Well I'm back to using Docker!

• 15 April 2025
• Linux,
• Server,
• Docker,
• Nextcloud,
• Wireguard,
• Pi-Hole,
• Jellyfin

So, I'v self-hosted services for my family, for long time now, starting originally on a Raspberry pi for the hardware. For a relative beginner at the time, it may surprise many that I utilised Docker containers to host my services. However like a lot of self-hosters, I have jumped from one technology to the next to improve my setup, improve the security of said setup or to improve the ease of deployment.

I switched from hosting with Docker to Podman, which is a similar container technology. With security in mind, the containers could be run with out the root user, inside and outside the container if desired. I then switched to a Nix-OS setup utilising a nix config file, specifying all my services, settings and configuration in one file which was amazing for reproducibility and ease of deployment.

Now in a strange twist to this tale, I changed from NixOS to a good ole' debian server install, with natively installed applications and services via the package manager. However each one of these technologies or setups, although enjoyable to research and get setup, came with a price, more on that later.

All the services I deployed over the years, originally were exposed to the internet via exposed ports in my router, usually behind a reverse proxy and always with a valid let's encrypt cert for https encryption. I've bounced from hosting Nextcloud to individual services like Radicale for calendars, Open media vault for storage, matrix and then XMPP- "Snikket" for chat and video calls. OpenHab for Home automation to Home Assistant. Nginx for file servers and reverse proxies to traefik and then to Caddy. Jellyfin to Kodi for media servers. All of this only scratches the surface of how many times I've changed and changed again from one service to another......

As you can imagine this has not been gratefully received by my family, who have come to rely on these services and quite rightly, expect it not change!

As I mentioned all these technologies for hosting came at a price, Docker was easy to deploy with docker compose, but may have a slight concern with regards security for root run containers exposed to the internet. Podman was good and came setup out of the box on a Fedora server, but the documentation available to get going, for all the services I've tried, was lackluster at the time, to say the least and came with a lot of trial and error.

Nix-OS with a nix config file was great for reproducibility and ease of deployment, but again documentation was very sparse and seemed more of a trendy thing, not quite ready for production, more than a stable solution going forward.

Finally the good ole' Debian install with natively installed packages came with, you probably guessed it, old packages! which for certain services became an issue like Nextcloud apps requiring a more up to date PHP version.

Now before you say it, a lot of these issues can be got around with a bit of know how and tinkering. Docker now has a rootless option but its certainly not as good or easy as podman's setup. Podman just requires more trial and error to get going, although the documentation has got slightly better over the years. Nix needs a little more time in the oven and a lot more time writing documentation, plus I don't feel it's as stable for a server setup. A workstation ! absolutely! but not really a stable, reliable, easy (as in initially!) to setup server. The Debian option with native packages of course you can backport newer versions but this creates a bit of mess when it becomes a lot of packages.

So after many setups and dozens of different services. I've landed on..... A good ole' Debian server!?....But this time with services hosted using Docker containers. I know, I know, I just said it had some issues but these days I only access my services outside my local network via a self hosted wireguard VPN, so that removes that issue straight away, but also provide a lot of other benefits, like access to my entire local network remotely and securely.

I've also settled on several standard services, I have the Nextcloud 'All in One' container, which itself manages several containers as part of the All in One, including Collabora office, Nextcloud Talk, Redis, a postgresql container, a high performance Nextcloud backend as well as a turn server for video/voice call connections.

I also have a Pi-hole container running as my DNS server and ad-blocking for my entire network.

Caddy as the reverse proxy to my Nextcloud AIO.

Jellyfin.... again, runs as my media server (this works amazing over the VPN by the way) and Portainer for container management.

The Debian server is a vanilla install only, with Wireguard running natively, this is mainly because it works better with the linux kernel this way and of course Docker is installed, utilising docker compose for ease of deployment.

Home assistant runs using Home Assistant OS on its own server, so that the voice assistant doesn't bog down other services that I would have hosted if it was one server for them all.

So that's my 2025 server setup! hopefully with all the experience/knowledge I've gained over the years, this time it will stay unchanged..... for several years at least.

If you have any questions about my setup or want information albeit out of date, for my previous setups, please reach out on Mastodon.

Looking for comments? There are no comments. It's not that I don't care what you think, it's just that I don't want to manage a comments section.

If you want to comment mention this post on Fosstodon and I will reply there.

• ← Previous
  All in on Linux Gaming.