Moving from Virtualmin - Should I go with Docker?

Question

For last 5 years I was using Virtualmin on my small VPS where I host my websites. It was mainly used for my projects and presentations, but in last few years I started to host other people's websites (friends etc.).

With my Virtualmin setup I had no chrooting, just basic PHP FPM and NodeJS setup and no isolated processes for each user.

I realized, that I need to do some updates to improve security so I decided to move out from Virtualmin (and also from Apache2).

Now I am asking myself if I should learn Docker and create virtual servers as docker containers, or just install clean Nginx, MariaDB, NodeJS, PHP combo and play with it until all users are fully isolated from each other.

From what I read it is not simple even for Docker containers to be completely isolated when they using same Nginx instance.

My main goal is to have virtual server files located in /home/username directory and all PHP executions and Nginx servings will be done from this folder without any global www-data pseudo user/group.

Any recommendations how to grab this?

Answer 1

Short answer: I'd stick with a conventional setup and forego containers, assuming no or low variance in (LAMP-)component versions.

If your desired platform is common to the applications you are going to host in your setup, you have little to gain from containers in my opinion.

Meaning if you stick to one or few versions for all the mentioned components that all the sites use, there's no need duplicating all this in multiple container instances.

And even if you do, the webserver and database are best (again, IMO) kept out of the container setup anyway to keep complexity down.

The gains in security are negligible assuming a properly set up system using DAC and MAC to enforce isolation.