this is my compose file for monbooru, ive added some comments to show you what each thing does, if you want to change the port simply change the the first 8080. all of these value:value mean that the first value is your machine, and the second one inside the container. that’s it, create a folder named monbooru, create a file named docker-compose.yml, add the thing i gave you below and save it. with your terminal cd into the directory where the compose file lives and do docker compose up -d and it will download the image and it’ll be runnin. believe me, i used to prefer to not use docker because i thought, ohh i have to learn to use docker, but honestly i wish i knew it was this simple long before so i wouldnt have done so many installs of some apps where i’ll lose my data

services:
  monbooru:
    container_name: monbooru
    image: ghcr.io/leqwin/monbooru:latest
    ports:
      - "127.0.0.1:8080:8080"
    user: "1000:1000"
    security_opt:
      - no-new-privileges:true
      - label:disable
    cap_drop:
      - ALL
    volumes:
      - /PATH/TO/YOUR/GALLERY:/gallery
      - ./config:/config #this one
      - ./data:/data #and this one make the app data live next to the compose file, so that you can move the folder and the data stays there
      - ./models:/models #use this if you add autotaggers, otherwise delete it, i'd try it without them first
    environment:
      - MONBOORU_SERVER_BIND_ADDRESS=0.0.0.0:8080
    healthcheck:
      test: ["CMD-SHELL", "curl --fail --silent --max-time 5 http://localhost:8080/health || exit 1"]
      interval: 30s
      retries: 3
      start_period: 10s
      timeout: 5s
    restart: unless-stopped

Docker automatically opens ports your containers need through iptables. Because of this, it bypasses rules set by ufw, which is great.

Podman does not do this afaik, and since it only runs rootless it’s a lot less risky as well.