Hi folks sorry if this is a dumb question, but I’m fairly new to Usenet and although I have it all set up, I saw some instructions to use a docker to run SABnzbd in?
I’ve been using it for about a month without one, but I’m worried there might be adding security or privacy risk?
Note. Running docker doesn’t imply security or privacy.
Definitely not necessary. A lot of use cases for SABnzbd are for some sort of media server or NAS, which is where docker comes in handy. If you don’t already have a docker setup, and don’t intend to have one in the future, running a single app as a container probably isn’t going to be necessary. There are other considerations of course, but as far as security goes, as long as you’re connecting via SSL and/or VPN, you should be good.
Docker isn’t necessary, but will be super useful down the road when you start running a bunch more applications on the same machine.
Same machine? I only have the one computer, and I use it for everything. What am I missing here?
So you want to run your usenet client now. What about torrents later? Then you find out about all the *arr applications, then plex. What if you want to remove one of them? You’ll end up with a difficult time to configure all your applications, maintaining them, and cleaning up if needed. Port number conflicts, dependencies, etc. With docker, it’s much easier to do all of that, and the instructions are widely available.
It isn’t that hard to manage your applications as individual installs; we’ve been doing so for years.
That said, I recommend planning to migrate over to docker or LXC for a couple reasons:
- Security
While docker by default isn’t ideal on security, there’s some benefit to isolating an application to a container, as if it’s compromised it can limit the exposure from being able to impact other parts of your server.
- Dependency management
Your package manager might do just fine with the services you have, but the more you try to run, the more complex a problem dependency management can become, and some important upgrade can cause unforseen consequences on another service.
- Rapid prototyping
On the future if you want to try something new, it’s easy to spin up a docker container for some bleeding edge service, and if it doesn’t work, you can drop the docker image and be confident that the application has made no changes to your filesystem, and you aren’t going to run into some weird problem down the line because you installed and uninstalled something you’ve since forgotten.
I wasn’t wanting go too far into the technical details with my reply, but yes, those are some reasons for my statement.
Docker isn’t about security, it’s about ease of use and maintenance.
I personally run every single service I can on my NAS in docker. Just so much easier and with a nice “all in one” interface.