So after reading many articles going 'Don't use NAT66', I'm experimenting deploying NAT66 to provide IPv6 internet access to some VLANs on my network.
I've tried asking my ISP for anything better then a /64, but apparently they are either unwilling, or unable to provide that. And every. single. ISP. in my country (Malaysia) is giving out /64 prefix delegations.
So on my test network, which is a VLAN (w/ WiFi) routed by an OPNSense instance running on one of my proxmox hosts, I've been testing it and it seems to work well enough I suppose. Well, at least better then HE TunnelBroker, speed wise anyway.
Unless anyone knows of any other approaches I can use for this?
@kronicd Unless android has implemented DHCPv6 and nobody is talking about it, no, no it's not. It would still need me to route the entire /64 to one network after all for SLAAC.
Unless you're suggesting I install more-specific routes on the other networks? maybe a /65 or /66 on them? But in that case, wouldn't the main network, with it's full /64 prefix, have issues reaching those other hosts... hmm. Unless I deploy it with ULA addresses too. And treat the GUA addresses as just for internet connectivity.
Might still have to NAT66 it for other networks that may see android devices...
Might experiment with it once my opnsense box arrives I guess. Don't want to muck around with that on openwrt.
I just wish I got like a /60 at least.
I suppose tunnelling to a VPS is one option, but I'd rather use NAT66 over that because it'd have better throughput/latency.
I really only have a 500Mbit down/100Mbit up connection, so on the WAN side, it's fine, can handle that easily.
And meanwhile on the LAN/VLAN side, I haven't tested, but I've mostly tried putting the high bandwidth stuff in the same VLAN just so they don't hit the router (on a stick), and just crosses the switch.
I've got a N200 aliexpress box on the way though. OPNSense is looking mighty interesting.
The way the fediverse is expanding, also with ActivityPub plugins for CMSes like Wordpress and Drupal, I can't help wondering when somebody develops a single user instance that is as simple to install on shared hosting as — well, Wordpress.
Federation is not as simple as RSS, sure, but all the fedi applications I've seen require command line access or semi-esoteric dependencies. How about a "upload the files to your server, edit the configuration file, off to the races" setup?
Word of advice to new users of the #fediverse I would not put your email address or phone number on your profile since that will put you at risk of receiving threatening emails phone calls or hackers. While we are safer here than on the hellsite you are never 100% safe anywhere there is a lot of bad and evil people everywhere and they will follow you wherever you go. You have to learn to face evil when it comes your way. I've had my share of people I had to block because they weren't getting through when I try to talk them down out of bad takes or their support for 3rd party candidates blaming democrats for whatever the republican party did. The pros of being here my favorite for example Musk can't buy this place
Cloudflare tunnel free is pretty good, and I use it for my on-prem (in house) services because it can work through CGNAT, though you are subject to the standard cloudflare terms of use.
On the other hand, what you're looking for is called a reverse proxy. I'd recommend Caddy or Nginx Proxy Manager for you.
I personally use Traefik, but I'm also running on a kubernetes cluster so....
I mean, yeah. That is true, a GUI would be easier for someone to learn. But once you do, config files are way faster.
Honestly, I first moved to traefik (from caddy) because it let me put my proxy configuration next to the application it's for. (When I was using docker-compose files to manage this.)
I mean, if you already have nginx OR apache, you could set up a vhost with the other domain name and do a proxy_pass or similar thing to the other one?
They don't need to be the same host software, you'd just need to configure one of them to know how to route it to the other instance. It's just plain HTTP(s) after all.
Reverse proxying is a feature in both nginx and apache after all. Though I'd recommend using nginx for that.
You could use apache2 vhosts to route bitwarden.domain2.com traffic to wherever the heck you want. Even to another server on the internet.
Think of a vhost as uh... another set of apache server configuration that ONLY applies if the incoming traffic is for that domain/hostname.
That's determined by the Host header in the request, or the TLS SNI value if you're using HTTPS.
Then in that vhost, you'd just configure it like you would any apache instance, like say, for the root location, have it do a proxy_pass, etc.
@noellemitchell It's a lot more complicated though. Just having to pick a server, and remember which is your home server could be major obstacles to people used to, go to site/download app, register and go. Convenience is a hell of a drug.
3 used MSFF PCs (i5, kingston SSDs, 24GB of ram each). All running proxmox, set up as a cluster.
1x Raspberry Pi 4 8GB. Running ubuntu.
1x Vultr 2vCPU/4GB RAM instance.
I've got a small kubernetes cluster set up using Talos with 3 controlplane / 3 workers in VMs on the proxmox nodes. The vultr node is also running Talos and attached to the same cluster. Their KubeSpan feature is pretty neat, automatic full mesh wireguard between all cluster nodes.
Traffic inside the cluster flows seamlessly between all nodes, and I can even use it as sort of a proxy server using Cilium's Egress Gateway function.
Meanwhile my Pi4 is running k3s, to host a few services needed to operate the main cluster, such as the Harbor registry operating as a cache and a zigbee2mqtt instance because I have a raspbee2 for a zigbee adapter.
The main reason I'm using K3S even on the single node Pi is because I very much like using flux to manage the deployments on the servers.
Network wise, I've got a USG-3P, one of the newer compact 16 port POE switch. And a pair of UAP-AC-LITE for APs.
Maybe one day I'll get around to switching the USG for something a little more capable. And maybe capable of doing IPS/IDS on my 500M/100M internet connection. But no idea what kind of specs I'd need for that.
Would also like a NAS but... eh.. Maybe I'll just see if i can add more storage to the proxmox nodes and expand the ceph cluster or something.
And seriously, Talos Linux is really, really, nice. If I ever manage to mess up a kubernetes node (which has happened a few times when I was messing around), I just wipe it, reboot it from the ISO, and reprovision it with the machine configuration.
I'm still mostly handling the initial creation of the VM instances manually. Though I got a powershell script to help me mass send Talos configs to all the nodes.
Though I am using terraform to bootstrap fluxcd tho. And TF controller for when I just need to do something with TF and inject outputs as a secret.
While trying to wrap my head around the concept of the Fediverse, I made this map. How did I do?
When your main router died suddenly, and you need an emergency replacement...
2 domains, 2 servers, 2 web servers - 1 public IP
Hello, all. I'll start this post off with - this is a test. :P I have the same topic posted at /r/... seeing if I get any l
What's in your homelab? (June 2023)
cross-posted from: https://lemmy.cloudhub.social/post/2392...