anti
3618c59d08
Gateway deckies (forwards_l3=True) are the DMZ's ingress. Their service containers share the base namespace via network_mode:service, so any listener inside the gateway is reachable through the base container's published ports. Emit 'ports: [<p>:<p>, ...]' on the gateway base from svc.ports across the decky's service list. This is the principled replacement for the broken network_mode: host stub — with docker-proxy publishing, the DMZ works on any single-NIC VPS (no MACVLAN, no promiscuous mode required).
5.1 KiB
5.1 KiB