this post was submitted on 15 Nov 2024
58 points (96.8% liked)

Selfhosted

60451 readers
640 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I’m moving to a new machine soon and want to re-evaluate some security practices while I’m doing it. My current server is debian with all apps containerized in docker with root. I’d like to harden some stuff, especially vaultwarden but I’m concerned about transitioning to podman while using complex docker setups like nextcloud-aio. Do you have experience hardening your containers by switching? Is it worth it? How long is a piece of string?

you are viewing a single comment's thread
view the rest of the comments
[–] brewery@lemmy.world 6 points 2 years ago (1 children)

Not sure if it makes a difference and not quite your question but I've just switched away from nextcloud-aio to just having my own docker compose, so I have better control and know what's going on more. I always found it funny and when installing on a new VPS decided to try. It was surprisingly straightforward and Ive been able to install everything I need.

Let me know if my docker compose would help. I still need to add the backup solution but it's going to be straightforward as well.

[–] bigdickdonkey@lemmy.ca 1 points 2 years ago (1 children)

I would love to see your compose file. I already have to run special steps on my nextcloud-aio to use it with a reverse proxy so I'm interested in moving away from it.

[–] brewery@lemmy.world 2 points 2 years ago (1 children)

pastebin.com/DiHX2vg2

Hopefully this works and you can see the compose file. I've put a few things in [square brackets] to hide some stuff, probably overly cautiously. I have an external network linked to NPM and in that, I use nextcloud-server for IP address and 80 for the port (it's the inside container port, not 8080 on the system - that took me a long time to figure out!). Add a .env file with everything referenced in the compose file, then (hopefully!) Away you go

[–] bigdickdonkey@lemmy.ca 2 points 2 years ago

Thanks for sharing this! It also took me a while to understand the difference between the Expose dockerfile command and the --publish cli command