I have many services running on my server and about half of them use postgres. As long as I installed them manually I would always create a new database and reuse the same postgres instance for each service, which seems to me quite logical. The least amount of overhead, fast boot, etc.
But since I started to use docker, most of the docker-compose files come with their own instance of postgres. Until now I just let them do it and were running a couple of instances of postgres. But it’s kind of getting rediciolous how many postgres instances I run on one server.
Do you guys run several dockerized instances of postgres or do you rewrite the docker compose files to give access to your one central postgres instance? And are there usually any problems with that like version incompatibilities, etc.?
I use the provided databases in the docker-compose file, since some services require a specific version and I’m too lazy to investigate whether it works on my existing service or not.
I keep each service separate as far as DBs, if something breaks or get a major upgrade I don’t have to worry about other containers.
Not so long ago I had the same question myself, and I ended up setting 1 Postgress instance and 1 MySQL instance for all services to share. In the long run, I had so many version and settings incompatibilities across services that moved back to one DB per service that is tuned specifically for it. Also, I add a backup app to all my docker compose files that have a DB in it. This way, backups happen periodically and automatically.
Which db backup app do you use if you don’t mind me asking?
You don’t need a db backup app… bind mount the data to a location then just stop the container and have borg take the backups. You can do this with all your containers.
/docker/postgres
/docker/postgres/data
/docker/postgres/compose.yml
And do that with every container. Easy as fuck to backup and restore them.
Sorry! I know it’s been ages, but this is what I use:
If I have several backends that more or less depend on each other anyway (for example: Lemmy + pict-rs), then I will create separate databases for them within a single postgres - reason being, if something bad happens to the database for one of them, then it affects the other one as well anyway, so there isn’t much to gain from isolating the databases.
Conversely, for completely unrelated services, I will always set up separate postgres instances, for full isolation.
I used to, but now I just have one big one (still in Docker) that’s sized and tuned to handle all of my applications.
I’ve only had one version compatibility issue, but that was because I was on pgSQL 13 and the updated version of one application needed 15. Upgrading that didn’t affect any other applications. If it had, I would have just broken that one application out to its own stack-local Postgres.
I have a separate network for postgres. Every service which needs a DB is attached to it. I use a single postgres container with several DBs and finetuned with PGTune.
The most important thing as always: proper backups ☝🏻
The only service with extra DB container is Immich, since it uses a custom variant and I am too lazy to modify the existing container 😁
I run Proxmox with a few nodes, and each of my services are (usually) dockerized, each running in a Proxmox Linux container.
As I like to keep things segregated as much as possible, I really only have one shared Postgres, for the stuff I don’t really care about (ie. if it goes down, I honestly don’t care about the services it takes with it, or the time it’ll take me to get them back).
My main Postgres instances are below - there’s probably others, but these are the ones I backup religiously, and test the backups frequently.
- RADIUS database: for wireless auth
- paperless-ngx: document management indexing & data
- Immich: because Immich has a very specific set of Postgres requirements
- Shared: 2 x Sonarr, 3 x Radarr, 1 x Lidarr, a few others
In theorey lots of people recommend having everything in a single docker-compose file for easier transfer and separation, though I have so much running, that it’s grouped by purpose. One of those is data storage. So I have a single server with all the databases (as far as compatibility goes). I would like to some day have a highly available postgres cluster with automatic failover and failback. But that needs a lot of testing and I’m no postgres admin, so also a lot of time to research how to do it properly.
Asked the same question a little while ago. See https://swg-empire.de/post/625121 for more opinions.
I ended up putting Nextcloud and Lemmy on one service. No problems so far, resource usage and performance are great. But I’ve not been running it for very long.
deleted by creator
That’s a big reason I actively avoid docker on my servers, I don’t like running a dozen instances of my database software, and considering how much work it would take to go through and configure each docker container to use an external database, to me it’s just as easy to learn to configure each piece of software for yourself and know what’s going on under the hood, rather than relying on a bunch of defaults made by whoever made the docker image.
I hope a good amount of my issues with docker have been solved since I last seriously tried to use docker (which was back when they were literally giving away free tee shirts to get people to try it). But the times I’ve peeked at it since, to me it seems that docker gets in the way more often than it solves problems.
I don’t mean to yuck other people’s yum though, so if you like docker, and it works for you, don’t let me stop you from enjoying it. I just can’t justify the overhead for myself (both at the system resource level, and personal time level of inserting an additional layer of configuration between me and my software).
What overhead are you talking about? You don’t need a dozen of instances of a database. You can create one, with or without docker, and configure any service to use it. The idea of docker and docker compose is that you can easily start up the whole env. But you don’t have to.
It’s kinda weird to see the Docker scepticism around here. I run 40ish services on my server, all with a single docker-compose YAML file. It just works.
Comparing it to manually tweaking every project I run seems impossibly time-draining in comparison. I don’t care about the underlying mechanics, just want shit to work.
I care about the underlying tech in the things I deploy, but the reality is that I lack the time to actively do this in practice.
Ideally I would set everything up manually, but it’s just too hard to keep up with 30+ projects and remembering how/why I set everything up, even with documentation. Docker Compose makes my homelab hobby more manageable.
I think that my skepticism and desire to have docker get out of my way, has more to do with already knowing the underlying mechanics, being used to managing services before docker was a thing, and then docker coming along and saying “just learn docker instead.” Which is fine, if it didn’t mean not only an entire shift from what I already know, but a separation from it, with extra networking and docker configuration to fuss with. If I wasn’t already used to managing servers pre-docker, then yeah, I totally get it.
I used to be a sysadmin in 2002/3 and let me tell you - Docker makes all that menial, boring work go away and services just work. Which is want I want, instead of messing with php.ini extensions or iptables custom rules.
Maybe I’ll try and give it another go soon to see if things have improved for what I need since I last tried. I do have a couple aging servers that will probably need upgraded soon anyway, and I’m sure my python scripts that I’ve used in the past to help automate server migration will need updated anyway since I last used them.
I agree to a certain extent and I’m actively using Docker.
What I’ve done is made an Ubuntu VM, put Docker on it and booted a Portainer client container on it, then made that into a container template, so I can just give it an IP address and boot it up, then add it to Portainer in 3 clicks.
It’s great for just having a go on something and seeing if I wanna pursue it.
But so far I’ve tried to boot and run Arr and Plex, and more recently Logitech Media Server and it’s just been hard work.
I’ve found I’m making more VMs than I thought I would and just putting things together in them, rather than trying to run stacks of Docker together.
That said, it looks like it is awesome when you know what you’re doing.
Do not run databases in Docker unless you know really well what you are doing.
It’s completely possible to run them correctly in Docker. But it’s far from trivial, and if you need to ask this, it means that you probably won’t be able to.
Nothing worse in Linux communities than gatekeeper answers like this.
It’s fine to point out that something’s challenging to someone who may be a novice, but to suggest it’s above them? Eat it. At the very least, provide a resource and let them confirm for themselves.
This right here… This whole community is about learning to do things for yourself. It might be after been given resources to learn you do decide its too much for you but people should be given the chance to discover that themselves.
Shout out to hack the box.
If you’re a noob or a veteran in any branch of IT looking for a good cybersecurity community/platform…
Most of us IT folk check the box of “knowledge peaks and valleys”. They’re the first community I’ve found that seems to actually respect the idea that someone might know way more about XSS and SQL injection in react apps than some other guy knows about binary exploits through packet disassembly, and that both of them are fucking experts and neither of them are lacking for not knowing what the other knows.
Cybersecurity communities too, there was one guy on [The Other Site] I saw awhile back who, whenever somebody asked a question about what they should do to secure X or Y or if Z security product was better than V because they just did general IT, would always default to something along the lines of “If you don’t know, don’t bother its above you and you should shell out $$$ to an actual firm otherwise you’ll be shelling out $$$$ to another firm to clean up your mess”
Surprise surprise, when I googled his username (The fact I was even able to do this isnt a great sign for a “security professional” IMO lmao) he actually owned one of those “Databreach Triage” firms…yea…I’m sure there was no conflict of interest whatsoever lmaoo
deleted by creator