I love self-hosting software on VPSes. I do it all the time. I've done it for years.

But the thing is that it can get very hard to deploy two different things on the same system. Maybe one thing wants php 7, and another wants php 8, and they both want to find it at php. And god help you if one of them wants to upgrade to php 8.0.0.0.1 and your OS doesn't have php 8.0.0.0.1 in its package repo.

You can fix this, manually, if the software is configured to allow you to configure it. In practice, that becomes very fragile very quickly.

And to make things worse, if you want to move to another server, you need to have the precise set of configurations and changes you set up ready to go, at hand.

After years of this, you get jaded. You learn some tricks: (1) Write down everything you do to install a piece of software, and (2) Chroot, or even namespaces and cgroups (although I never learned these).

Eventually, you get so good at this, that you're deploying software through a series of shell scripts which do chroots, and--

ah fuck, congratulations,

You have just invented Docker!

"Chroot, cgroups, namespaces, and scripts" are 80% of the way to just being Docker. The other 20% is the thoughtful interface and community built around it.

It turns out that Docker is very very good, and probably the best thing to use to deploy most software on servers. It solves a real, actual, problem. It makes things much easier.

If software has a dependency that isn't named "libc", I'd very much like to use it for Docker.

I was anti-Docker for awhile, since it carried with it the stigma of Bloated Bad New Software. Docker came around when I realized software just got worse and worse over time. (We have so much compute! Why is everything slower than it was 20 years ago? Am I losing my mind? It doesn't matter if Linux is fast when it still needs to load modern webpages! Aaaa!)

So, sorry Docker. I maligned you by associating you with bad things. But you are very very good.

I've seen the Docker light

Docker means no more dependency fighting. Docker means a (reasonable amount) of portability between servers. Docker has very little extra bloat on Linux, because it's not a VM. It's native Linux tooling. (And if you're not using a Linux server... Then, shoo, you're doing things the hard and bad way anyway. If you're using a Windows server, then Docker runs on a Linux VM, but you will already be dealing with so much bloat anyways.)

I learned Docker in June of 2024 (just 6 months ago!) to Save Just Post Forever. Since then, I used it for a dozen different things. It works so well on everything. I'm using it at work. I can't believe I've been a Docker hater for so long.

Kudos to Emma for putting in the work to make a production-ready Docker setup for Postmill, in addition to, y'know, making Postmill.

The thing is, I thought making a Dockerfile (and likely also a docker-compose.yml) was standard for software, especially multi-service software (e.g. php + sql).

So, I went to stand up a phpBB instance for another thing, and I found out

a lot of people actually think Docker is stupid

and I felt sad.

There is no official phpBB Docker? Everyone on the phpBB phpBB thinks an official phpBB Docker is stupid? :(

I'm happy that Discourse's Discourse's Docker discourse didn't deny Docker. But I don't wanna use Discourse.

I've seen this quite a bit: A software project with a non-trivial deployment process was not yet on the Docker train.

So, that makes me extra grateful that Postmill had a good Docker experience :D

TLDR: I thought "project has a Dockerfile" would be universal and I was wrong. Thank you again to Emma for having a great big prod-ready Docker set up. It also showed me that Docker is good actually

Comments

flabberghaster wrote on January 18, 2025 at 6:31 AM

i call it dorker

twovests OP wrote on January 18, 2025 at 4:04 PM

:O

twovests OP wrote on January 18, 2025 at 5:01 AM

now, if only i had something else i could call docker...

flabberghaster wrote on January 18, 2025 at 6:32 AM

i think docker's API is stupid; it's a bad wrapper around linux containers but there's not an actually good wrapper around it. so OCI is the best we have. and OCI is just like... docker but meant to be more open of a standard so we don't need docker specifically.

Containers are a good idea but I just don't like the tooling.

twovests OP wrote on January 18, 2025 at 4:07 PM

I'd love to hear more; I dislike that it's tied to a Company but I don't know enough to have qualms with the tooling. I'm still in the honeymoon phase with Dorker

flabberghaster wrote on January 18, 2025 at 4:09 PM

I worked with it like 8 years ago and didn't like it; that's just down to it being much less mature back then, and also me not wanting to learn it.

The OCI standard is pretty mature now and there's a lot better tooling. I should stop being a curmudgeon and learn how to use it to be honest, but i'm a grouch who likes to do things the old way.

twovests OP wrote on January 18, 2025 at 4:22 PM

Yeah, I get that. I think I'm an "old ways" person too (thank u weird people who got me into linux in 2009). Docker just feels like the "right" way for me to do the "old ways" things I've been doing.

Lots of gotchas (isolation but no security benefits at all ??? every container gets host root ???) but lots of "I-gotchya-buddy" too. (That's Docker saying "I gotchya buddy", because it loves u)

flabberghaster wrote on January 18, 2025 at 4:46 PM

I do think containers are a bandaid for having too many dependencies or a workaround for people who don't want to make their software easy to deploy. Like you shouldn't have to ship an entire inner OS with runtime and everything, it should just compile and run. Sometimes that's not feasible for valid reasons, but often it's a way to get away with having a bad release process or having your software too complicated to set up.

twovests OP wrote on January 18, 2025 at 5:01 PM

a bandaid for having too many dependencies or a workaround for people who don't want to make their software easy to deploy

I'd be curious to ask this; what could someone using a LAMP-like stack do to improve on things? I kind of thought that dependency problems were inherent to this kind of stack.

E.g. Postmill uses Postgres and PHP. Short of rewriting the PHP part in Rust or Go (which is an extreme length but would produce a mostly-static binary), or using another isolation tool like AppImage or Flatpak, I don't know any way it could be easier to deploy.

I really am asking from curiosity-- I moved to Docker because of frustration with LAMP-likes. (Shaking my fist at Nextcloud)

flabberghaster wrote on January 18, 2025 at 5:15 PM

this is assuming the only thing the server is running is linux apache mysql and php; but you'd just write your PHP code and create a package like an RPM or what have you, that deploys it to the right place, and your configs for the rest of things would also either be their own packages, or managed by some script or puppet.

It all depends i guess. I suppose it probably is much easier to manage if you just compose some images, than if you say "you gotta configure the machine" because if you can abstract away much of that stuff into containers then you're not stuck on one distro of linux, so i get why people use docker (which I call dorker btw).

emma wrote on January 18, 2025 at 4:30 PM

I dislike that it's tied to a Company

well the good news is that thanks to oci, it's tied to two companies, the other being red hat with podman

the bad news is both companies are in their enshittification stage, paywalling features and trying to sell you crappy ai shit

anyway, in theory i like podman more than docker. like the problem with docker is if you're root in a container, you're root in real life, and podman solves that with some file ownership abstraction thing or something. podman containers also run without a daemon, which is nice.

but when i've tried using podman for postmill development, it crashed, and for deploying services, i couldn't get ansible to work with it. which is weird, because ansible is also a red hat product.

so my take is that ansible will be nicer, when it's fixed.

twovests OP wrote on January 18, 2025 at 4:49 PM

the bad news is both companies are in their enshittification stage, paywalling features and trying to sell you crappy ai shit

Awh, I was really hoping this was just Docker advertising itself as good for deploying AI. Running neural networks usually means running Python, and Python package management with CUDA is so hard that (in practice) you'll just see people providing a Docker container. Some kind of "Docker AI Hub" would make sense as a product.

Looked it up, nope, it's "we'll generate your Dockerfile for you!" which is very very stupid :(

but when i've tried using podman for postmill development, it crashed, and for deploying services, i couldn't get ansible to work with it. which is weird, because ansible is also a red hat product.

Oh yeah, this was my experience too (sans ansible). I wanted to use Podman for the same reasons you listed.

Actually, according to my notes, first I tried setting up a Conduwuit server to get connected to the Matrix using Podman. So, that's two marks against it. Which is strange, since it should be the same API around the same Linux tools, where the only difference is the containers can't use root, which they shouldn't be doing anyways...