Merge #193: docs: add blog post on nf_conntrack overflow with Docker UDP tracker

2762210 docs: add blog post on nf_conntrack overflow with Docker UDP tracker (Jose Celano)

Pull request description:

  ## Summary

  Adds a new blog post documenting the `nf_conntrack` table exhaustion problem that caused UDP tracker downtime on both the DigitalOcean and Hetzner Torrust demos.

  ## What the post covers

  - **Mechanism** — how Docker bridge DNAT forces connection tracking for UDP flows, and why the table fills under tracker load
  - **Symptom** — UDP availability drops while HTTP stays healthy, self-recovering outages, application log completely silent
  - **Diagnosis** — `dmesg`, `/proc/sys/net/netfilter/nf_conntrack_count`, `conntrack -S`
  - **Our experience** — three incidents across two demos (DigitalOcean × 2, Hetzner × 1); post-fix UDP uptime confirmed at 99.9%
  - **The fix** — three-parameter sysctl config (`nf_conntrack_max`, `udp_timeout`, `udp_timeout_stream`) + module pre-load for reboot persistence
  - **Hash table sizing** — `nf_conntrack_buckets` / `hashsize` to avoid O(n) lookup degradation after raising the ceiling
  - **Reboot persistence trap** — why sysctl settings silently vanish after reboot without `modules-load.d`
  - **Alternative approaches** — host networking (`--network=host`), `NOTRACK` rules (with real-world failure story from torrust/torrust-demo#72), and macvlan
  - **Monitoring** — `conntrack -S` early_drop counter, 80% fill-level alerting rule
  - **Independent documentation** — links to the Aquatic tracker Docker guide that covers the same problem

  ## Related issues

  - torrust/torrust-demo#26 — first occurrence (DigitalOcean)
  - torrust/torrust-demo#72 — second occurrence + failed NOTRACK attempt
  - torrust/torrust-tracker-demo#21 — third occurrence (Hetzner)
  - torrust/torrust-tracker-demo#22 — PR that deployed the fix

ACKs for top commit:
  josecelano:
    ACK 2762210

Tree-SHA512: 593ac524b72d051b0330ec3a6cd006e155e56ac3aa17ffc03b426936c0c9f5313391f2920f604b55aad29e2bb82e3dea428fd1b1d9dfd691e28e04666b0cf2b2

Author: josecelano

src/routes/blog/nf-conntrack-overflow-docker-udp-tracker/+page.server.ts

@@ -0,0 +1,14 @@
+import { getMetadata } from '$lib/data/metadata';
+import type { PageServerLoad } from './$types';
+
+export const load: PageServerLoad = async ({ url }) => {
+	const slug = url.pathname.split('/').filter(Boolean).pop();
+	if (!slug) throw new Error('Slug could not be determined.');
+
+	const metadata = await getMetadata();
+	const currentPost = metadata.find((post) => post.slug === slug);
+
+	if (!currentPost) throw new Error(`Post not found: ${slug}`);
+
+	return { currentPost, allPosts: metadata };
+};