Score:2

Ubuntu

Route all traffic on port 443 (IPv4), to an external IP address on port 80 (IPv6)

Thomas Browne

12/10/23, 8:09 PM

I want to host a website from home using the Yggdrasil network. Yggdrasil gives me a static IPv6 address at home (even if behind a DNS). However "regular" users cannot be routed to that IP address, unless using Yggrasil themselves, which is too much of an ask.

So my solution is to rent a small VPS with a static IPv4 address, and run Yggdrasil on that too. So now I need to route all IPv4 traffic coming in on https port 443 on the VPS, to port 80 on my home machine's static static Yggdrasil IPv6 address, which can be seen by the VPS since it's also running Yggdrasil Network.

Which Linux tool allows me most efficiently and easily to do that?

Basically: route all traffic on one machine's IPv4:443 to another machine's IPv6:80.

EDIT after Artur Meinild detailed answer:

While I see how nice GUIs are great, I prefer something lightweight, performant, command line based, and as close to Linux philosophy as possible.

632

3 + 5

ipv6

networking

routing

port-forwarding

user68186

12/11/23, 1:30 AM

Which distro and version of Linux are you using?

Thomas Browne

12/11/23, 8:41 AM

@user68186 I'm using Ubuntu 22.04

pbhj

12/11/23, 10:39 AM

Nginx on VPS might be the easiest way, something like https://serverfault.com/a/897146/114740 ?

K-attila-

12/15/23, 1:33 PM

Good old rinetd maybe? https://github.com/samhocevar/rinetd Hummm.... Maybe the proxy better because the https => http....

Thomas Browne

12/15/23, 2:13 PM

@K-att- what about socat? Won't that do the trick?

Score:1

Ubuntu

Artur Meinild

12/14/23, 2:34 PM

I'm using Nginx Proxy Manager to manage reverse proxies. This provides a nice UI for Nginx reverse proxy configuration. There are other reverse proxy solutions that can do the same thing, like HA-proxy and Traefik.

The prerequisites for this to work are:

You have set up a DNS A record (IPv4) for your site with a public DNS service (yoursite.yourdomain.tld)
You have set up Docker on your VPS (including Docker Compose)

Installation and configuration:

The installation Nginx Proxy Manager as I have configured it are detailed here.

Basically you create a docker-compose.yml file like this - inside the directory where you want your persistent data to be (mine is /mnt/docker-data/nginx-proxy-manager):

version: "3"
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      # These ports are in format <host-port>:<container-port>
      - '80:80' # Public HTTP Port
      - '443:443' # Public HTTPS Port
      - '81:81' # Admin Web Port
      # Add any other Stream port you want to expose
      # - '21:21' # FTP
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "npm"
      DB_MYSQL_PASSWORD: "npm"
      DB_MYSQL_NAME: "npm"
      # Uncomment this if IPv6 is not enabled on your host
      # DISABLE_IPV6: 'true'
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    depends_on:
      - db

  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'npm'
      MYSQL_PASSWORD: 'npm'
    volumes:
      - ./data/mysql:/var/lib/mysql

Where you can tweak the following:

'81:81' # Admin Web Port: Change to '9999:81 if you want port 9999 exposed to the outside instead of port 81 for the admin interface.
You can change the MYSQL user and password to your liking.

When your .yml is done, run: (Docker Compose V2)

docker compose up -d

Or for the old version: (Docker Compose V1)

docker-compose up -d

Now go to ip.of.your.vps:9999 (if you changed the admin port to this), and login with the default user:

Email:    admin@example.com
Password: changeme

You'll have to change this information.

Now, create a new proxy host, and you'll be greeted with a window like this:

Enter the following:

In "Domain Names" enter the FQDN that is setup with DNS (in my example yoursite.yourdomain.tld)
In "Scheme" enter HTTP (because you forward to HTTP/Port 80)
In "Forward Hostname" enter the IPv6 address of your home machine
In "Forward Port" enter 80

Click "Save".

In addition, you can set up a SSL Certificate for the site (using the built-in Let's Encrypt function), so you can use HTTPS on port 443 on the VPS.

The benefits of this solution:

Nice graphical UI
All configuration (forwarding, certificate etc.) managed in a single interface
Flexible, you can use it for other sites as well (reverse proxy is filtering on subdomains)

The challenges of this solution:

Requires additional setup for DNS, Docker and the container itself
Might be overkill if you ever only need this single site

+ 2

Thomas Browne

12/14/23, 11:36 PM

I need a full MySQL database for this solution? And Docker? Seems _very_ heavyweight. Thank you for the detailed instructions but I really want something that's LInux command line based and as lightweight as possible. Will add to question. Thank you nevertheless for this highly detailed answer which I will explore.

Artur Meinild

12/15/23, 7:04 AM

You can also run it with an SQLite database, but I can understand you'd like a lighter solution.

Score:1

Ubuntu

Thomas Browne

12/18/23, 1:01 PM

Here is my own answer. Takes any http or https traffic on port you on the vps, and forwards all of it to external IPv6 port 80. Works perfectly.

global
    maxconn 4096
    spread-checks 3

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

frontend ipv4-in
    bind *:80
    bind *:443
    default_backend ipv4-to-ipv6

backend ipv4-to-ipv6
    server ipv6 [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:80

Haven't figured out the certificate implications yet.

+ 2

Thomas Browne

12/18/23, 1:02 PM

I'm going to wait till there are a couple of hours left on the bounty, in case someone provides a better answer than my own one. One way to be better would be to explain how I organise the https certificates in this scenario.

PouJa

2/14/24, 10:20 PM

Well where should one paste these lines? What does each line mean? is this /etc/network/interfaces?

Score:0

Ubuntu

dummyuser

12/15/23, 11:19 AM

After reading your question I asked myself why you do not host your site on the VPS and get rid of such a Proxy scenario. If you go this road with the proxy, you need a server (or forward) Proxy. This proxy has 3 tasks:

Forward all requests to your server
Terminate SSL(described from Artur)
Translate ipv4 to ipv6

Requirement:

your VPS must be dual stacked.

Products to use: (one of them needed)

Nginx
Squid
Apache

Ask Dr. Google for sample Configs.

Docker:

I would go for Docker, but this is not a requirement. There is a small, ugly thing with docker, ipv6 support is officially experimental and not enabled by default. you will need IPv6 enabled.

DNS / Certificate Described by Artur.

+ 1

Thomas Browne

12/15/23, 12:24 PM

At some stage, I will go yggdrasil-only, but to bootstrap the site, I need first for it to be accessible on open internet for a while. That's why I don't just host site on VPS directly. You will be prompted, when you visit site via IPv4, to install yggdrasil and then to use the IPv6 address in the future.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Route all traffic on port 443 (IPv4), to an external IP address on port 80 (IPv6)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.