Docker vs Traditional Config


#1

I’ve been running Nextcloud/Owncloud on a Raspberry Pi since 2014. I just upgraded to a basic home server with the intent of experimenting with other unrelated stuff. Just need Nextcloud to be running at the same time.

I understand the benefit of using Docker at scale, or for multiple instances, but as a basic user planning to implement Collabora, what are the benefits of familiarizing myself with Docker and configuring that way, versus setting-up the manual config that I know and that I’m familiar with?

Again, I’m a pretty basic user. Just a dude with a hobby on the side.

If I go with Docker, I get the feeling that it is more restrictive? Is that true? Any suggestions for which build to use, and how to connect with Collabora?

Thanks!


#2

I, too, am wondering the same thing.


#3

you may compare my two ansible playbooks.

both do nearly the same. install nextcloud.
(the docker version right now is still without the online offices suites. and in the ohter one i have to delete the empty folders.)

if you run them both you will mention that the docker one has less steps. while the non-docker version is doing a lot config stuff on the os level.
this config stuff is already done inside the docker image during build. (more or less a docker file is an installation skript.) to docker.io a complete installed images is pushed.

if you run the docker playbook with an -e state=absent nextcloud is removed. nearly complete so you would get a “clean” machine again. (i would have to add same steps to remove everything.) to revered the installation without docker is a lot more work.
but state=absent won’t remove your data. you run the playbook again and you can login to your nextcloud like nothing happened. if some updated one of the images in the mean time you will get the latest version. if you don’t like the update. you remove the container, pull an older image and you back online with your favorite version.

if your machine has enough power and you want to add other apps like rocket.chat, mattermost, etc., with the docker version you create a new task file in roles/docker_container/tasks and a new app is starting. (more or less. maybe a bit fine tuning.)

if you want anything changed in the image you download the docker file, add stuff to the installation script and you have your own image. but you should never login to the container and change anything within the container.


#4

This is great. Thanks. So it sounds like you recommend Docker? I have a Debian server that’ll have a few other things in Docker but it’s primary purpose is to host NextCloud. Wondering if its worth the hassle to put NextCloud in docker or straight on the machine. One thing I have to look at is how easy it is to secure NextCloud when inside docker.

https://docs.nextcloud.com/server/14/admin_manual/configuration_server/harden_server.html


#5

I vote for a traditional installation. A dockerized setup is much to complicated for your use case. You just add more sources for errors. Of course if you like to play around use docker. :slight_smile:


#6

agreed.

the hassle is for you to learn docker. but docker can or better should simplify things.

most of the stuff on this page is adjusting config files. in the docker world this is done by providing these “secure” config files “from outiside into the container”. (line 24)
In my example I use traefik as a reverse proxy in front of all. to set security headers of traefik one has to define labels. (line 34-42)



#7

Docker is great if you have to maintain multiple instances with same or quite similar setup.
Once you start playing around and maybe add Collabora or other toys, you’ll find yourself not being able to use the Docker advantages (unless you want to roll out this new toy config to your 20-2000 other instances you maintain…


#8

Dear Reiner,
thank you very much for your great work with Ansible and Docker in your GitHub repo!!! :+1: :+1: :+1:

May i ask why you use Traefik in front?
I know its one of the latest and hottest webservers, but you already have an Nginx container running and afiak Nginx can do the same?
What is the advantage of running both Traefik and Nginx?
Could you omit one of them and make your setup easier?


#9

nope. traefik is only a reverse-proxy.

because it’s there. :wink:
the idea was that it handles letsencrypt certifactes out-of-the-box.
and you can easily add other pages like adminer or portainer (not yet release in my public playbook.)

nginx is needed to handle fpm-php. i think.

not sure if it will be easier because then i have to add a letsencrypt companion container.


#10

Dear Reiner,
thanks for the clarification. :+1:
I am not much into Traefik yet.
You’re right, Traefik seems to be only a Reverse Proxy so far and cannot handle fpm-php yet.
There is a feature request for this - but no progress on this topic.
And you’re right, LetsEncrypt seems to be better integrated in Traefik.