Topic
Docker & Containers
If you spend any time in this corner of the internet, sooner or later everything ends up in a container. These posts cover the practical side: Compose files that actually run, networking that doesn't break, volumes that survive an upgrade, and the trade-offs nobody tells you about until you're at 2 AM trying to figure out why your mounts went read-only. Docker, Podman, image hardening, registries, and a healthy amount of "don't reach for Kubernetes yet."
121 articles in this topic.
Featured posts
-
Garden vs Tilt vs Skaffold
Three inner-loop dev tools for Kubernetes — Garden, Tilt, and Skaffold. Which one actually makes K8s development bearable? Honest comparison, no fluff.
9 min read -
Lima vs Multipass
VM-backed Linux dev environments on macOS/Linux — Lima vs Multipass compared on speed, container support, and resource use.
10 min read -
Compose Watch: Faster Dev Loops
Docker Compose Watch syncs your code into running containers without rebuilds. Here's how to set it up and why your dev loop is about to get a lot less painful.
11 min read -
tini vs dumb-init vs --init
PID 1 zombie reaping in containers — tini, dumb-init, and docker --init compared; when each one fixes your signal handling and stops your 10s shutdown tax.
11 min read -
Container Escape: How to Stop It
Containers are not VMs. Here are the real escape vectors — privileged mode, mounted sockets, kernel CVEs — and the runtime hardening that actually helps.
10 min read -
ko vs Jib vs Buildpacks
Build container images without writing a single Dockerfile — ko for Go, Jib for Java, Paketo Buildpacks for everything else. Real benchmarks, real tradeoffs.
10 min read
All Docker & Containers articles
- Garden vs Tilt vs Skaffold
- Lima vs Multipass
- Compose Watch: Faster Dev Loops
- tini vs dumb-init vs --init
- Container Escape: How to Stop It
- ko vs Jib vs Buildpacks
- Cosign Keyless: Sign Without Keys
- Docker Bake vs Compose Build
- WASM Containers in 2026
- cri-o vs containerd
- Nerdctl vs Docker CLI
- Sysbox vs gVisor vs Kata
- Trivy vs Grype vs Docker Scout
- Authentik vs Authelia: SSO for Your Self-Hosted Stack
- Blog Comments: Self-Host or SaaS?
- Hoist: Label-Driven Docker Updates
- Immich Hardware Acceleration: Stop Cooking Your CPU
- Distroless Images: When Minimal Goes Too Far
- OpenCanary: Honeypots for Your Home Lab
- Colima vs OrbStack vs Docker Desktop on Mac
- SBOMs and Supply Chain Security
- Container Security: Scan and Sign Your Images Like You Mean It
- Falco: Catch Container Attacks at Runtime
- Loki vs ELK: Centralized Logging Without the RAM Tax
- Cloudflare Tunnels: The Zero-Port-Forward Guide to Exposing Your Services
- Immich vs PhotoPrism: Escape Google Photos Without Losing Your Mind
- Trivy + Cosign: Scan and Sign Your Images
- Prometheus + Grafana: Monitoring That Doesn't Lie to You
- Docker BuildKit: Stop Building Images the Slow Way
- Wazuh: Open Source SIEM for Your Home Lab
- Podman Quadlets: Systemd-Native Containers
- Rootless Docker: Run Without Root
- Docker Networking Demystified
- Lazydocker & Dive: Fix Your Docker CLI
- EmDash: WordPress Done Right, Finally
- De-Googling: Self-Hosted Replacements for Google Apps
- ctop and lazydocker: Docker Monitoring Tools
- Private Docker Registry with Harbor
- Docker Manager Showdown: Pick One
- HAProxy: Load Balancing Done Right
- Stop Living Dangerously on :latest Docker
- MySQL & MariaDB CLI in 2026: What Changed
- Alpine vs. Distroless: Choosing Your Minimalist Base
- Distroless: How to Build Slim, Secure Containers
- Multi-Stage Docker Builds: Stop Shipping Your node_modules to Production
- Traefik: Docker Routing with Labels
- Docker BuildKit: Stop Waiting for Your Images to Build
- Piper vs Coqui: Text-to-Speech on Your Own Hardware (Because AWS Polly Charges Per Character Like It's 1999 SMS)
- Nginx Proxy Manager for Normal Humans
- Healthcheck vs Restart Policy: The Difference Matters
- Nginx: The Config That Makes Sense
- Watchtower vs Diun: Automating Docker Updates Without Burning Your Stack
- Uptime Kuma: Status Pages, Alerts, and Knowing Before Your Users Do
- Watchtower: Safe Container Auto-Updates
- Docker Health Checks: Because "It's Running" Doesn't Mean "It's Working"
- Prometheus + Grafana on Docker: Know When Your Server Is Crying Before It Dies
- Docker Logging: From "Where Did My Logs Go?" to Centralized Bliss
- Lazy Docker & Dive: CLI Tools That Make Docker Less Painful
- Docker Compose Environment Variable Precedence
- Podman Quadlets: Running Containers Without the Docker Daemon (or Your Sanity)
- Why Self-Hosted Apps Lose Data After Updates
- Vaultwarden Organization Sharing: Password Management for Your Whole Household (or Team)
- Ollama Beyond the Basics: Model Management, Custom Models, and Optimization
- Docker Security Hardening: 15 Things You're Doing Wrong Right Now
- Paperless-ngx: Scan It, Forget It, Find It Instantly
- Ulimit, Cgroups, and the Art of Stopping Processes From Eating Your Server
- Portainer vs Dockge: Managing Containers Without the Terminal
- Docker Volumes vs Bind Mounts: Where Your Data Actually Lives
- Plex Optimization: Remote Access, Transcoding, and Taming the Beast
- Traefik vs Nginx Proxy Manager: Reverse Proxies for Humans
- Wiki.js with GitSync: Documentation That Lives in Version Control Like It Should
- Docker Compose vs Docker Swarm: When "Good Enough" Beats "Enterprise"
- Vaultwarden vs Bitwarden: Own Your Passwords Before Someone Else Does
- Docker Resource Limits: Stop Letting Containers Eat Your RAM
- Docker CMD vs ENTRYPOINT: The Final Answer
- Docker Compose Profiles: Run Only What You Need
- Cleaning Up Docker Disk Space the Right Way
- Stop Putting Passwords in Docker ENV
- Why the `latest` Docker Tag Is Lying to You
- Multi-Platform Docker Builds with buildx
- Docker Network Aliases: The Feature Nobody Uses
- Docker Healthcheck Patterns That Actually Work
- Running Docker Containers as Non-Root (And Why You Should)
- Docker Container Labels: The Metadata You're Ignoring
- Why Docker Builds Are Slow: Layer Cache Explained
- Docker Exit Codes: Why Your Container Keeps Restarting
- The .dockerignore File You're Not Writing
- Why Your Docker Logs Are Eating Your Disk
- Why Your Docker Container Ignores Ctrl+C
- Understanding and Optimizing Docker’s daemon.json File
- Docker Networking Essential Guide for All Skill Levels
- Docker Volume Mounts: Essential Flags
- How to Transfer docker Images Without a Repository
- Understanding CMD and ENTRYPOINT in Dockerfiles
- Copying Files Between Docker Containers and Host Machines
- Dockerfile: Differences Between COPY and ADD
- Docker Strategies for Load Balancing and Failover
- Docker Networking: Connecting to the Host from a Container
- Understanding Docker vs. Full Virtual Machines (VMs)
- Multiple Actions with a Single docker exec Call
- Executing Commands with Asterisks in Docker
- WordPress, Docker, NGINX, and MySQL via Ansible
- Uptime Monitoring with Uptime Kuma
- Automating Docker via Ansible
- Observability and Monitoring for Containers
- Docker vs Podman: Key Differences
- A Guide to LXC/LXD
- Docker Compose: Orchestrating Multi-Container Applications
- Wiki.js for your documentation in docker
- NocoDB DB Management System
- Appwrite Backend-as-a-service (BaaS)
- Wireguard VPN Server in Docker
- Install & use Doxygen via Docker
- Automatic backup of docker Mysql or MariaDB container
- WordPress on PHP-FPM & Caddy in Docker
- Docker Compose useful commands
- How to install NextCloud via Docker
- Install a php script in PHP-FPM & Caddy via Docker
- Install Caddy reverse proxy via Docker
- Access Docker socket via TCP
- Install docker on Ubuntu/Debian