Same. I’m lucky enough to have two within driving distance. I’m genuinely worried about them staying in business if PC building takes a nosedive thanks to the RAM/SSD prices.

1. Some kind of monitoring software, like the Grafana stack. I like email and Discord notifications.
2. The Dockerfile will have a HEALTHCHECK statement, but in my experience this is pretty rare. Most of the time I set up a health check in the docker compose file or I extended the Dockerfile and add my own. You sometimes need to add a tool (like curl) to do the health check anyway.
3. It’s a feature of the container, but the app needs to support some way of signaling “health”, such as through a web API.
4. It depends on your needs. You can do all of the above. You can do so-called black box monitoring where you’re just monitoring whether your webapp is up or down. Easy. However, for a business you may want to know about problems before they happen, so you add white box monitoring for sub-components (database, services), timing, error counts, etc.

To add to that: health checks in Docker containers are mostly for self-healing purposes. Think about a system where you have a web app running in many separate containers across some number of nodes. You want to know if one container has become too slow or non-responsive so you can restart it before the rest of the containers are overwhelmed, causing more serious downtime. So, a health check allows Docker to restart the container without manual intervention. You can configure it to give up if it restarts too many times, and then you would have other systems (like a load balancer) to direct traffic away from the failed subsystems.

It’s useful to remember that containers are “cattle not pets”, so a restart or shutdown of a container is a “business as usual” event and things should continue to run in a distributed system.

I know it’s ELI5, but this is a common misconception and will lead you astray. They do not have the same level of isolation, and they have very different purposes.

For example, containers are disposable cattle. You don’t backup containers. You backup volumes and configuration, but not containers.

Containers share the kernel with the host, so your container needs to be compatible with the host (though most dependencies are packaged with images).

For self hosting maybe the difference doesn’t matter much, but there is a difference.

See if a light weight kubernetes installation is for you. Secrets are first class citizens in k8s. You can maintain secrets in a number of different ways, but they are exposed to containers the same way. They can become files or environment variables, whether you need.

I recommend looking at k3s to run on your Pi and see if that works for you. You can add vault software on top of that later without changing your containers.

That’s a feature not a bug. If tariffs increase import prices by 10%, people are less likely to notice a 15% increase at the point of sale. Not to mention domestic products that despite not being subject to tariffs will still increase in price to come in just below imports.

All of this is designed to put more money in the oligarchs’ pockets.