. I see a lot of mention of a program called docker.
search this on The internet I am still Not very clear what it does.
Could someone explain this to me like im stupid? What does it do and why would I need it?
Also what are other services that might be interesting to self host in The future?
Many thanks!
EDIT: Wow! thanks for all the detailed and super quick replies! I've been reading all the comments here and am concluding that (even though I am currently running only one service) it might be interesting to start using Docker to run all (future) services seperately on the server!
Wow! Thank you all for the civilized responses. This all sounds so great. I am older and I feel like I've already seen enough ads for one lifetime and I hate all this fascist tracking crap.
But how does that work? Is it just a network on which you store your stuff in a way that you can download it anywhere or can it do more? I mean, to me that's just a home network. Hosting sounds like it's designed for other people to access. Can I put my website on there? If so, how do I go about registering my domain each year. I'm not computer illiterate but this sounds kind of beyond my skill level. I'll go search Jellyfin, weird name, and see what I can find. Thanks again!
load more comments
(1 replies)
I would start with a premade docker compose file. From there learn how to tweak it.
Thank you for the thorough response. After looking carefully at what you wrote I didn't really see a difference between the term self-hosting and home network.
You said you have software that automatically downloads media. The way I see this using movies for instance, if I own the movies and have them on my machine, then I can stream them over my network and have full control. Whereas if I "own" them on Amazon and steam it from there, they can track the viewing experience, push ads, or even remove the content completely. I understand that.. But if I want a NEW movie, I'm back to Amazon to get it in the first place (or Netflix, or Walmart, etc. I get it). I'm fact, personally I've started actually buying disks of the movies/music I like most so that it can't really be taken away and I can enjoy it even without an Internet connection. Am I missing something? Unless of course the media you are downloading is pirated.
I know I'm asking what seems to be a huge question but I'm really only asking for a broad description, sort of an ELI5 thing.
Its an extremely fast and insecure way to setup services. Avoid it unless you want to download and execute malicious code.
You know container image attestations are a thing, right?
You know it doesn't verify any signature on download, right?
A signature only tells you where something came from, not whether it’s safe. Saying APT is more secure than Docker just because it checks signatures is like saying a mysterious package from a stranger is safer because it includes a signed postcard and matches the delivery company’s database. You still have to trust both the sender and the delivery company. Sure, it’s important to reject signatures you don’t recognize—but the bigger question is: who do you trust?
APT trusts its keyring. Docker pulls over HTTPS with TLS, which already ensures you’re talking to the right registry. If you trust the registry and the image source, that’s often enough. If you don’t, tools like Cosign let you verify signatures. Pulling random images is just as risky as adding sketchy PPAs or running curl | bash—unless, again, you trust the source. I certainly trust Debian and Ubuntu more than Docker the company, but “no signature = insecure” misses the point.
Pointing out supply chain risks is good. But calling Docker “insecure” without nuance shuts down discussion and doesn’t help anyone think more critically about safer practices.
Oof, TLS isnt a replacement for signatures. There's a reason most package managers use release signatures. x.509 is broken.
And, yes PGP has a WoT to solve its PKI. That's why we can trust apt sigs and not docker sigs.
Entirely depends on who's publishing the image. Many projects publish their own images, in which case you're running their code regardless.
Nope. See DCT. Its a joke.
Use apt.
load more comments
(9 replies)