It would be nice if docker manager could handle rebuilding the app and installing plugins. Both of these things currently require sshing into the server and manually editing a config file which feels very messy and is confusing for a lot of people.
It’s also a bit of a layering violation, and would require either a suid root binary to be available inside the container to de-chroot and de-namespace, or a constantly running daemon outside the container (again as root) ready to rebuild when asked. And I certainly don’t trust myself to avoid writing a confused deputy vulnerability.
My long term plan is to write a separate, mini-daemon for docker manager (probably in golang or something else that is very low impact). That way you can always recover from a crashed site.
This is on the cards but not scheduled and very complex.
This is a long long term discussion, nothing is going to happen for a bit, but the key is “tiny” amount of resident memory and something we can maintain easily.
It’s possible we could pull this off with frameworkless rack, or even have NGINX trigger a launch of it on demand.