this post was submitted on 25 Apr 2026
12 points (100.0% liked)

Selfhosted

56957 readers
1174 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
12
Docker Desktop on Linux? (piefed.zip)
submitted 2 hours ago by Hezaethos@piefed.zip to c/selfhosted@lemmy.world
15 comments fedilink hide all child comments
 

After trying out Cosmos Cloud (and it not working for the clients), I'm back at square one again. I was going to install Docker Desktop, but I see it warns that it runs on a VM. Will this be a problem when trying to remote connect to certain services, like Mealie or Jellyfin?

top 15 comments
sorted by: hot top controversial new old
[–] Decronym@lemmy.decronym.xyz 3 points 58 minutes ago* (last edited 48 minutes ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
DNS Domain Name Service/System
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
IP Internet Protocol
SSL Secure Sockets Layer, for transparent encryption
TLS Transport Layer Security, supersedes SSL
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

[Thread #254 for this comm, first seen 25th Apr 2026, 11:10] [FAQ] [Full list] [Contact] [Source code]

[–] foggy@lemmy.world 6 points 1 hour ago (1 children)

Docker containers are isolated by default... nothing on the outside can reach them unless you say so. You open the door with a port mapping

In your compose file:

ports:

  • '8096:8096'

Read this as HOST:CONTAINER. It says: "when something hits my server on port 8096, forward it to port 8096 inside the Jellyfin container."

So once it's running, you go to http://your-server-ip:8096/ in a browser and you're talking to Jellyfin. The container is still isolated you've just opened one specific door to access it.

[–] Hezaethos@piefed.zip 2 points 1 hour ago* (last edited 1 hour ago) (2 children)

Wouldn't this be insecure? Is that what the reverse proxy thing is for - to keep it safe?

Also, is it possible to make it so the name is simpler? I bought a domain name just in case.

Is there a place I can learn about ports and networking more? Something like Khan Academy but for networking?

[–] foggy@lemmy.world 9 points 1 hour ago* (last edited 1 hour ago)

To your first questions, well need to untangle a few thoughts wrapped into that.

Right now, http://your-server-ip:8096/ is plain HTTP. On your home network that's usually fine. Over the internet, you'd want HTTPS so passwords and stream data aren't sent in the clear.

Just opening a port on Docker only exposes it to your local network. It's not on the public internet unless you also forward the port on your router. So by default, only devices on your network can reach it.

From there is it secure? That's on Jellyfin. Using strong passwords and trusting Jellyfin is secure is as good as you can do here.

The reverse proxy is where you handle the https, and where you go from domain.com:8096 to jelly.domain.com

If using caddy for example, that looks like this somewhere in your caddyfile

jellyfin.yourdomain.com {

reverse_proxy localhost:8096

}

Your reverse proxy sits in front of your containers and routes traffic by hostname. You tell it: "when someone visits jellyfin.yourdomain.com, send them to the Jellyfin container on port 8096."

The other pieces you'll need:

DNS pointing jellyfin.yourdomain.com at your server's IP (public IP if accessing from outside, local IP if just at home) A TLS certificate so HTTPS works, Let's Encrypt is free, and Caddy gets them automatically with zero config (Nginx and Traefik can too, just more setup).

Also rputer port forwarding on 80 and 443 to make it accessible outside the house.

The last part there is the actual risky part. When you put a service on the open internet, bots from everywhere will find it instantly and begin running scripts to try to find a way in. With only this setup, again, the insecurity is Jellyfin. When an exploit drops, you need to be updated ASAP to stay on top of your security.

There are tons of ways to make this more secure. The easiest way would be tailscale/(wireguard). You basically install tailscale on every device that will connect to your server instead of opening your routers port. It keeps your device off the open internet but allows devices all on its tailscale VPN connect to it with the domain you setup.

You can achieve something similar using cloudflare tunnels. Your server runs a daemon that reaches out to cloudflare and it's served to the internet that way, friends access via normal URL, no extra download required.

Lastly the best but cost prohibitive option is to do it through a VPS. A virtual private server does what cloudflare does, basically, but you control it. If the money is not prohibitive, I strongly recommend this. When cloudflare goes down again (and it will go down again), you won't be beholden to their infrastructure being online to access your server.

Happy to clarify anything here. I wrote this response in 3 parts and rereading it it feels a little disjointed lol

[–] JustJack23@slrpnk.net 1 points 1 hour ago

https://training.linuxfoundation.org/networking/

It seems they don't have anything on networking exactly, but maybe some of their stuff on container orchestration can be helpful https://training.linuxfoundation.org/full-catalog/?_sft_product_type=training&_sft_topic_area=cloud-containers

About the domains and reverse proxies, if you are testing or on local network reverse proxy or domain are not needed. If you want to access it outside of your network they make more sense.

But also for my services I use https://tailscale.com/ and that way I avoid dealing with domain and reverse proxies by instead just connecting to my local network remotely.

[–] reluctant_squidd@lemmy.ca 12 points 2 hours ago (1 children)

Podman is the way.

[–] anonfopyapper@lemmy.world 1 points 1 hour ago (1 children)

No its not.

While podman fully OCI image compliant, the network stack of it is different. And podman runsias user, not as root.

Not to mention that podman is a CLI, but OP asked for GUI

[–] JustJack23@slrpnk.net 7 points 1 hour ago (1 children)
[–] Hezaethos@piefed.zip 4 points 1 hour ago

Ok, this is interesting 🙂 they also have a learning center thing it says, so maybe I can take the classes/lessons/tutorials they mention.

I just really hope I then figure out the remote connection stuff. That's the one I'm most paranoid about and wanting to figure out

[–] vk6flab@lemmy.radio 2 points 1 hour ago (2 children)

Why run Docker Desktop when it's installable as a cli service?

What are you actually trying to achieve?

[–] Hezaethos@piefed.zip 2 points 1 hour ago (1 children)

ease of use.

I'm a noob at networking.

[–] osanna@lemmy.vg 2 points 1 hour ago (1 children)

there's only one way to get better at it. by doing it.

[–] twinnie@feddit.uk 1 points 50 minutes ago

Or if it’s not something that’s valuable to you just do it the easy way.

[–] djdarren@piefed.social 1 points 1 hour ago

As a Mac user who's migrated over to Linux over the past year or so, I've got an idea of where OP is coming from.

Docker on macOS is accessed via a Desktop GUI, so you can easily see what you have installed, how it's running, etc... So when I shifted over to Linux, I was thrown off by there being no such tool. I wasn't used to using a terminal to do everything, and grumbled quite a lot about there being no Docker Desktop GUI, given how many self-hostable services run through Docker.

I've since gotten used to it, but it really is quite jarring.

[–] slazer2au@lemmy.world 2 points 1 hour ago

You can run a Portainer container to manage your containers