On 5/5/26 11:24 AM, Nick via Dng wrote:
> On 5/5/26 3:15 PM, Curtis Maurand via Dng wrote:
>>
>> Hello,
>>
>> I have never liked docker. Too many security issues if they're not
>> patched as often has the host system. They also use a lot of disk
>> space and tend to be resource hogs. Thanks, though.
>>
>> I can imagine that maintaining the tdr repo is a lot of work if not
>> using an automated build system like Hudson or Jeeves. I was looking
>> to get php 8.5 to make it available to my customers. ispconfig runs
>> on 8.4. I don't like ispconfig as much as I like Plesk, but Plesk
>> requires systemd. ispconfig would like it, too, but I've managed to
>> get around that. This system started out as Beowulf, but has been
>> upgraded to Chimaera, then Daedalus. It looks like I'm building a new
>> VM and will try the sury packages. I have, in the past, built my own
>> php-fpm and it worked OK. The sury thing is annoying.
>>
>> --Curtis
> I am running docker rootless which is probably safer then apache2 or
> nginx in default configuration. Podman is even rootless by design but
> invented by Red Hat and heavily infected with systemd so I will never
> touch it. But of course K8S or LXC or Incus are available too,
> everyone is making their own choices.

Under ispconfig, apache runs suexec each website runs under it's own
user and group. nothing runs as root, not even apache which spawns
php-fpm for each website.