I'm trying to setup an offsite backup via Docker, Duplicacy and ZeroTier and I wonder if anyone can provide a bit of assistance. Everything is straight forward really, the main question I have is in regards to isolating/securing the ZT/Duplicacy dockers to only each other and of course the client also via ZT.
Rather than a usual bridged or host network for ZT that allows access to the entire server, I'd like to isolate ZT and Duplicacy. Can this be done with br0/static IP's on the dockers? I suppose then they'd have access to the LAN unless I setup vlans on my router. Or would a vlan entry in the unraid routing table do it?
Is it possible to have ZT only route an ip/port and drop all other packets? I could leave the docker networks as is in that case.
I could also run ZT/Duplicacy in a linux VM but that'll be my last resort.
Any ideas or best practice advise is much appreciated, and of course thanks to all the devs that make these things possible!