Docker
Docker is a platform for building, distributing, and running applications inside lightweight, isolated containers; Docker uses Linux kernel primitives: namespaces (for process, network, and filesystem isolation) and cgroups (for resource limiting) to create container boundaries, with the container image providing a layered filesystem via OverlayFS; For builders self-hosting on a VPS, Docker solves three key problems: isolation (each service runs in its own container without conflicting dependencies), reproducibility (the same image runs identically in staging and production), and operational simplicity (stopping, starting, updating, and rolling back a service is a single command)
Docker is a platform for building, distributing, and running applications inside lightweight, isolated containers. A container packages an application’s code, runtime, libraries, and configuration into a single image that runs identically on any host with the Docker Engine installed, eliminating the ‘it works on my machine’ problem. Docker has become the default deployment mechanism for self-hosted applications because nearly every popular open-source project provides an official or community-maintained Docker image.
How it works
Docker uses Linux kernel primitives: namespaces (for process, network, and filesystem isolation) and cgroups (for resource limiting) to create container boundaries, with the container image providing a layered filesystem via OverlayFS. The Docker Engine (dockerd) manages the container lifecycle, networking, and volume mounts. Images are stored in and pulled from registries (Docker Hub, GitHub Container Registry, or private registries). The Docker CLI communicates with the daemon via a Unix socket, and Docker Compose extends this with multi-container application definitions in YAML.
Key facts
- Image layers: Docker images are built in layers; unchanged layers are cached during rebuilds, making iterative builds fast
- Resource overhead: Containers share the host kernel and add minimal overhead compared to VMs; a basic Nginx container uses roughly 5 MB of RAM
- Networking modes: The default bridge network isolates containers; the host network mode removes isolation for performance-critical workloads
For builders
For builders self-hosting on a VPS, Docker solves three key problems: isolation (each service runs in its own container without conflicting dependencies), reproducibility (the same image runs identically in staging and production), and operational simplicity (stopping, starting, updating, and rolling back a service is a single command). Combining Docker with Docker Compose reduces a multi-service stack deployment to a single file and a single command.
Sources
- Docker, Inc. Docker Engine documentation. docs.docker.com
- Kubernetes. Core concepts documentation. kubernetes.io
- Open Container Initiative. OCI Image and Runtime specifications. opencontainers.org
- CNCF. Graduated and incubating cloud-native projects. cncf.io
- NIST SP 800-190. Application Container Security Guide. nist.gov
