En norrlänning
I’m aware that this isn’t how DNS works, but I’d imagine it is possible to have a DNS server that when it receives a query from the internet looks at the requested domain and translates it to an internal domain and in turn query that one, returning the result without revealing the internal domain. Something like a ALIAS virtual record provided by some services (but wont work against a internal DNS).
As for Traefik acting as a reverse proxy for internal network addresses, yeah that’s the way it works. However in this case I have several instances of Traefik running on a subset of IP-addresses on a public subnet. So essentially we want to loadbalance several Traefik loadbalancers using DNS.
Is it possible to just run your own SIP-trunk? We’re not intending on sending or receiving calls from external numbers outside of our little network.
What do you mean by “a block of external phone numbers?” We’d like to simply have our own internal numbers ideally, nothing to connect to the regular phone network.
deleted by creator
Depending on the services you provide, the usual standard ports. So if you run http/https services, port 80 and 443 respectively.
You seem to answer your own question.
I’d say the main benefit gained is sovereignty and a sense of place. This is not for personal use, but rather for a computer enthusiast association that I’m part of, so having our own git to integrate with the rest of our services makes sense. Throw on branding and link it to our SSO.
CI/CD, multiple users, container registry, and a web UI are requirements, though not much more which is why I find GitLab to be a bit over the top.
You can read their blogpost about it here: https://blog.gitea.com/a-message-from-lunny-on-gitea-ltd.-and-the-gitea-project/
It resulted in Codeberg launching their own fork: https://blog.codeberg.org/codeberg-launches-forgejo.html
Certainly looks interesting, though being able to do code review and a more full-fledged CI/CD solution is a requirement.
There is the passwd LDAP backend, not sure if it works for full auth though.