nginx docker vs Linux vm with nginx running?


Recommended Posts

I ran a simple nginx on my old arch server.   Now with unraid.  Deciding, do I run another small vm with nginx running and host that way.    Or do I run the nginx docker?   Now, I know with the current unraid, nginx is built it.  Is the docker something different?   How does letsencrypt play with that?   

 

For security sakes.  Us a vm and host that way?   Or is the docker image secure?  Sandboxed from server so to speak?

Link to comment

Docker containers are "like" VM in the sense they allow some level of security by separation from the host.

Docker containers are "different" from VM as they are more of application/userspace separation, as only the kernel is actually reused .

Docker images are like the VM template. A docker container is instanced from a an image, so its like having a base VM image / snapshot to return to whenever you want.

so security is the same as a VM template/OVF - depends on where the image came from.

 

It's secure enough to run a nginx container, particularly if you are not going to be referring to the host (unRAID) on a network level (via reverse-proxying) as the typical separate IP for the container mechanism (macvlans) prohibts communication between the container and the host

 

as for the nginx in unRAID, please don't mess with that as the settings are in RAM and reset every startup.

 

There's a lets encrypt container (which I don't use) that can be used to generated certs and reverse proxy stuff as well.

Link to comment
  • 3 months later...
16 hours ago, bphillips330 said:

Just getting back to this.  I have everything up and running in my arch linux vm.    

 

But i was seeing a ton of using nginx, well lets encrypt and nginx for reverse proxy.   Why would I need a reverse proxy?   Is there a reason to do this?

I can't say anything about your use case, but I use reverse proxies for:

- accessing my plex server outside the network (I don't do port forwarding as I only use Plex on a laptop on the move)

- accessing my nextcloud docker at work (just in case I have to take something home) as well as providing easy storage for my SO

 

Other people use reverse proxies for things such as accessing nzbhydra or nzbget remotely etc, but I have no use for that. Maybe you do?

 

Cheers!

Edited by omfgunraid
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.