![](https://lemmy.horwood.cloud/pictrs/image/a4d4857b-ac3b-4250-9621-e25526f3968f.png)
![](https://lemmy.world/pictrs/image/8286e071-7449-4413-a084-1eb5242e2cf4.png)
I have my portainer behind an oath proxy, using keycloak as the Auth provider
I run this server
I have my portainer behind an oath proxy, using keycloak as the Auth provider
I would have a cron that runs a script to pull the list and update IPset, this might not work.
make a file on your docker server with the below in it, set the file to execute chmod +x file.sh
#!/bin/sh
ipset -q flush ipsum
ipset -q create ipsum hash:ip
for ip in $(curl --compressed https://raw.githubusercontent.com/stamparm/ipsum/master/ipsum.txt 2>/dev/null | grep -v "#" | grep -v -E "\s[1-2]$" | cut -f 1); do ipset add ipsum $ip; done
iptables -D INPUT -m set --match-set ipsum src -j DROP 2>/dev/null
iptables -I INPUT -m set --match-set ipsum src -j DROP
Then add a cron file in /etc/cron.d
that runs the script every 24 hours
10 3 * * * root /root/file.sh
Some thing like this
iptables -I DOCKER-USER -m set --match-set ipsum src -j DROP
Should do what you need
I use pihole as my home DNS to do that
not sure your example domain is the best, can you lookup hrowood.biz?
this might be what your looking for -> https://docs.pi-hole.net/guides/dns/unbound/
not tested this, but you might want to look at DHCPv6 Relay
to get an IP from your ISP router
Ok, Aws is 24/7. But they will just help you spend even more money
That’s just like Aws, you pay for better and longer support. But they don’t make it clear support is only 9-5
That is true of any hosting provider, I have backups backblaze.
Nextcloud deck, with the mobile app
Have checked out OVH yet?
Have a VPS and a dedi with them
If your looking to allow that kind of traffic in and out of opensense, then yes if you use it. Just be mindful of what you need and only allow that in, outbound is normally everything.
That’s not container orchestration, that’s infrastructure orchestration. Depending on your use case docker swarm could just the right tool for the job.
You’ve been using Aws and they will happily let you add more nodes to your container runner of choice
not sure I understand you, in docker swarm your containers are started on n number of works from a single compose file on a manager. you can add any number of work nodes to scale your service as needed
What you need then is swarm compose, that can run any service in global mode (in all nodes all the time) or scale mode.
A and AAAA records can have different IPs, the VPS will know it’s the host for your A and to forward AAAA to your home IP
Electric shock to you? Get an electrician to check it and sign it off?