The only two important columns are “Local address: port” and “process”. The later is what process is listening whille the former is the interface that process is listening on and the port.

So you see that I don’t have any process listening on any port other than 80 and 443 iin the host and the regular ones.

That said, you containers will still listen on the ports you want but only on a virtual network interface.

Basically you only need to publish ports 80 amd 443 on the container or pod you have your reverse proxy on. Other containers need to only be attached to the same network as you already did.

It is good you have solved you initial issue. However, as you say, your rules are too permissive. You should not publish ports from containers to the host. Your container ports should only be accessible over reverse-proxy network. Said otherwise <my domain>:3000 should not resolve to anything.

This can be simply acheive by not publishing any port on your service containers.

Here is an example of my VPS:

Exposed ports:

$ ss -ntlp
State                Recv-Q               Send-Q                             Local Address:Port                             Peer Address:Port              Process                                                  
LISTEN               0                    128                                      0.0.0.0:22                                    0.0.0.0:*                  users:(("sshd",pid=4084094,fd=3))                       
LISTEN               0                    4096                                     0.0.0.0:443                                   0.0.0.0:*                  users:(("conmon",pid=3436659,fd=6))                     
LISTEN               0                    4096                                     0.0.0.0:5355                                  0.0.0.0:*                  users:(("systemd-resolve",pid=723,fd=11))               
LISTEN               0                    4096                                     0.0.0.0:80                                    0.0.0.0:*                  users:(("conmon",pid=3436659,fd=5))                     
LISTEN               0                    4096                                  127.0.0.54:53                                    0.0.0.0:*                  users:(("systemd-resolve",pid=723,fd=19))               
LISTEN               0                    4096                               127.0.0.53%lo:53                                    0.0.0.0:*                  users:(("systemd-resolve",pid=723,fd=17))  

Redacted list of containers:

$ podman container ls
CONTAINER ID  IMAGE                                        COMMAND               CREATED        STATUS                 PORTS                                     NAMES
[...]
docker.io/tootsuite/mastodon-streaming:v4.3  node ./streaming      2 months ago   Up 2 months (healthy)                                            social_streaming
docker.io/eqalpha/keydb:alpine               keydb-server /etc...  2 months ago   Up 2 months (healthy)                                            cloud_cache
localhost/podman-pause:4.4.1-1111111111                            2 months ago   Up 2 months            0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  1111111111-infra
docker.io/library/traefik:3.2                traefik               2 months ago   Up 2 months            0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp  traefik
docker.io/library/nginx:1.27-alpine          nginx -g daemon o...  3 weeks ago    Up 3 weeks                                                       cloud_web
docker.io/library/nginx:1.27-alpine          nginx -g daemon o...  3 weeks ago    Up 3 weeks                                                       social_front
[...]

Great to hear it is a good drop-in replacement. I’ve been using KeyDB, but seeing valkey is more actif, I may endup using it too.

They now he is sick of it and wants to switch career completely.

Participants need to find the right balance of information. I noticed it is productive when developers give just enough information for other to understand but not too much to confuse them and loose time. This is not easy to achieve…

Why is your scrum 1 hour long?

Not really weired. For example, a keyboard has a firmware. 99% of keyboards have no way of it being updated or changed. It is part of its electronics. So not a big deal. But, if a keyboard has a way to update the firmware or install another one, then it should be FOSS.

I tried this in the past and it does not seem a good option. Letting a smartphone record 24/7 would make it melt maybe.

Their code repository is still active. So worth giving a look.

Thanks. this opens up more devices to choose from. So products like hikvison are a candidate for me now.

What hardware is it compatible with?

Yes I may, I don’t have it setup now, but I do have an ultra PC that might run it.

It would be best if I don’t have to create an account or install a proprietary app to perform the initial setup.

I still haven’t found any AMCrest camera being sold near me. I found some Hikvison.

I made some reasearch for avalable hardawar near me and found this one Hikvison DS-2CD1053G0-I

I’ll keep looking for ones that are more inside friendly.

Many thanks!

What camera hardware is compatible with Soteria?

There is now podman compose that can read and use docker-compose files. As for importing, I cannot tell.

While the news is interesting, it is not about technology at all. Just because Starbucks has an app does not make this technology related news.

You can get coffee from other places than chain coffeeshops for less money and better coffee. The café near me sells great espresso for 12 MAD (about 1 €). The place is nice, has a waiter and coffee is server in glass or porcelaine cups in stead of cheap plastic. You can get it from other places for the cheapest place at 6 MAD.

Those might look like freedom pitfalls but are actually not. On the one hand gitlab dot com is not really bad for freedom as it has at least an open core and is very freedom friendly. Gitlab can be easily circumvented by using got client directly. Maybe a tag could be helpful here.

Any way, just clearing cookies after closing the session is very enough for github.

Cloudflare? Why are you even mentioning this? This is part of projects infrastructure. We need to draw a line somewhere. For example would you visit a website if it was hosted on Windows server? If they use ESXi? Or if user account are managed with Active Directory or firebase?

Sure you are free to be as eclectic as you want, but at the end, those are very minor issues that do not dent FSF credibility. Remember it stand for Free software first.

Edit: typos

Most diff tools have an option to ignore leading or trailing whitespace changes.