I can’t seem to wrap my head around (Docker) containers and especially their maintenance.
As I understand it, containers contain a stripped-down OS that shares some resources with the host?
Or is it more like a closed-off part of the file system?
Anyway, when I have several containers running on a host system,
Do I need to keep them all updated separately? If so, how?
Or is it enough to update the host system, and not worry about the containers?
I would highly recommend using docker compose files. The services you are after usually have them in their installation instructions, on github or docker hub (the latter tells you how many image pulls so you can see what most people are using). Also check out https://awesome-docker-compose.com/apps and https://haxxnet.github.io/Compose-Examples/.
Then think of each compose file as a separate service that functions completely independently and can’t access any others unless you open a port to the host system (ports: ) or have a common network (networks:). The container cannot access or save files unless you open volumes (volumes: ). Personally I have separate folders for each service, and always persist and store config, data and db files in a subfolder of that so it’s all in one place. It’s easier to migrate or save your info if something goes wrong, and males backups easier to manage.
In the composer file there is image: <image place/image>:<tag> The tag could be ‘latest’ or a specific version you can look up on docker hub by searching for that image and looking a the tags that are near the ‘latest’ tag or have the same file size. For critical services use a specific version, and for non critical use latest.
To update a docker compose file, go to the folder, update the version of the image (e.g :15.6 to :16.1) or if using the ‘latest’ tag no need to change anything. Then run “docker compose down && docker compose pull && docker compose up -d” to update the services top the latest image.
I use wud https://github.com/getwud/wud about once a week to highlight any available updates then manually update them one by one, and before doing so looking at the update notes to see if there are any breaking changes and testing the services after. I used to just use latest and blindly update but have had occasional issues like bad updates or having to figure out breaking changes. If it goes wrong you can just go back to the old version while you investigate more.
Also, docker keeps old images forever unless you prune them so lookup ‘docker image prune’ or ‘docker system prune’ before trying them as they’ll remove a lot.