• 10 Posts
  • 938 Comments
Joined 3 年前
cake
Cake day: 2023年6月24日

help-circle

  • No. Let’s take Harry Potter.

    I acknowledge JK Rowling’s role as creator of the franchise as well as her current devolvement into this transphobe asshole that she is. The material itself is to my knowledge not transphobe (it doesn’t mention transitioning or trans persons itself, and could maybe even be viewed as pro-trans with the whole polyjuice stuff).

    So I know the source of this work and can thus be cautious about potential transphobe parts

    Her work is (ignoring her) a very popular piece of culture and we as a community should thus be able to extend it further, thus making it a community effort and slowly releasing it from the grasp of Rowling.

    So both can work together.

    I will not go into more detail about HP or JKR to save us all time.













  • Your setup can work, but there is an even better solution with docker: the macvlan network driver

    It allows your container to bypass the servers networking and directly get an IP in a vlan of your choice.
    This ensures that only this one container is reachable via that IP. You can’t e.g. ssh into the server via that IP then, which might will avoid security issues.

    A second note: always check the containers from outside the server.
    You wrote that it works for “internal network” and I hope you have not tested it from the server itself, because that will nearly always work.

    My debugging steps would be as follows:

    1. Rebuild onto macvlan to avoid issues with the server blocking ports on the IPs
    2. Test the containers from another machine and another network (then internal routing works)
    3. Test the internet connection from inside the container (if that doesn’t work by now, the issue is with your router blocking traffic to the outside, which is probably a default-setting)
    4. Optional: Forward a single port to one container from the web and test that (and revert that afterwards, if you don’t need it anymore)

    Bonus tip: If your container is barebones and has no easy way to check web traffic, you can nsenter into it and call something that way. It looks like this:

    sudo nsenter -t $(docker inspect -f '{{.State.Pid}}' CONTAINERNAME) -n /bin/bash
    

    You only have to replace the CONTAINERNAME with the container name and the /bin/bash with your command e.g. curl -v programming.dev