Documentation
Comprehensive guides on Docker Compose best practices, security hardening, networking concepts, and operational knowledge for self-hosting.
Fundamentals
Core concepts and best practices for Docker Compose
Learn the best practices for organizing and structuring your Docker Compose files for maintainable self-hosted applications.
Understand the difference between bind mounts and named volumes, and when to use each for persistent data.
Master the art of managing environment variables in Docker Compose for security and flexibility.
Avoid the most frequent pitfalls that cause frustration, security issues, and downtime in Docker Compose deployments.
Optimize your Docker Compose deployments for better performance, lower resource usage, and faster startup times.
Master service startup order with healthchecks and depends_on to ensure reliable container orchestration.
Use profiles to selectively start services for development, testing, debugging, or production scenarios.
Prevent runaway containers from crashing your server with proper resource constraints.
Use override files to manage different configurations for development, staging, and production.
Configure logging properly to prevent disk exhaustion and enable effective debugging.
Networking
Networks, proxies, and exposing services
Compare the three most popular reverse proxies for Docker and find the best fit for your self-hosted setup.
Understand how Docker networking works and how to configure networks for your self-hosted services.
Demystify reverse proxies and understand how they route traffic to your Docker containers.
Learn secure methods for making your self-hosted services accessible from anywhere without compromising security.
Set up automatic SSL/TLS certificates for your Docker services using Let's Encrypt.
Expose your self-hosted services securely without port forwarding using Cloudflare Tunnels (cloudflared).
Route container traffic through VPN providers using Gluetun for privacy, geo-unblocking, and secure connections.
Set up network-wide ad blocking and custom local DNS records using Pi-hole or AdGuard Home in Docker.
Use multiple Docker networks to isolate services, protect databases, and implement defense in depth.
Enable IPv6 support in Docker for dual-stack networking, with configuration examples and common pitfalls.
Security
Securing your self-hosted Docker services
Understand when to use Docker Compose and when Kubernetes makes sense for your self-hosting needs.
A comprehensive guide to hardening your Docker containers and protecting your self-hosted infrastructure.
Securely manage passwords, API keys, and sensitive data in Docker Compose deployments.
Run Docker without root privileges for improved security using rootless mode and user namespace remapping.
Prevent container filesystem modifications using read_only mode with strategic tmpfs mounts for runtime data.
Find vulnerabilities in your container images using Trivy, Docker Scout, and integrate scanning into your workflow.
Understand how Docker bypasses UFW and iptables, and learn to configure firewalls correctly for container security.
Securely manage sensitive data in Docker Compose using the _FILE suffix pattern and compose secrets.
Operations
Backups, migrations, and maintenance
Learn reliable strategies for backing up your Docker volumes without data corruption or downtime.
Step-by-step guide to moving your Docker Compose services to a new server with minimal downtime.
Set up Watchtower for automatic Docker image updates with notifications, scheduling, and best practices for when to use it.
Keep your Docker host healthy with regular cleanup, disk management, and automated maintenance routines.
Set up comprehensive container monitoring using cAdvisor, Prometheus, and Grafana for metrics and dashboards.
Plan and implement backup strategies for your Docker Compose deployments, including volumes, configs, and databases.
Deploy Docker Compose stacks automatically with GitHub Actions, webhooks, and rollback strategies.