Amongst the things that made me decide to run everything inside docker containers instead of a more hybrid setup (base os + services + containers) was the potential headache from the admin point of view. Also there is the fact that I wanted to do test deployments of home made monstrosities that could appear stable if I had two of them running and answering to requests so at least one would be up at any point in time (yup, they were ungodly things and quite prompt to crashes too).
For nethserver it seems that integrating with the new kids on the block (docker in this case) is going to require some planning and deep thought by the people who know the system best. One of the things that appeal to me is how easy NS is to setup. Working right out of the box, nice UI, etc⊠I can see how being too hasty while integrating new things (yay, letâs do docker, docker is cool! gimme the nail gun, some tape and hot glue! wait what about micro services running the internet of things? MOAR NAILS) could result in a net loss in maintanability.
Potential solution
I wonder how feasible a âwalled courtyardâ would be. One could have a reverse proxy running on nethserver that would be aware of all the web apps it should proxy, one docker network with a standard name that the users could connect to to make their containers reachable from the RP.
That way there are minimal requirements (if you want to be reachable for http trafic, hook to this net) and most of the work is on the userâs end if they want to implement something fancy (you can create a complicated interwoven set of docker networks but that wonât change anything from NSâs point of view).
Dockergen container could be of tremendous help, since it already provides the âlisten to docker socket and update nginxâ functionality, I reckon there wouldnât be anything to modify to get it to work with a RP running on the base OS (one would just mount the folder rather than use a volumes-from instruction). Same thing with letsencrypt.
And yetâŠ
With all my words of caution Iâm already asking for the nail gun and tapeâŠ
Maybe something worth considering is whether having docker on NS is desirable at all.
One of the big selling points of docker is the ability to run anything (almost) anywhere easily without having to bother with such trivialities as a dependency graph.
Is NS meant to do that? To offer a platform where you can just pop any software and have it work(ish)? Or is it about providing some much desired functionality (samba, collaboration software and so on) out of the box to users without any strings attached? Because if the main goal is to provide a tightly packed feature rich yet stable experience, then the costs in maintenance, usability and stability of adding docker on top might not be worth it.
Or maybe make it optional with a big red label saying âuse at your own risk, by opening you lose your warranty, any hope for a better tomorrow and perhaps your immortal soul to the Great Devourer behind the Veilâ
