Docker

Automating Docker Updates: Watchtower vs Diun vs Manual Strategies Your homelab is running smoothly. Twenty containers, all humming along. Then a CVE drops for one of your images, and you realize you haven’t updated anything in three months. Docker containers don’t update themselves. Unlike desktop apps with auto-update prompts or Linux packages with apt upgrade, containers stay pinned to whatever image you pulled at deploy time. Without a strategy, your self-hosted stack slowly drifts into a graveyard of outdated software. ...

Self-Hosting Diun: Docker Image Update Notifications You’re running twenty Docker containers. One of them just got a critical security patch upstream. How long until you notice? If you’re using Watchtower, the answer is “automatically — it’ll update itself.” But automatic updates aren’t always what you want. Maybe you run a database that needs careful migration steps. Maybe you’ve been burned by a breaking change at 3 AM. Maybe you just want to know before you act. ...

Docker Volume Management: Backups, Migration, and Best Practices You’ve got a dozen containers running — Nextcloud, Jellyfin, Paperless-ngx, databases. Each one stores data in Docker volumes. But can you actually back them up? Migrate them to a new server? Clean up the dead weight? If you already understand the difference between volumes and bind mounts, this guide picks up where that leaves off. We’re covering the operational side: how to protect, move, and maintain your Docker volumes in production. ...

Self-Hosting Dockge: Lightweight Docker Compose Manager If you’ve been managing Docker Compose stacks by SSH-ing into servers and editing YAML files in nano, Dockge is about to change your life. Created by the same developer behind Uptime Kuma, Dockge is a reactive, web-based Docker Compose manager that keeps things simple — no abstraction layers, no proprietary formats, just your compose.yaml files with a clean UI on top. Unlike Portainer (which wraps everything in its own API) or Coolify (which is a full PaaS), Dockge stays close to the metal. Your compose files live on disk exactly where you’d expect them, and you can still use docker compose commands directly. Dockge just gives you a nicer way to do it. ...

Docker Compose Profiles: Managing Dev, Staging, and Production You’ve got a self-hosted stack running in production. Now you want a staging copy to test updates before they hit your live services. Maybe a dev environment too, with debug tools and hot-reloading. The old way? Three separate docker-compose.yml files with 80% overlap, constantly drifting out of sync. Docker Compose profiles solve this. One compose file, multiple environments. Services tagged with profiles only start when you explicitly activate that profile. Everything else runs by default. ...

Docker Networking Explained: Bridge, Host, and Macvlan Networking is the part of Docker that trips up most self-hosters. Your containers need to talk to each other, to the host, and to the outside world — and Docker gives you several ways to wire that up. The three modes you’ll actually use: bridge (the default), host (skip Docker’s network layer entirely), and macvlan (give containers their own IP on your LAN). Each has tradeoffs, and picking the wrong one leads to hours of debugging. ...

Complete Guide to Docker Healthchecks and Restart Policies Your Jellyfin container is running. Docker says it’s healthy. But the web UI returns a blank page and nobody can stream anything. Docker’s default “running” status only tells you the process hasn’t crashed — it says nothing about whether the service actually works. Docker healthchecks fix this. They let you define what “healthy” actually means for each container, and combined with restart policies, they create a self-healing setup where broken services recover automatically without you waking up at 3 AM. ...

Complete Guide to Docker Volumes and Bind Mounts Every self-hosted container you run — Jellyfin, Paperless-ngx, Nextcloud, your databases — needs to store data somewhere. Kill the container without persistent storage and everything’s gone. Docker gives you two main options: volumes and bind mounts. Understanding when to use each is one of the most important skills for any self-hoster. The Problem: Containers Are Ephemeral By default, any data written inside a container lives in its writable layer. When the container is removed, that data vanishes. This is by design — containers are meant to be disposable. ...

Docker makes self-hosting easy. It also makes it easy to accidentally give an attacker root access to your entire server. Most self-hosting guides skip security entirely — here’s what they don’t tell you. 1. Never Run Containers as Root (When Possible) By default, processes inside Docker containers run as root. If an attacker escapes the container, they’re root on the host. Fix: Use the user directive: services: myapp: image: myapp:latest user: "1000:1000" Or in the Dockerfile: ...

compose-backup: One-Command Backup for Docker Compose Stacks If you’re running multiple Docker Compose services — Nextcloud, Traefik, Gitea, Home Assistant, whatever — you probably have a patchwork of backup scripts. Or worse, no backups at all. compose-backup fixes that. One command, and every Compose project on your server gets backed up: configs, .env files, override files, and Docker volumes — all compressed into a clean .tar.gz archive you can actually restore from. ...