Conversation

Notices

1. Embed this notice
   Paul Cantrell (inthehands@hachyderm.io)'s status on Wednesday, 18-Feb-2026 05:29:08 JST Paul Cantrell

   So I finally (what, a decade behind popular trends??) am having reason to experiment with actual use of Docker in production, and…I’m surprised at how disappointing it is.

   The configuration is clumsy, a dangerous mix of boilerplate and footgun customization points. The dockerfile / compose division of labor is nonsensical; it apparently grew by accretion instead of design. There are lots of loose ends left for hosting services to tie up, and the product thus fails in what would seem to be a primary goal of avoiding hosting vendor lock-in.

   Am I simply Not Getting It Yet™, or is the state of the art actually like this?

   • Embed this notice
     Paul Cantrell (inthehands@hachyderm.io)'s status on Wednesday, 18-Feb-2026 05:35:23 JST Paul Cantrell

     in reply to

     I’ve felt for a decade like I’m a fool for deploying on either a self-managed Linux VMs or (for small projects) free tier Heroku, and now I feel like I was accidentally doing it the smart way the whole time and didn’t know it.

   • Embed this notice
     Paul Cantrell (inthehands@hachyderm.io)'s status on Wednesday, 18-Feb-2026 05:49:33 JST Paul Cantrell

     in reply to

     This is in stark contrast to my brief experiences with Ansible, which gave me the feeling of “oh, this is a lot to learn, but I see where they’re going and it makes sense.”

     My last Ansible investigation stalled out trying to set up a clean process for issuing Let’s Encrypt certs, and I maybe need to pick those investigations back up again.

   • Embed this notice
     Donald Ball (donaldball@triangletoot.party)'s status on Wednesday, 18-Feb-2026 05:50:03 JST Donald Ball

     in reply to

     @inthehands Me, hearing about docker: Cool, yeah, a structured declaration of runtime dependencies does seem like a useful development.

     Me, looking into docker: ...

   • Embed this notice
     Paul Cantrell (inthehands@hachyderm.io)'s status on Wednesday, 18-Feb-2026 06:16:21 JST Paul Cantrell

     in reply to

     • Ludwig Vielfrass

     @lerxst
     Yeah, I poked at that briefly but had to move on to other things.

     The place I got hung up was the chicken and eggs problem of getting the initial cert: unless you’re willing to do ugly things with DNS, you have to already have a server running to do the ACME challenge — but then how do you get the server running without already have a cert?

   • Embed this notice
     Ludwig Vielfrass (lerxst@az.social)'s status on Wednesday, 18-Feb-2026 06:16:22 JST Ludwig Vielfrass

     in reply to

     @inthehands Ansible and Docker solve different problems, but I still feel ya. Ansible is more sensible.

     There's a module now for it, might not have existed since the last time you played with it: https://docs.ansible.com/projects/ansible/latest/collections/community/crypto/acme_certificate_module.html

   • Embed this notice
     Jenniferplusplus (jenniferplusplus@hachyderm.io)'s status on Wednesday, 18-Feb-2026 06:22:19 JST Jenniferplusplus

     in reply to

     @inthehands No, you're getting it. The correct way to use docker in production is: don't.

     Docker is a reasonably useful dev tool. Docker compose, even more so. But it's wildly unsuited to production usage. If you want just a few containers on a relatively small and fixed number of hosts, podman or just containerd are better. If you want a lot of containers on a changing number of hosts, that's why people use k8s.

   • Embed this notice
     Lukas Grossar (tongpu@hachyderm.io)'s status on Wednesday, 18-Feb-2026 06:57:38 JST Lukas Grossar

     in reply to

     @inthehands I still believe that PaaS is most often the right abstraction for applications. I've been waiting since forever for a good open source PaaS to emerge on top of Kubernetes, but 10 years later there's still nothing.

   • Embed this notice
     Luke Kanies (lkanies@hachyderm.io)'s status on Wednesday, 18-Feb-2026 07:01:14 JST Luke Kanies

     in reply to

     @inthehands nope, that’s the actual state of the art. Compose is clearly bolted on, and it was never redesigned as a system.

     Compose itself is a pretty shitty tool, too. And it has changed enough over the years that lots of guides are wrong.

   • Embed this notice
     ben (benjamineskola@hachyderm.io)'s status on Wednesday, 18-Feb-2026 16:21:47 JST ben

     in reply to

     @inthehands no, that’s pretty much it.

     IIRC compose was a separately-built tool that got bought by Docker and though the command is now integrated the configuration remained completely separate. So e.g., there’s a ‘port’ option in the Dockerfile that does nothing, it’s just indicative or something? You have to do it in compose, and there’s no requirement for the Dockerfile to have been set up to expect it even.

   • Embed this notice
     ben (benjamineskola@hachyderm.io)'s status on Wednesday, 18-Feb-2026 16:38:06 JST ben

     in reply to

     @inthehands for a while I went about trying to do things the docker way and used one of the docker-oriented hosting services and eventually decided it just doesn’t make sense. It feels like it’s trying to solve problems most people don’t have. At least at the personal-project level; but I also suspect for professional use too.

     It’s like microservices or something: not necessarily *never* useful, but people convince themselves it’s useful when it’s not, just because big tech likes it; and/or if it is useful in a particular case it may just be a sign of a deeper problem.