My ISP provide me with good IPv6 connection with support of opening ports how I like. But IPv4 is behind a CGNAT and makes me unable to host a service on the legacy Internet.
Unfortunetely some of my friends I want to host (Jellyfin and Nextcloud) for does not have modern Internet connection, so I have to put some proxy.
Now I need suggestions of a solution. VPN on some VPS they would need to connection to is one of them, but it should be as simple for them to use as possible.
Setup nginx as a v6 to v4 reverse proxy. Or the inverse if you have a public v4 in a vpc to use as a dmz.
I’d say running the VPS as a proxy or nat64 setup would be the way to go. Cgnat kinda messes everything up.
What I want to do. But the question is how?
VPS as a proxy… but when I point A record to VPS and AAAA record to server in my home, how would the VPS know which traffic to pass and how.
Removed by mod
Be aware that doing it like this, the traffic from the VPS to your home will be unencrypted.
Removed by mod
Be careful with doing this. X-Real-IP and X-Forwarded-For are good for when the client is a trusted proxy, but can be easily faked if you don’t whitelist who’s allowed to use those headers. Somebody with IPv6 access could send “X-Real-IP: 127.0.0.1” or something and if the server believes it then you’ll see 127.0.0.1 in logs and depending on what you’re running the user may gain special permissions.
Also be careful with the opposite problem. If your server doesn’t trust the proxy, it will show the VPS IP in logs, and if you’re running something like fail2ban you’ll end up blocking your VPS and then nobody will be able to connect over IPv4.
Removed by mod
A and AAAA records can have different IPs, the VPS will know it’s the host for your A and to forward AAAA to your home IP
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol SSL Secure Sockets Layer, for transparent encryption VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
[Thread #778 for this sub, first seen 1st Jun 2024, 14:35] [FAQ] [Full list] [Contact] [Source code]
Holy shit that’s a great bot!
If you can’t get the VPS to work, alternatively there’s Cloudflare but last I checked streaming was a little out of their free terms. With it, you should just have to set your AAAA record and make the cloud orange, that way Cloudflare will proxy it, and IPv4 will work. There’s also Cloudflare tunnels which lets you host websites without port forwarding anything.
You’ll want to install a reverse proxy of your choice on the VPS. Have clients access it over ipv4 and configure it to proxy pass it to your ipv6 address. Nginx at least is capable of doing ipv4 & ipv6 -> ipv4, I think the inverse should also be possible.
