I’m been listening to the Fedora podcast and it seems like the OCI images are now getting some serious attention.
Anyone using the Fedora base image to make custom containers to deploy Nextcloud, Caddy and other services? My thought is that Fedora focuses on security so in theory software packaged with it will be secure and properly configured by default. Having Fedora in the middle will also theoretically protect against hostile changes upstream. The downside is that the image is a little big but I think it is manageable.
Anyone else use Fedora?
In the case of Nextcloud it is written in PHP so it is very important to get PHP security fixes. I get the argument for static binaries like Forgejo. I’m mostly looking at more complex things.
Containers get upgrades when they run. They get updates as static projects, then are built into containers. Fedora being said container will help none of this process at all though.
I have no idea why you’re even mentioning Foregjo, I’m lost now.
PHP isn’t complex, you just need a webserver (nginx, Apache, etc) and PHP. That’s one process (webserver) that runs a few child processes (PHP scripts). When using PHP fpm, use two containers.
Each container should run one process. Each container can run whatever base you want. If you want a newer PHP on an older image, go for it! Nobody is forcing you to use the repo version of PHP, you can install it separately. More complexity should mean more containers, not more complex containers.
Yeah tell that to Nextcloud
Yeah, NextCloud doesn’t follow ideal containerization style, but they do have an FPM package, so I can co figure PHP FPM separately from the web server, which is separate from my Collabora container. I don’t use the AIO image so I can control each piece separately.