We need to secure most of the apps that listen on the network.
Moving apps into namespace is not simple with LinuxKit, but we can create namespaces and assign IPs manually if we want to.
Also, Dropbox LAN sync may not work in a namespace. However, Transmission may work. PMS is supposed to work too.
A simple plan:
- make transmission bind on localhost
- add Envoy proxy and a certificate, make it listen on port 443
- make PMS bind on localhost also
- we will need to understand how it works and what ports have to be exposed directly (if any?)
- see if we can put it behind Envoy also
We need to secure most of the apps that listen on the network.
Moving apps into namespace is not simple with LinuxKit, but we can create namespaces and assign IPs manually if we want to.
Also, Dropbox LAN sync may not work in a namespace. However, Transmission may work. PMS is supposed to work too.
A simple plan: