Containers

Automating Docker Updates: Watchtower vs Diun vs Manual Strategies Your homelab is running smoothly. Twenty containers, all humming along. Then a CVE drops for one of your images, and you realize you haven’t updated anything in three months. Docker containers don’t update themselves. Unlike desktop apps with auto-update prompts or Linux packages with apt upgrade, containers stay pinned to whatever image you pulled at deploy time. Without a strategy, your self-hosted stack slowly drifts into a graveyard of outdated software. ...

Self-Hosting Diun: Docker Image Update Notifications You’re running twenty Docker containers. One of them just got a critical security patch upstream. How long until you notice? If you’re using Watchtower, the answer is “automatically — it’ll update itself.” But automatic updates aren’t always what you want. Maybe you run a database that needs careful migration steps. Maybe you’ve been burned by a breaking change at 3 AM. Maybe you just want to know before you act. ...

Docker Volume Management: Backups, Migration, and Best Practices You’ve got a dozen containers running — Nextcloud, Jellyfin, Paperless-ngx, databases. Each one stores data in Docker volumes. But can you actually back them up? Migrate them to a new server? Clean up the dead weight? If you already understand the difference between volumes and bind mounts, this guide picks up where that leaves off. We’re covering the operational side: how to protect, move, and maintain your Docker volumes in production. ...

Docker Networking Explained: Bridge, Host, and Macvlan Networking is the part of Docker that trips up most self-hosters. Your containers need to talk to each other, to the host, and to the outside world — and Docker gives you several ways to wire that up. The three modes you’ll actually use: bridge (the default), host (skip Docker’s network layer entirely), and macvlan (give containers their own IP on your LAN). Each has tradeoffs, and picking the wrong one leads to hours of debugging. ...

Complete Guide to Docker Healthchecks and Restart Policies Your Jellyfin container is running. Docker says it’s healthy. But the web UI returns a blank page and nobody can stream anything. Docker’s default “running” status only tells you the process hasn’t crashed — it says nothing about whether the service actually works. Docker healthchecks fix this. They let you define what “healthy” actually means for each container, and combined with restart policies, they create a self-healing setup where broken services recover automatically without you waking up at 3 AM. ...

Complete Guide to Docker Volumes and Bind Mounts Every self-hosted container you run — Jellyfin, Paperless-ngx, Nextcloud, your databases — needs to store data somewhere. Kill the container without persistent storage and everything’s gone. Docker gives you two main options: volumes and bind mounts. Understanding when to use each is one of the most important skills for any self-hoster. The Problem: Containers Are Ephemeral By default, any data written inside a container lives in its writable layer. When the container is removed, that data vanishes. This is by design — containers are meant to be disposable. ...

Docker makes self-hosting easy. It also makes it easy to accidentally give an attacker root access to your entire server. Most self-hosting guides skip security entirely — here’s what they don’t tell you. 1. Never Run Containers as Root (When Possible) By default, processes inside Docker containers run as root. If an attacker escapes the container, they’re root on the host. Fix: Use the user directive: services: myapp: image: myapp:latest user: "1000:1000" Or in the Dockerfile: ...

Managing Docker from the command line works fine — until you’re juggling 20+ containers across multiple stacks. That’s where Portainer comes in. It gives you a clean web UI to manage everything: containers, images, volumes, networks, and even Docker Compose stacks. Portainer CE (Community Edition) is free, open source, and takes about 2 minutes to set up. Here’s how to get it running on your server. What Is Portainer? Portainer is a lightweight management UI for Docker (and Kubernetes). Instead of remembering docker ps, docker logs, docker exec commands, you get a dashboard that shows everything at a glance. ...