Ngakho-ke lolu uhlobo lombuzo ojwayelekile, kodwa ngifuna iseluleko sendlela engcono kakhulu yokuvikela i-VPS (esanda kuthola i-VPS enhle kakhulu ngenani eliphansi ngoMsombuluko we-cyber).

Ngakho-ke udaba engibhekene nalo ukuthi uma ufaka idocker futhi usebenzisa isithombe ngenketho `-p`, kwakheka umthetho ohlobene kuma-nftables (osebenzisa i-Debian 11). Uhlelo lwami lwangempela bekuwukuphonsa phansi i-ufw, phambili kuphela i-80/443 futhi ngihlehlise izinto zommeleli engangifuna zivezwe esidlangalaleni (kancane kakhulu), futhi yonke enye into izotholakala kuphela nge-wireguard.

Ngasetha i-wireguard, ngakuthola lokho kwasebenza futhi yonke into yabe sengifaka i-syncthing docker (ukwenza isipele amafayela athile ebhokisini le-on-prem). Angizange ngidale umthetho ku-ufw we-UI, nokho ngikwazile ukuphequlula kuwo futhi yilapho ngaqala khona ukucwaninga ngafunda ukuthi inketho ethi `-p` yayidala leyo mithetho ye-nft. Lokhu akukhona engikufunayo; Ngifuna ukuthi i-UI yokuvumelanisa itholakale kuphela kumakhasimende ami axhunywe kule VPS nge-wireguard, kodwa angiqiniseki ukuthi ngingakufeza kanjani lokhu.

Noma yiziphi iziphakamiso? Uwasebenzisa kanjani ama-dockers ku-VPS ngaphandle kokudalula konke ku-inthanethi?