[input_sh]

Docker and docker-compose make maintaining stuff dead simple to me. In like 95% of the cases it's just a matter of changing the version in a YAML file and running one command, and in the remaining 5% of the time I'm not concerned at all with some downtime because I'm (mostly) the only user.

[BrandoElFollito]

This. I used to host directly on my server and discovered docker a few years ago.

It was a relief. Coupled with watchtower the updates are automatic except for the two services I really rely upon.

I used to be on Ubuntu for ages and moved to Arch a few days ago - my server only runs docker today.

I still want to keep access to a shell do it is Arch and not Rancher or something (I did not research much the bare metal hypervisors).

My maintenance is minutes every month if everything works fine, up to a max of an hour when Home Assistant broke things once two years ago.

DRP from bare metal is an hour.

Adding a service is a few minutes.

[goodpoint]

Containers are not good for security updates.

docker also adds a big attack surface.

[toshk]

What do you use for serving docker-compose?

[g_p]

Docker-compose doesn't need "served" per-se - it lets you run some containers, and handles some lightweight orchestration around them, so that you have groups of containers for a service (i.e. a Wordpress service compromises a mariadb container and a Wordpress container). The compose file handles port bindings/mappings.

If you then want to put a reverse proxy in front of the docker containers (you almost invariably will), then you can look at different options like caddy, Traefik, nginx etc. I, for one, like to be old-fashioned and have my docker containers' ports bound to localhost, then manually maintain my own "outside of docker" instance of nginx as a reverse proxy that uses these as upstreams. That's not the most "container-first" way of working, but it worked for me. Caddy can do similar. Traefik is more integrated with docker and the docker ecosystem, but that might do what you need better.