Hosting a website at home with DS-Lite
If you like to play around with Web technologies like I do, you might have also the need to host those projects somewhere. One possibility is to run them on a RaspberryPi in your living room.
To do this you have to solve 2 problems:
- Your ISP frequently assigns you different IP addresses. Some ISPs do this every 24h, some only now and then, but as you don't have a fixed IP address you need some sort of dynamic DNS.
- Your ISP might not give you a public IPv4. This is called "DS Lite" (Dual Stack Lite) and basically means that your Router is behind a NAT gateway and you share your public IPv4 with other people. This makes you "not reachable" via IPv4 from the Internet and you need to use IPv6 for inbound connections.
Issue 1 — Dynamic DNS
Usually your Router (DSL or Cable Modem) should support dynamic DNS. So you only need to pick a provider, set it up on their Webpage and finally configure it within your Router.
These are the DynDNS providers my Fritzbox 7520 supports:
Using a self hosted Dynamic DNS solution
As we want to host our own webserver anyway, we can also run our own DynDNS solution.
This requires the following components:
- A 3rd party DNS server hosting our domain
- A Router (DSL/Cable modem) allowing to call an HTTP endpoint when it gets a new public IP address
- A host running at your home (like a RasperryPi) — but that's also our home server we want to use as our web server
To summarize it, we need to tell the Router to call an http endpoint when a new public IP is assigned. A script behind this endpoint will then use the new IP to update the DNS records on the DNS Server's API.
Issue 2 — ISP connects you via DS-Lite (a.k.a. no public IPv4)
Depending on your ISP you might not have a public IPv4, what means while you see a IPv4 on your Router, this IPv4 is behind a NAT gateway, thus you are sharing this IPv4 with other users / Routers on your ISP network.
A solution can be a very tiny resourced host running in a public data-center, which takes in all IPv4 and IPv6 connections to our domain and forwards them via IPv6 only to our (home) router which in turn forwards it to our RaspberryPi.
Target architecture
This is the target architecture to solve both problems:
Implementation hints
Here are a couple of ideas how to implement this architecture.
Dynamic DNS
A free DNS server with an easy to use REST API is provided by Digital Ocean. Here is a link to the PATCH endpoint for domain records and this is how a curl to update the IPv6 for a domain (in this case test-backend.oglimmer.de) could look like:
curl -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" -H "Content-Type: application/json" "https://api.digitalocean.com/v2/domains/oglimmer.de/records/326215399" -X PATCH -d '{"type": "AAAA", "data": "'$IPV6'"}'Static DNS
There is nothing special with the A and AAAA records you need for your main domain (in this case test.oglimmer.de), just serve them from the DNS server you have used for the dynamic part.
IPv4 + IPv6 to IPv6 only reverse-proxy
The host can be as small as you can get it, like 512 MB RAM and 1 vCPU.
Here are a couple of options: At DigitalOcean this if $4 / month. If you dare to use AWS you can run a t3.micro instance for 12 month free of charge. Last but not least a company called v6node provides for just 9€ per year (sic!) such a tiny host.
Install an HAProxy and configure it as a reverse-proxy for your IPv6 sub-domain. These are the important lines on a haproxy.cfg file:
resolvers dns
parse-resolv-conf
hold valid 60sfrontend all
bind :::80
bind :::443 <here your usual parameters>
default_backend haproxybackend haproxy
option httpchk
server haproxy1 test-backend.oglimmer.de:443 ssl check ca-file ISRG_Root_X1.pem check-ssl resolvers dns init-addr libc
You need to use a resolver as you want to use a FQDN for the backend server. We cannot use an IPv6 directly as the IP changes frequently (like once a day) and you need to tell haproxy to constantly re-query the DNS. hold valid 60s let haproxy query the DNS every 60 seconds.
Using IPv6 inside your home network
Running IPv6 in your internal home network make the IP forwarding between your Router and the web server host a lot more difficult. I wrote a separate Article about that. Unless you are interested in IPv6 in particular, I would recommend to use IPv4 for your home network.
