:INFO Docker Is the Package Manager for Services Before Docker, deploying a self-hosted application meant following a fifteen-step guide, installing conflicting system libraries, fighting with Python virtual environments, and hoping the next OS update didn't break everything. Docker packages an application and all its dependencies into a container that runs identically on any machine. The difference between installing Nextcloud manually and running it with Docker Compose is the difference between an afternoon of debugging and a single command. :PATH Install Docker Engine (Not Docker Desktop) On Raspberry Pi OS, follow the official Docker Engine installation for Debian. The steps are: add Docker's GPG key to your keyring, add the Docker apt repository, then run sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker- :PATH Understand Images, Containers, and Volumes An image is a read-only template — like an ISO file. A container is a running instance of an image — like a virtual machine booted from that ISO. Every time you run docker run, Docker creates a fresh container from the image. This means any data written i :PATH Write a docker-compose.yml for Nextcloud Create a directory for your Nextcloud stack: mkdir -p ~/docker/nextcloud. Inside it, create a docker-compose.yml file. The file defines two services: a database service using the mariadb image with a named volume for its data directory and environment var :PATH Start the Stack and Confirm It Is Running From inside the ~/docker/nextcloud directory, run docker compose up -d. The -d flag runs the containers in detached mode (in the background). Docker will pull the required images on first run, which takes a few minutes. Once it returns to the prompt, run :CHECKLIST What to Understand Before Running Production Services [ ] Every service that stores data must have a named volume mapped to a persistent host path [ ] Containers in the same docker-compose.yml share a network and can reach each other by service name [ ] docker compose down removes containers but not volumes — data is preserved [ ] docker compose pull fetches updated images; docker compose up -d applies them [ ] Secrets like database passwords should not be hardcoded in compose files in production :NOTE Never store persistent data inside a container's filesystem without a volume. Container filesystems are ephemeral — they are destroyed when the container is removed or recreated during an update. Everything that matters goes in a named volume or a bind mount to a host directory. This is the most common mistake new Docker users make, and it always results in data loss. :INFO What Comes Next Once you have multiple services running on different ports, pointing different domain names at each one without opening a new firewall port for every service requires a reverse proxy. A reverse proxy sits in front of all your containers, routes requests by domain name, and handles HTTPS in one place — so you only ever need ports 80 and 443 open. :SLATE 999 :LINK https://docs.docker.com/engine/install/debian/ Install Docker Engine on Raspberry Pi OS (Debian-based)