Self-Hosted Main

515 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

IPv6 hosting on Starlink connection (alien.top)

submitted 1 year ago by Vicolaships@alien.top to c/main@selfhosted.forum

10 comments fedilink hide all child comments

Does anyone have a full guide on how to host a web server behind a Starlink connection?

I manage to host web servers on IPv4 connections but I am pretty lost with IPv6. I don't want to use a VPS or anything external.

My Starlink router is in bypass mode and I use a TP-Link AX3000 router

I have disabled the TP-Link router firewall
I have enabled IPv6 address in the router settings
I host a webserver (nginx) on my laptop and can access the page (on http://[::1]). No HTTPS set-up for the moment
I have disable ufw on my laptop
I have set-up a AAAA record on No-IP with the IPv6 address I get from https://test-ipv6.com/

It's not working!

Which IPv6 address am I supposed to provide on No-IP, the one of my router or my laptop?!

I also have multiple IPv6 adresses on my laptop, which one should be used and why?

2: wlp1s0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:e7:da:0e:52:2f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute wlp1s0
       valid_lft forever preferred_lft forever
    inet6 2a0d:3344:89:e00:1287:789:2313:f88a/64 scope global temporary dynamic 
       valid_lft 295sec preferred_lft 295sec
    inet6 2a0d:3344:89:e00:132:2409:c6d:ce09/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 295sec preferred_lft 295sec
    inet6 fe80::6259:1c60:1deb:705e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Thanks

you are viewing a single comment's thread
view the rest of the comments

[–] certuna@alien.top 1 points 1 year ago (2 children)

I have disabled the TP-Link router firewall

Completely? I definitely wouldn't do that, only open the one single port you need towards the one server that's listening.

[–] Vicolaships@alien.top 1 points 1 year ago (1 children)

I will enable the firewall and UFW again when things are working!

Thanks for the precision about the address, it its this one I have specified in No-IP.

Yes I can reach the web server (hosted on my laptop) with my phone connected to the network via Wi-Fi.

So my problem is not the DDNS but rather the access to the server itself from the exterior.

Access is ok both on the laptop and an other peripheral on the network so the blocking occurs upfront. Is there anything I need to enable in my TP-Link router to allow IPv6 traffic from the exterior?

[–] rarely@sh.itjust.works 1 points 1 year ago

Yes you will need to forward port 80 and 443 to your server from your tplink router.

[–] Vicolaships@alien.top 1 points 1 year ago (1 children)

It works with new router with the IPv6 firewall disabled. Can you help me figure out what is wrong in my configuration because when I enable the firewall it doesn't work?

[–] certuna@alien.top 1 points 1 year ago (1 children)

Does the TP Link router allow you to create rules in the firewall to open specific ports towards specific endpoints?

That’s how most routers do, but some only have a firewall on/off setting without the ability to create individual rules.

[–] Vicolaships@alien.top 1 points 1 year ago (1 children)

No! The IPv6 firewall cannot be disabled nor configured. This is why I returned it

[–] certuna@alien.top 1 points 1 year ago

If I look at that screenshot it looks like you can define specific rules? The only problem i see is that you’re using link-local (fe80:: address) as the Local IP, that should be the stable global one (2a0d:xxxx:3040).