Since Podman is based around systemd services managing the containers, why not have a look at systemd .service files? I know you can set dependencies in those and so you can say that your other containers can’t start unless gluetun successfully starts first.

Wildcard is actually good these days because you don’t have to set up DNS entries for your hostnames.

It’s not security, just obscurity - but in the age of crawlers, it’s helpful.

Also, you can use it internally for services on LAN and because LetsEncrypt is a CA everyone trusts, you don’t need to register a local CA (like a FreeIPA instance) with all your devices- which sometimes isn’t possible.

EDIT: you can also use DNS01 challenges and instead of proving yourself by serving up a challenge response from a server, you prove ownership by adding a DNS TXT entry with the response. It is safer, from a security perspective, to use one cert per service.

There would need to be some way to ensure that a blocking request originated at the IP it’s being requested for.

You could do this with encryption signatures, but then how to you verify them? Most of the solutions I can think of require something else centralized to manage that, and we’re back where we started. (I guess a *gag* blockchain could maybe work, but what is the required proof of the ledger, and how do we prevent a 51% attack on it? You know government has their hands in more than 51% of major routers)

How does it not get abused for censorship or other exclusivity, rather than protection? The internet would become closed niches. You have to think about what the biggest assholes would do with a new tool; think about what happened with email.

Seems like they’re working on Docker build actions right now according to some other comments