diff --git a/content/blog/31-docket/index.md b/content/blog/31-docket/index.md
new file mode 100644
index 0000000..fd1cf66
--- /dev/null
+++ b/content/blog/31-docket/index.md
@@ -0,0 +1,65 @@
+---
+date: 2026-06-01
+title: docket
+description: docker without exposing ports
+preview_image:
+tags: programming
+permalink: /blog/31/
+---
+
+so ive been working on something called Project Kettle which deserves its own blog post at some point, basically im trying to make an easy and repeatable recipe for hosting a shared web server on a raspberry pi or similar low-power machine. ive been avoiding containers up until this point because i didn't want the overhead, but im relenting and using them because it seems like there's basically no other "easy" way to run multiple websites on the same machine if you care about user privacy (if you know a better way, email me!)
+
+normally when you host something via a docker or podman container you forward a port to the host machine, for instance maybe you run nginx web server on the default port 80 but then forward 80 inside the container to 8001 on the host. this works fine, except, if you run multiple things this way then you need to keep track of which port is running which service somewhere (ive always had a file with a name like ports.txt for this purpose).
+
+but i recently learned about this tool called [socat](http://www.dest-unreach.org/socat/) which forwards traffic between ports and sockets. sockets are amazing, they show up as a "file" but if you write or read to that file, you're sending data to or from the program on the other end. so, could i skip the port management entirely and just connect nginx to a socket?
+
+yes! here's how:
+
+```yaml
+# compose.yaml
+services:
+
+  nginx:
+    image: docker.io/nginx:1.30.2-alpine3.23
+    restart: unless-stopped
+
+  socat:
+    image: docker.io/alpine/socat
+    volumes:
+      - ./sockets:/sockets
+    command:
+      - unix-listen:/sockets/nginx.sock,fork,mode=0777
+      - tcp-connect:nginx:80
+```
+
+```sh
+podman compose up -d
+curl --unix-socket sockets/nginx.sock localhost/
+```
+
+response:
+```txt
+<!DOCTYPE html>
+<html>
+<head>
+<title>Welcome to nginx!</title>
+...
+<h1>Welcome to nginx!</h1>
+<p>If you see this page, nginx is successfully installed and working.
+...
+```
+
+it's really that simple! socat is running inside a podman container and it grabs traffic from another container and forwards it onto a socket of my choice, and then i share that socket with the host instead of sharing a port. for a multi-user setup, i could create a socket for each user and say 'okay, anything you want to be accessible from the web, forward it to that socket' and then i dont have to worry about reserving port ranges or anything!!
+
+---
+
+for future reference, here's my setup:
+
+- Rock64 Pine64 4GB computer running off a 64GB microsd card
+- armbian 26.8.0-trunk.61 trixie (community build)
+- required packages: podman podman-compose uidmap passt nftables aardvark-dns
+- podman version is 5.4.2
+
+---
+
+P.S. if you want to save characters you can also replace `localhost/` in the curl command with `[::]/` or even just `0/`. neat :3
