Yea I likely don’t have a full understanding, just getting into this and all. That’s why I decided a hard req was to force the images to run in a non-root context. (I did succeed, prolly)
But the macvlan does have its own IP with the associated ports free and that will let the adguard home image bind 53 while the host can squat on it with dns listener stub or whatever the fuck it does by default. The macvlans is a recommended thing by the Docker adguard home guides to bypass the host or other processes already binding 53, I didn’t cook it up myself.
Anyway, this is the first I’m hearing of traffic or caddy in this context - googling those is not ez pz so it’ll take me a bit to know what you’re implying I should do!
Edit: I’m not gonna understand traffic or caddy beyond the surface level, the main pages are enterprise-focused so I’m not sure how they apply. I’ll have to wait to run into an organic use case (with wordy guide) to truly understand them, I think. (Other than traffic could redirect but it’s called a reverse proxy but I think, at least in this context, that’s a fancy word for redirect. So use it somehow instead of forwarding specific ports?)