Are you still installing apps on your NAS from your manufacturer’s app store? It’s time to stop. I only trust Docker for installing apps on my NAS, instead of using a native app store. Why? Well, there are several reasons, and almost all of it centers around security.
Docker Containers Only Get Access to What I Let Them
One of my favorite attributes of Docker is how secure it can be. With a Docker container, it really only has access to what I grant it.
Should I want to keep things ultra-secure, I can have Docker create a segregated volume that the container accesses for storage and nothing else can touch it (and it can’t touch anything else). Or, I could opt to mount a folder (or specific file) from the OS to the container.
Related
What Does Docker Do, and When Should You Use It?
Docker is a tool for running your applications inside containers.
Besides what I give a Docker container access to, it’s entirely self-contained. In fact, it can’t even network with other Docker containers natively unless I create a network for multiple containers to use, specify another network adapter, or use Docker Compose to launch multiple containers at once.
These are all great security features that Docker offers, and it simply makes Docker more secure than many app stores. For instance, if you install an app from your NAS system’s native app store, there’s a good chance that app can access all of your files and folders natively. If not at install, once you grant it access to one folder, it’ll typically get access to all.
This isn’t true of every NAS system, but many function like that. From my time with my Synology systems, that’s how they worked. While this isn’t a huge downside, it is a greater security risk than segregating an app away from all other services on your NAS.
Docker’s Flexibility Beats Native App Stores Every Time
Since a Docker container is a mini virtual machine of sorts, its overall capabilities are unmatched. It’s actually possible to run a full operating system in Docker.
However, the flexibility of Docker comes from being able to build your own containers. Since Docker containers are just operating systems with pre-installed and pre-configured services, you can build your own with ease.
A few weeks ago, I was trying to do something specific with Calibre-Web, and it just wasn’t working. I turned to my trusty homelab companion, ChatGPT, and started working on building a custom Calibre-Web Docker container with updated dependencies (since the container I was using was pretty outdated).
With ChatGPT’s help, I was able to build a Docker container that had the dependencies I needed and functioned how I wanted, even though the official Docker container didn’t offer what I needed. If I was stuck using a native app store, that’d never be an option.
If an app becomes outdated or unusable in a native app store, you’re simply out of luck. With Docker, it’s easy to make a new, updated version of whatever app I’m trying to use.
Once You Learn Docker, Everything Else Feels Clunky
Another awesome thing about Docker is that it’s the same on every platform, from Windows to Ubuntu to TrueNAS. Once you learn Docker on one system, you’ve learned Docker on all systems, essentially. Sure, there are some differences (like folder mapping), but the majority of Docker is the same across all other platforms.
However, native app stores aren’t anywhere near this unified. Synology’s app store is going to vary greatly from UGREEN’s and Terra Master’s stores, for instance.
However, with Docker, you can install management platforms that make it just as easy as those other app stores, but unified across all systems. Portainer is my favorite way to manage Docker, and it’s honestly pretty simple.
I Can Run the Same Stack on Any System With Docker
Some apps aren’t available on all platforms. Or, if they are, they could be outdated or no longer usable.
With Docker, that’s simply not a problem. I can take a stack (Docker Compose file) from one server and move it to another, and I’m up and running. I can also just shut down Docker on one server, move all the files to another, and start Docker on that other server.
The portability of Docker containers just makes them far superior to apps from native stores on any NAS out there.
I Trust Docker More Than Most App Stores
There’s an inherent trust given to any app that you run on your network—especially one that has access to your storage server’s files. When using a first-party app store, you just have to trust that there’s nothing nefarious going on with the code in the app. With a Docker container, you can (typically) verify that yourself.
Baring a few closed-source services that can run in a Docker container, most services that run in a container are open source. This means that you can browse and view all the code that goes into running that service on your computer.
Related
App Stores Can’t Protect You From Apps Abusing Your Data
Apps you get from an app store aren’t necessarily trustworthy.
Viewing and checking the code that runs a container means that you can verify exactly what’s going on when you install a service. Where does your data get transmitted to? Who has access? What’s it doing? All of that information is typically available for most Docker containers.
Not only that, but Docker containers are typically kept more up-to-date than first-party app stores. This comes from the fact that companies and services update Docker containers themselves, instead of having to rely on a first-party app store approving an app update (or even requiring the app to be published by the app store itself).
I hope you’re convinced to use Docker instead of any other app store on your NAS now. If you’re just getting started with Docker, here are 10 containers that I think should be running in any homelab. My list is sure to get you up-and-going and help jumpstart your Docker journey.
