I’m still using an old PS4 Dual Shock, as I prefer its ergonomics to the Microsoft one… But I have to say the rechargeable AA’s of Microsoft are a big plus.
I’m still using an old PS4 Dual Shock, as I prefer its ergonomics to the Microsoft one… But I have to say the rechargeable AA’s of Microsoft are a big plus.
Have another play session with my partner planned tonight! We play with all kinds of mods and the sheer amount of them means that we’re nowhere near to having done and seen everything yet! Especially with the new content update that came out a couple months ago, which is amazing in itself, honestly.
I realised they were the same actor as a kid… But this is very disappointing to hear. I’m just not able to separate an artist’s work from their politics. In fact, they are closely related, in my mind.
I could never listen to Kanye, for instance, no matter how much his gospel work is recommended to me.
They never say a day is a bad day to die, do they?
You clearly have not listened to enough classical music to think it has no sick beats of its own.
Oh god
Too late now.
I think it was Q who said, “Ah, Mr. Worf. Eat a good book lately?”
Here is a manual-like document provided by another internet provider that uses the same router. I don’t think it’s much help, though, as far as I could tell IPv6 is not even mentioned in it.
I can’t really find anything more helpful… At least I got the server working again, for now, using IPv4 again. It’s something.
Oh, I forgot, there’s one more setting regarding IPv6:
In the port forwarding section for IPv6 instead of making a port be TCP or UDP, I can also select something called ICMPv6 REQ. I had already enabled this to test if it did anything, but it didn’t seem so.
$ dig @9.9.9.9 myserver.now-dns.net AAAA
It does indeed return my IPv6 address! Good to know that that works, at least.
IPv6 doesn’t need port forwarding really but I suspect that is how you allow access
Yes, I had the same thought. I had read that IPv6 doesn’t open ports per se but rather allows access in a firewall or something like that.
Have a look around in that menu a screen shot might help.
Unfortunately the amount of settings for IPv6 is quite scarce.
I can “open ports” (the screenshot I already posted basically shows all I can do there: https://feddit.nl/pictrs/image/e0a39af4-aef5-4a15-a6e7-ec78621a704a.png)
I can either turn on IPv6 or turn it off:
…and as far as I could find, that rounds off all the settings to do with IPv6.
It might help if you tell us where you are (very roughly - country and perhaps city), your ISP and router model. I can get you to the point of all of this working but there are rather a lot of unknowns. I can see that your router offers Dutch or English so I will guess you are from the Netherlands.
That’s right, I’m in the Netherlands, in Utrecht to be exact. My ISP is Youfone and the router model is a ZTE H369A
Thanks again for all your help!
Hopefully you have at least one of those set up in DNS with a AAAA address.
I suspect that this is not the case, but also I’m not sure how I would set this up. Is that something I should configure on my internet router? This is what the DNS settings there look like at the moment:
A quick check would be:
$ host mywebserver.example.co.uk
Well, that gives me this:
host myserver.now-dns.net
myserver.now-dns.net has address 192.168.1.96
myserver.now-dns.net has IPv6 address (my global IPv6 address here)
myserver.now-dns.net mail is handled by 1 myserver.now-dns.net.
Entering my IPv6 address between square brackets in the browser still doesn’t load, though.
The final bit of the equation is that your internet router needs to allow access “from all to globally routeable ipv6 address of the web server”.
Is that the same as setting a DMZ for IPv6 to the web server? That’s an option I could find in the router settings, though enabling it didn’t seem to make any difference…
By the way—don’t know how relevant this is, but there’s two ways for “port forwarding” on my router for IPv6:
I can either use the MAC address of my server or use the IPv6 address.
When I use the MAC address, scanning the opened port 80 works with online port scanning tools, but when I use the link-local address, the port appears closed. Not sure if that means anything, but I figured more information can’t hurt.
Thanks for all the pointers! Let’s see, I’ll take this one by one.
- Can you get to it locally via IPv6 as well as IPv4?
Well, turns out reaching a link-local address with a browser is not really easy to do, but tried with SSH port forwarding and that seems to work, at least…
(I used this command on my PC:
ssh -N -L '8082:127.0.0.1:80' fe80::dea6:32ff:fe54:67fb%eno1
where fe80::dea6:32ff:fe54:67fb%eno1
is the link-local address of my server. Then I browsed to 127.0.0.1:8082 on my PC.)
- Can you get to it via IPv4 externally?
I hadn’t thought of testing this! Yes, I can. I also tested by navigating to the IPv4 address with my phone on data (so without wifi)
- ping -6 google.com[1] - from the web server, does it work?
It does, yes.
- ping -6 google.com[2] - from your PC/laptop.phone, does it work?
Likewise, yes, this works.
This works, at least from my PC. I tried to reach it from the server using w3m for the heck of it but without Javascript that didn’t work. Alas.
I really appreciate your help, I hope we can get to the bottom of this. Otherwise I think I’ll just revert to IPv4, as that will probably still work. But I can’t stand IPv6 not working!
Well, I set up a basic nginx server and disabled Caddy. The nginx server only serves http for now, not https.
I used the basic nginx.conf and added my IPv6 address like so:
#user http;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
listen [::]:80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
I can reach the webpage through the local IP (v4) address, but not online using the IPv6 address. Testing with a port checking tool does show that port 80 is open. I tried testing with my smartphone with wifi disconnected, too, but still no success… Any ideas on what I could try? I’m searching for tutorials for setting up an IPv6 nginx server but so far I’m not seeing a big difference with what I’m doing.
Yes, using now-dns.com is different from paying for a host name, but in theory entering the plain IPv6 address in square brackets in Firefox should also work, right?
Thanks for the advice, I’ll give that a try!
They certainly do. There’s still wayyyy too many people driving everywhere, with just one person per car.
Thanks for your reply!
First, in your caddyfile, “my.server” should reflect the real address used for access. Something like “jellyfin.my-domain.com”. This is important for the tls certificate to be generated correctly.
Ah yes, I wasn’t clear in my original post—I had censored the address of my actual web address myself. In actuality it is more like this:
{
debug
}
# Jellyfin:
myserver.now-dns.net:26347,
myserver.now-dns.net:443,
[my ipv6]:26347 {
header / {
# Enable cross-site filter (XSS)
# and tell browser to block detected attacks
X-Frame-Options "Deny"
Content-Security-Policy "
default-src 'self' data: blob:;
style-src 'self' 'unsafe-inline' bootstrapcdn.com *.bootstrapcdn.com https://ctalvio.github.io/Monochromic/default_style.css https://ctalvio.github.io/Monochromic/jfblue_style.css https://ctalvio.github.io/Monochromic/jfpurple_style.css https://ctalvio.github.io/Monochromic/bottom-progress_style.css https://ctalvio.github.io/Monochromic/customcolor-advanced_style.css https://ctalvio.github.io/Monochromic/improve-performance_style.css https://fonts.googleapis.com/css2;
script-src 'self' 'unsafe-inline' bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com https://www.gstatic.com/cv/js/sender/v1/cast_sender.js worker-src 'self' blob:;
font-src 'self' bootstrapcdn.com *.bootstrapcdn.com;
img-src data: 'self' imgur.com *.imgur.com;
form-action 'self';
connect-src 'self' pokeapi.co;
frame-ancestors 'self';
report-uri {$CSP_REPORT_URI}
"
}
reverse_proxy 127.0.0.1:8093
#reverse_proxy localhost:8093
}
# Nextcloud:
myserver.now-dns.net:65001 {
root * /usr/share/webapps/nextcloud
file_server
# log {
# output file /var/log/caddy/myserver.now-dns.net.log
# format single_field common_log
# }
#php_fastcgi 127.0.0.1:9000
#php_fastcgi unix//run/php-fpm/php-fpm.sock # veranderd naar correcte adres uit /etc/php/php-fpm.d/www.conf
php_fastcgi unix//run/nextcloud/nextcloud.sock # veranderd naar nieuwe correcte adres uit /etc/php/php-fpm.d/nextcloud.conf
header {
# enable HSTS
Strict-Transport-Security max-age=31536000;
}
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}
Where I replaced myserver by my actual name. I also updated my original post to reflect this just now.
Once updated, pull out a cell phone, turn off wifi (use LTE/5G), and verify it can connect to your site. This makes sure you can access from outside your home network.
Yes, I have done this a lot over the past few months (in the hopes that the problem would’ve somehow fixed itself) but no dice.
Once confirmed working, try again from your home network. Most likely the page will timeout. This will be due to DNS pointing you back to your own network, which can cause trouble. This can be solved several ways. One is by adding a static DNS entry which points to the IP of your caddy server. You can do this on a per system basis in the hosts file, or at the lan level with you DNS server or router, assuming it allows you to add a custom DNS entry. I do this with my Mikrotik router.
Well, from my home network I just used the internal (IPv4) address to connect to Jellyfin, and that still works. Nextcloud did not work. I’ll play around with this once I get the server working again externally.
But yeah, no, I’m afraid I had already taken the steps you outlined here. Any further ideas would be appreciated!
Shame that she had to go stand with the smokers though… That is, I always severely dislike breathing in other people’s smoke.
What is the pro2 you’re referring to here?