Docker Compose works in production in 2026 if you manually close five gaps: orphan cleanup, disk/log limits, health-check restarts, image digest pinning, and socket security.
Key Takeaways
Pass --remove-orphans on every docker compose up or removed services keep running on old ports consuming RAM indefinitely.
Cap logs in /etc/docker/daemon.json with max-size: 10m and max-file: 3; unbounded json-file logs are a top cause of disk-full outages.
Docker Engine reports unhealthy containers but does not restart them; add willfarrell/docker-autoheal or move to Swarm for actual self-healing.
Pin images by digest (myapp@sha256:...) not tag; two hosts pulling the same tag minutes apart can run different code after a re-push.
Mounting /var/run/docker.sock grants effective host root; use rootless Docker or docker-socket-proxy to limit blast radius.
Hacker News Comment Review
Discussion is thin and mostly humorous; commenters signal that the real answer is always context-dependent rather than a hard yes/no.
No substantive technical disagreement with the article’s recommendations surfaced in the thread.
Notable Comments
@TheChaplain: log-size capping was a genuine TIL, suggesting this operational detail is underknown even among practitioners.
