Nice writeup, and at the core not too different from what I'm doing myself (albeit with the server at home, not colo'd, and the specs are far more modest).
The only thing I'd change in your workflow, perhaps, is switching from docker CLI commands to docker-compose. That'd make things a lot more reproducible and easy to read, and if you group relevant containers into a compose file, they're also automagically networked together, which is handy.
Your "trick" of grouping TCP ports by the hundreds is something I might steal, I've been using $lastport+1 for a while and now there's a bit of guesswork involved whenever I need to do things that don't go through the proxy. Then again, that's not often, so I might leave it.
Or, if that is not sufficient, one of the increasing number of ethical and/or self-hosted services, like Plausible? There is no need whatsoever to ship this kind of data to an outside party.
Being open and making clear that you understood you goofed would be total opposite of the Streisand effect - where you'd try to _silence_ discourse with the unintended effect of amplifying it.
Right now, the issue is being downplayed, much to the chagrin of an increasingly knowledgeable set of computer users.
I believe Discourse was planning things but decided to scrap them. The person behind PixelFed (a federated Instagram-like platform) hinted at a [forum platform](https://mastodon.social/@dansup/105425592966902917), but I have no idea if there's any progress on that.
And of course, there's [Lemmy](https://lemmy.ml/), which is kinda like Reddit, but federated.
I know. But still I would prefer something a non-profit or volunteer-driven project over one from a for-profit company. Especially in the adblocking business where investor concerns are very likely not going to be aligned with consumer interests. It's not about it being free, I support several free open source projects with donations. I just don't like the clashing interests.
For me that means Firefox, uBlock Origin and pihole (though I ran dnsmasq myself for a while, I like what they've made of pihole now, it's come a long way!)
This is not so much a ux problem as an "marketeers gonna marketeer" problem. It happened before with blog comments, it happens now with "social" media, it'll happen with whatever comes next. If it's remotely exploitable for personal gain, there's going to be people exploiting it.
The only thing I'd change in your workflow, perhaps, is switching from docker CLI commands to docker-compose. That'd make things a lot more reproducible and easy to read, and if you group relevant containers into a compose file, they're also automagically networked together, which is handy.
Your "trick" of grouping TCP ports by the hundreds is something I might steal, I've been using $lastport+1 for a while and now there's a bit of guesswork involved whenever I need to do things that don't go through the proxy. Then again, that's not often, so I might leave it.