@p @tyler @Lance @gabriel @matty @parker @graf @Aldis @Big_Diggity A lot of admins here don't care for containers (understandable, they're complex, and complexity often invites security issues), but there's a reason they're getting so popular. Podman allows running containers in userspace and has an emphasis on security, unlike Docker. It can be set to run containers on startup, and all the Linux system capabilities (SYSCAP) can be tweaked or taken away from a given container as needed. The book Podman in Action is a good intro to how it works.

So if you want a reasonably "secure system" with some measure of defense in depth, you might consider a tiny OS whose only purpose is to run containers and have a proxy like Nginx as the frontend to forward requests by hostname to their respective container ports. The downside is the hassle to configure it all...Better take good notes when setting things up.