frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Discuss – Do AI agents deserve all the hype they are getting?

3•MicroWagie•1h ago•0 comments

Ask HN: Anyone Using a Mac Studio for Local AI/LLM?

48•UmYeahNo•1d ago•30 comments

LLMs are powerful, but enterprises are deterministic by nature

3•prateekdalal•6h ago•3 comments

Ask HN: Non AI-obsessed tech forums

27•nanocat•17h ago•22 comments

Ask HN: Ideas for small ways to make the world a better place

16•jlmcgraw•19h ago•20 comments

Ask HN: 10 months since the Llama-4 release: what happened to Meta AI?

44•Invictus0•1d ago•11 comments

Ask HN: Who wants to be hired? (February 2026)

139•whoishiring•4d ago•518 comments

Ask HN: Who is hiring? (February 2026)

313•whoishiring•4d ago•512 comments

Ask HN: Non-profit, volunteers run org needs CRM. Is Odoo Community a good sol.?

2•netfortius•14h ago•1 comments

AI Regex Scientist: A self-improving regex solver

7•PranoyP•21h ago•1 comments

Tell HN: Another round of Zendesk email spam

104•Philpax•2d ago•54 comments

Ask HN: Is Connecting via SSH Risky?

19•atrevbot•2d ago•37 comments

Ask HN: Has your whole engineering team gone big into AI coding? How's it going?

18•jchung•2d ago•13 comments

Ask HN: Why LLM providers sell access instead of consulting services?

5•pera•1d ago•13 comments

Ask HN: How does ChatGPT decide which websites to recommend?

5•nworley•1d ago•11 comments

Ask HN: What is the most complicated Algorithm you came up with yourself?

3•meffmadd•1d ago•7 comments

Ask HN: Is it just me or are most businesses insane?

8•justenough•1d ago•7 comments

Ask HN: Mem0 stores memories, but doesn't learn user patterns

9•fliellerjulian•2d ago•6 comments

Ask HN: Is there anyone here who still uses slide rules?

123•blenderob•4d ago•122 comments

Kernighan on Programming

170•chrisjj•4d ago•61 comments

Ask HN: Any International Job Boards for International Workers?

2•15charslong•16h ago•2 comments

Ask HN: Anyone Seeing YT ads related to chats on ChatGPT?

2•guhsnamih•1d ago•4 comments

Ask HN: Does global decoupling from the USA signal comeback of the desktop app?

5•wewewedxfgdf•1d ago•3 comments

We built a serverless GPU inference platform with predictable latency

5•QubridAI•2d ago•1 comments

Ask HN: Does a good "read it later" app exist?

8•buchanae•3d ago•18 comments

Ask HN: Have you been fired because of AI?

17•s-stude•4d ago•15 comments

Ask HN: How Did You Validate?

4•haute_cuisine•1d ago•6 comments

Ask HN: Anyone have a "sovereign" solution for phone calls?

12•kldg•4d ago•1 comments

Ask HN: Cheap laptop for Linux without GUI (for writing)

15•locusofself•3d ago•16 comments

Ask HN: OpenClaw users, what is your token spend?

14•8cvor6j844qw_d6•4d ago•6 comments
Open in hackernews

Ask HN: What's needed for a minimal production Docker deployment?

7•bcye•3mo ago
There's a lot of tutorials/books online about getting a basic server with docker running but seemingly few that cover everything that is needed for a true production deployment (or is simply nothing more needed?). I would be curious, if anyone can share a good resource for doing real single-server production Docker deployment on your own VPS. I.e. best practices for/how to:

- secure the server properly

- credential management

- making sure of security updates

- observability

- backups

- automatic deployments

- anything else that is needed

Many thanks for any pointers

Comments

dapperdrake•3mo ago
I didn’t like this piece of advice myself back when I got it, but it was worth it:

Start with introductory physical unix handbooks that cover user permissions, fork(2), and exec(2).

Oddly enough containers only add something like a git-fs-chroot and network-chroot on top. The principles are all still the same.

Like I said, I didn’t like this answer either until I read a few of the books.

bcye•3mo ago
Thank you, that does sound like a good start. Do you have a book you can recommend on this?
sawirricardo•3mo ago
i love unregistry, direct upload to your destination server https://github.com/psviderski/unregistry
uaas•3mo ago
Kubernetes.
atmosx•3mo ago
This is something that an LLM can answer thoroughly. The problem is that we don't know the scope of the project.

For example what does it mean to _secure the server properly_. What's the "threat model"? Are there compliance requirements? Since this looks like a sort of hobby-project (single-server production deployment?), I believe that you should be okay with ssh keys-only config and ports 80 (redirect to SSL) and port 443 with LE certificates.

Managing security updates on a single server will require downtime. If you have active users you can handle that we scheduled downtime 5hours every X weeks (e.g. First Saturday of the month from 01-02 AM the server will be unavailable).

You're going to need a dedicated system to setup observability. The cheapest option is probably node_exporter with prometheus and grafana. Loki for logs with s3 backend (can be pretty cheap if you use backblaze).

For backups use whatever the provider gives you to backup the VM. Most providers have a ready-made solution for that.

Automatic deploys can be configured ofc, but usually the deployment pipeline mirrors the application requirements... Are you going to a DVCS (github actions)? Are you doing to handle deployments using a tool like kamal? In either case would try to use "SO_REUSEADDR" for zero-downtime upgrades in a single-server.

Secrets management and server setup can be managed by ansible + sops.

> anything else that is needed?

A DB? A CDN? An object store? A queue? :-)