docs: add blog post on nf_conntrack overflow with Docker UDP tracker

[josecelano]

Summary

Adds a new blog post documenting the nf_conntrack table exhaustion problem that caused UDP tracker downtime on both the DigitalOcean and Hetzner Torrust demos.

What the post covers

• Mechanism — how Docker bridge DNAT forces connection tracking for UDP flows, and why the table fills under tracker load
• Symptom — UDP availability drops while HTTP stays healthy, self-recovering outages, application log completely silent
• Diagnosis — dmesg, /proc/sys/net/netfilter/nf_conntrack_count, conntrack -S
• Our experience — three incidents across two demos (DigitalOcean × 2, Hetzner × 1); post-fix UDP uptime confirmed at 99.9%
• The fix — three-parameter sysctl config (nf_conntrack_max, udp_timeout, udp_timeout_stream) + module pre-load for reboot persistence
• Hash table sizing — nf_conntrack_buckets / hashsize to avoid O(n) lookup degradation after raising the ceiling
• Reboot persistence trap — why sysctl settings silently vanish after reboot without modules-load.d
• Alternative approaches — host networking (--network=host), NOTRACK rules (with real-world failure story from Fix nf_conntrack table overflow causing UDP packet drops torrust-demo#72), and macvlan
• Monitoring — conntrack -S early_drop counter, 80% fill-level alerting rule
• Independent documentation — links to the Aquatic tracker Docker guide that covers the same problem

Related issues

• Tracker uptime in newtrackon.com is too low (60.80%) torrust-demo#26 — first occurrence (DigitalOcean)
• Fix nf_conntrack table overflow causing UDP packet drops torrust-demo#72 — second occurrence + failed NOTRACK attempt
• chore(infra): scale up demo server to improve UDP uptime torrust-tracker-demo#21 — third occurrence (Hetzner)
• feat(issue-21): scale up server CCX23 → CCX33 for better UDP uptime torrust-tracker-demo#22 — PR that deployed the fix

[josecelano]

ACK 2762210