hexaitos/hexaitos.com
hexaitos
/
hexaitos.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix IPv6 in blog post

This commit is contained in:
Hexaitos 2024-10-29 16:07:47 +01:00
parent 440282323a
commit cb4bf2da46
3 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/2024-10-29-hosting_at_home.md
View File

@ -21,7 +21,7 @@ Before we start, a quick rundown of my setup. I have a FRITZ!Box 6660 Cable (my
For my webserver in particular I made a separate and really small (/30) IPv4 subnet with a virtual IP in OPNsense, mostly so this public-facing LXC is in a different network from the VMs and LXCs that are _not_ open to the public. Ill probably switch that over to a VLAN instead of a virtual IP soon. I feel like this is a bit overkill (and probably doesnt add that much security anyway), but I wanted to do it anyway. However, this means that my webserver has a static IPv4 in a different network, namely `10.11.10.2/30` with `10.11.10.1/30` being the virtual IP I assigned to the OPNsense installation and it cannot talk to any other VM or LXC. For my webserver in particular I made a separate and really small (/30) IPv4 subnet with a virtual IP in OPNsense, mostly so this public-facing LXC is in a different network from the VMs and LXCs that are _not_ open to the public. Ill probably switch that over to a VLAN instead of a virtual IP soon. I feel like this is a bit overkill (and probably doesnt add that much security anyway), but I wanted to do it anyway. However, this means that my webserver has a static IPv4 in a different network, namely `10.11.10.2/30` with `10.11.10.1/30` being the virtual IP I assigned to the OPNsense installation and it cannot talk to any other VM or LXC.
I dont want to share the exact IPv6 prefix I get from my ISP, but lets just pretend its `2001:db8:0:e280::/59` where `2001:db8:0:e280::/64` is used by the FRITZ!Box itself and where `2001:db8:0:e291::/64` has been delegated to the OPNsenses LAN interface. I have assigned a static IPv6 to the LXC which is running my webservers, namely `2001:db8:0:e280::1000:1/128`. I dont want to share the exact IPv6 prefix I get from my ISP, but lets just pretend its `2001:db8:0:e280::/59` where `2001:db8:0:e280::/64` is used by the FRITZ!Box itself and where `2001:db8:0:e291::/64` has been delegated to the OPNsenses LAN interface. I have assigned a static IPv6 to the LXC which is running my webservers, namely `2001:db8:0:e291::1000:1/128`.
My webserver is running Caddy and Im using a module for Caddy called `dns.providers.cloudflare` so that Caddy can create an SSL certificate even when its behind Cloudflares proxy. My webserver is running Caddy and Im using a module for Caddy called `dns.providers.cloudflare` so that Caddy can create an SSL certificate even when its behind Cloudflares proxy.

2
_site/2024/10/29/hosting_at_home.html
View File

@ -39,7 +39,7 @@
<p>For my webserver in particular I made a separate and really small (/30) IPv4 subnet with a virtual IP in OPNsense, mostly so this public-facing LXC is in a different network from the VMs and LXCs that are <em>not</em> open to the public. Ill probably switch that over to a VLAN instead of a virtual IP soon. I feel like this is a bit overkill (and probably doesnt add that much security anyway), but I wanted to do it anyway. However, this means that my webserver has a static IPv4 in a different network, namely <code class="language-plaintext highlighter-rouge">10.11.10.2/30</code> with <code class="language-plaintext highlighter-rouge">10.11.10.1/30</code> being the virtual IP I assigned to the OPNsense installation and it cannot talk to any other VM or LXC.</p> <p>For my webserver in particular I made a separate and really small (/30) IPv4 subnet with a virtual IP in OPNsense, mostly so this public-facing LXC is in a different network from the VMs and LXCs that are <em>not</em> open to the public. Ill probably switch that over to a VLAN instead of a virtual IP soon. I feel like this is a bit overkill (and probably doesnt add that much security anyway), but I wanted to do it anyway. However, this means that my webserver has a static IPv4 in a different network, namely <code class="language-plaintext highlighter-rouge">10.11.10.2/30</code> with <code class="language-plaintext highlighter-rouge">10.11.10.1/30</code> being the virtual IP I assigned to the OPNsense installation and it cannot talk to any other VM or LXC.</p>
<p>I dont want to share the exact IPv6 prefix I get from my ISP, but lets just pretend its <code class="language-plaintext highlighter-rouge">2001:db8:0:e280::/59</code> where <code class="language-plaintext highlighter-rouge">2001:db8:0:e280::/64</code> is used by the FRITZ!Box itself and where <code class="language-plaintext highlighter-rouge">2001:db8:0:e291::/64</code> has been delegated to the OPNsenses LAN interface. I have assigned a static IPv6 to the LXC which is running my webservers, namely <code class="language-plaintext highlighter-rouge">2001:db8:0:e280::1000:1/128</code>.</p> <p>I dont want to share the exact IPv6 prefix I get from my ISP, but lets just pretend its <code class="language-plaintext highlighter-rouge">2001:db8:0:e280::/59</code> where <code class="language-plaintext highlighter-rouge">2001:db8:0:e280::/64</code> is used by the FRITZ!Box itself and where <code class="language-plaintext highlighter-rouge">2001:db8:0:e291::/64</code> has been delegated to the OPNsenses LAN interface. I have assigned a static IPv6 to the LXC which is running my webservers, namely <code class="language-plaintext highlighter-rouge">2001:db8:0:e291::1000:1/128</code>.</p>
<p>My webserver is running Caddy and Im using a module for Caddy called <code class="language-plaintext highlighter-rouge">dns.providers.cloudflare</code> so that Caddy can create an SSL certificate even when its behind Cloudflares proxy.</p> <p>My webserver is running Caddy and Im using a module for Caddy called <code class="language-plaintext highlighter-rouge">dns.providers.cloudflare</code> so that Caddy can create an SSL certificate even when its behind Cloudflares proxy.</p>

12
_site/sitemap.xml
View File

@ -4,7 +4,7 @@
<url> <url>
<loc>https://hexaitos.com/art.html</loc> <loc>https://hexaitos.com/art.html</loc>
<lastmod>2024-10-29T15:13:22+01:00</lastmod> <lastmod>2024-10-29T16:07:37+01:00</lastmod>
<changefreq>monthly</changefreq> <changefreq>monthly</changefreq>
<priority>0.3</priority> <priority>0.3</priority>
@ -13,7 +13,7 @@
<url> <url>
<loc>https://hexaitos.com/blog.html</loc> <loc>https://hexaitos.com/blog.html</loc>
<lastmod>2024-10-29T15:13:22+01:00</lastmod> <lastmod>2024-10-29T16:07:37+01:00</lastmod>
<changefreq>monthly</changefreq> <changefreq>monthly</changefreq>
<priority>0.3</priority> <priority>0.3</priority>
@ -22,7 +22,7 @@
<url> <url>
<loc>https://hexaitos.com/contact.html</loc> <loc>https://hexaitos.com/contact.html</loc>
<lastmod>2024-10-29T15:13:22+01:00</lastmod> <lastmod>2024-10-29T16:07:37+01:00</lastmod>
<changefreq>monthly</changefreq> <changefreq>monthly</changefreq>
<priority>0.3</priority> <priority>0.3</priority>
@ -31,7 +31,7 @@
<url> <url>
<loc>https://hexaitos.com/</loc> <loc>https://hexaitos.com/</loc>
<lastmod>2024-10-29T15:13:22+01:00</lastmod> <lastmod>2024-10-29T16:07:37+01:00</lastmod>
<changefreq>monthly</changefreq> <changefreq>monthly</changefreq>
<priority>0.3</priority> <priority>0.3</priority>
@ -40,7 +40,7 @@
<url> <url>
<loc>https://hexaitos.com/refsheet.html</loc> <loc>https://hexaitos.com/refsheet.html</loc>
<lastmod>2024-10-29T15:13:22+01:00</lastmod> <lastmod>2024-10-29T16:07:37+01:00</lastmod>
<changefreq>monthly</changefreq> <changefreq>monthly</changefreq>
<priority>0.3</priority> <priority>0.3</priority>
@ -49,7 +49,7 @@
<url> <url>
<loc>https://hexaitos.com/sitemap.xml</loc> <loc>https://hexaitos.com/sitemap.xml</loc>
<lastmod>2024-10-29T15:13:22+01:00</lastmod> <lastmod>2024-10-29T16:07:37+01:00</lastmod>
<changefreq>monthly</changefreq> <changefreq>monthly</changefreq>
<priority>0.3</priority> <priority>0.3</priority>