this post was submitted on 18 Apr 2025
15 points (77.8% liked)

Selfhosted

46113 readers
976 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
15
Am I the only one interested in Fedora based containers? (lemmy.zip)
submitted 4 days ago* (last edited 4 days ago) by possiblylinux127@lemmy.zip to c/selfhosted@lemmy.world
12 comments fedilink hide all child comments
 

I'm been listening to the Fedora podcast and it seems like the OCI images are now getting some serious attention.

Anyone using the Fedora base image to make custom containers to deploy Nextcloud, Caddy and other services? My thought is that Fedora focuses on security so in theory software packaged with it will be secure and properly configured by default. Having Fedora in the middle will also theoretically protect against hostile changes upstream. The downside is that the image is a little big but I think it is manageable.

Anyone else use Fedora?

you are viewing a single comment's thread
view the rest of the comments
[–] marauding_gibberish142@lemmy.dbzer0.com 22 points 4 days ago* (last edited 4 days ago) (1 children)

I don't get it. Where is the idea that "Fedora focuses on security" coming from? Fedora requires an equivalent amount of work like other distros to harden it.

I personally use Alpine because I trust busybox to have less attack surface than normal Linux utils

[–] tripflag@lemmy.world 12 points 4 days ago (1 children)

Alpine also has the advantage of musl, which is a safer alternative to glibc, at the cost of some performance. So, if anything, I'd expect people to consider alternatives to Alpine for that reason, as alpine is already the best choice for security.

[–] marauding_gibberish142@lemmy.dbzer0.com 3 points 3 days ago

Alpine isn't exactly fortified either. It needs some work too. Ideally you'd use a deblobbed kernel with KSPP and use MAC, harden permissions, install hardened_malloc. I don't recall if there's CIS benchmarks or STIGs for Alpine but those are very important too. These are my basic steps for hardening anything. But Alpine has the advantage of being lean from the start. Ideally you'd compile your packages with hardened flags like on Gentoo but for a regular container and VM host that might be too much (or not - depends on your appetite for this stuff).