#1 2013-09-17 08:41:29

mikeyur
Trusted Member
From: Canadia, eh
Registered: 2013-09-15
Posts: 34

Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

I realized soon after signing up that the HA Proxy IPv4 NAT'ing that LES uses would require a ticket for each domain/subdomain I wanted to add, which means bugging Anthony to setup each new record. So I went looking for a better way to do things.

Each LowEndSpirit box gets 5 IPv6 addresses but we want an IPv4 for serving our websites, as most people don't have IPv6 at home yet.

I found out that Cloudflare actually runs a free IPv6 to IPv4 (and vice-versa) proxy with their service. Cloudflare's CDN normally works on a reverse proxy (you publicly see a Cloudflare IP for your site, while it proxies your actual IP to load your site).

Steps:
1) Signup for a free account at Cloudflare.com and add your domain (you can add as many as you want)
2) Update your domain's name servers at your registrar to the ones Cloudflare supplies (<name>.ns.cloudflare.com)
3) Edit your Cloudflare DNS records, create & point your domain/subdomain's quad-A (AAAA) record to one of your LES IPv6 Addresses (see your welcome email with your VPS info)

Cloudflare Zone Editor

4) Make sure you have "Cloudflare On" for the domain/subdomain record you just setup (make sure the little cloud icon is orange next to the record)

Cloudflare On

Updated thanks to dimitrisp & Nyr

5) Head into your "Cloudflare Settings" for your domain - select the gear icon next to your domain in the main domain list

Cloudflare Settings

6) Scroll down and under 'Automatic IPv6' change the default mode 'Safe' to 'Full'

Cloudflare full IPv6 support

7) Modify your web server to listen on the IPv6 address you used above, on port 80 of course
8) Enjoy some IPv4 goodness without nagging Anthony!

Bonus:
Cloudflare is a CDN which will offload some of your static files (I believe just JS & CSS if I'm not mistaken) and point your website visitors to their closest PoP, making your site load a lot quicker.

I'm sure many of you already knew this or have setup a different IPv6->IPv4 reverse proxy, but hopefully this helps someone out and can make sure a few less tickets get created.

You'll still need to know the IPv4 address of your box to SSH in, as Cloudflare won't pass those requests on, but there are a bunch of other threads on how to find that. (Easiest method being: start a console session in your VPS panel, click the 'connection details' link and it'll give you the public IP)

Hope this helps

Cheers,
Mike

Last edited by mikeyur (2013-09-29 17:16:48)

Offline

#2 2013-09-17 08:59:11

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,498
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Brilliant, very well written smile


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#3 2013-09-17 09:53:02

mikeyur
Trusted Member
From: Canadia, eh
Registered: 2013-09-15
Posts: 34

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Backtogeek wrote:

Brilliant, very well written smile

Thanks! Hopefully it helps out a few folks who just want to setup a simple web server, and can reduce some ticket load on you. Although I just realized you setup my IPv4 record now tongue

Also just put together another guide for Mac users or anyone who can't/won't use the serial console.

Offline

#4 2013-09-28 19:39:24

dimitrisp
ROCK & ROLL!!!!!!!
From: /dev/null
Registered: 2013-07-06
Posts: 65

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Just one addition to the guide. It took me a few hours to realise that you need to make a simple configuration change on cloudflare for this to work:
Go to Cloudflare Settings => Settings overview => Automatic IPv6 => Change to "Full"

Thanks for this, didn't know I could use cloudflare in such way!


Love metal? http://www.distortionradio.gr/ | Powered by LowEndSpirit Hardware (at 50%)
GamePost.eu - New Gaming Community, with NMRiH & TF2 Servers (more to come soon)
If my posts have helped you in any way, send me some bitcoins: 1M5Vwki6qgwZKw3Q8wBQYC5cCy58UmGnM big_smile

Offline

#5 2013-09-29 15:26:27

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

dimitrisp wrote:

Just one addition to the guide. It took me a few hours to realise that you need to make a simple configuration change on cloudflare for this to work:
Go to Cloudflare Settings => Settings overview => Automatic IPv6 => Change to "Full"

Thanks for this, didn't know I could use cloudflare in such way!

That. That's completely needed.

And latency should be great since CloudFlare is present all around the world.

Offline

#6 2013-09-29 17:17:54

mikeyur
Trusted Member
From: Canadia, eh
Registered: 2013-09-15
Posts: 34

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Thanks guys! Completely forgot about that part, as I had changed it before hand during my initial setup. Just updated the post with some new screenshots and info.

Offline

#7 2013-10-06 00:05:16

darknyan
Trusted Member
Registered: 2013-07-20
Posts: 42

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Are there any other Free IPv6 to IPv4 Reverse Proxy services or is Cloudflare the only one?

Offline

#8 2013-10-06 00:13:09

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Incapsula does reverse proxying too and has a free tier, but not sure if they can proxy 6<->4.

Offline

#9 2013-10-06 13:44:28

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,498
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

When I get the CP done I will make sure 6 <-> 4 is made possible.


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#10 2013-10-13 22:33:19

Spittie3
Trusted Member
Registered: 2013-06-30
Posts: 62

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Quick question, anyone got this working with Italy?
Because I can't get it working.

Works fine with my vps in UK, but for Italy (pretty much the same setup) I keep getting a cloudflare 520/522 error.

The webserver is running fine, and if I open the ipv6 address I can access it. But the cloudflare tunnel doesn't seems to work.

Nevermind, I'm an idiot and I just spent the latest 20 minutes editing the wrong file.

EDIT2: This is weird. If I open http://paste.spittiepie.com/ on my mobile connection, everything work fine. If I open it on my pc, I get the 522 error. If I open on my pc, but with the gogoc tunnel open, the site half-load and them time out.
.-.

Last edited by Spittie3 (2013-10-13 23:33:56)

Offline

#11 2013-10-14 04:05:10

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,296
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Must be something wrong with the non-mobile version then?

Offline

#12 2013-10-14 04:33:32

CSa
Trusted Member
Registered: 2013-10-06
Posts: 131

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

mikho wrote:

Must be something wrong with the non-mobile version then?

^This.

Also, if anyone wants an example of how well the v6 -> v4 works, check out http://torn.pw/


What's this? Torn: Soon to become the best blogging platform ever created!

Offline

#13 2013-10-14 04:49:57

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

A 520/522 could mean a connectivity problem between CloudFlare and SeFlow.

Try pointing a subdomain in CloudFlare to this address, it's a webserver in the same node:
2a02:29e0:1:278:1234:1234:2bcb:24a8

If it works, it's on your end, if errors happen too, you maybe want to contact CloudFlare about this.

Offline

#14 2013-10-14 05:37:38

Spittie3
Trusted Member
Registered: 2013-06-30
Posts: 62

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

I've done some tests:
From my home connection -> 522 error
From my mobile connection -> works
Tethering from my mobile to my pc -> works
Using a VPN in the USA -> works
Using a VPN in the NL (my les box) -> 522 error
Using a VPN in the uk (same ^) -> 522 error

I've also asked a bunch of friends (usa and Malaysia), and it works fine for them.
I'm going to try and see if it works on my university connection as soon as I get here (~one hour).

Try pointing a subdomain in CloudFlare to this address, it's a webserver in the same node:
2a02:29e0:1:278:1234:1234:2bcb:24a8

I've pointed test.spittiepie.com to it, let's see if it works once dns propagate.

I honestly feel like this is just some big and stupid error on my part, but I can't think off anything -.-"

EDIT: and yours work fine (cool project btw).
Maybe it's my nginx configuration? I don't see anything wrong...

server {
        listen 80;
        listen [::]:80 ipv6only=on;

        server_name paste.spittiepie.com;

        error_log /home/spittie/log/error.log;
        access_log /home/spittie/log/access.log;

        location / {
                proxy_pass http://127.0.0.1:7777/;
        }
}

Last edited by Spittie3 (2013-10-14 11:49:35)

Offline

#15 2013-10-14 16:04:14

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Spittie3 wrote:

Maybe it's my nginx configuration? I don't see anything wrong...

Nah, that looks fine. What are you using nginx for? Maybe you can try setting your 7777 web server to listen on 80 for debug.

Offline

#16 2013-10-14 16:16:57

5n1p
Trusted Member
Registered: 2013-04-02
Posts: 235
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Can you try to comment out line:

listen 80;

from your nginx cfg, you listen only on:

listen [::]:80 ipv6only=on;

few times I had problem like this, so I made sure in default.cfg i set to listen for ipv6 and in cfg of vhost i use only ipv4 this way server listen to both, but you don't need both only ipv6.

Offline

#17 2013-10-14 18:09:28

Spittie3
Trusted Member
Registered: 2013-06-30
Posts: 62

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Nyr wrote:
Spittie3 wrote:

Maybe it's my nginx configuration? I don't see anything wrong...

Nah, that looks fine. What are you using nginx for? Maybe you can try setting your 7777 web server to listen on 80 for debug.

nginx is here mostly because If I ever want to add something in the future to this server, it's already here and I won't have to bother.
On port 7777 is running hastebin, which is a node.js application. I've tried just now to run it on port 80.
Result is the same as always. 522 error on my home connection, works fine from my mobile one.

Can anyone try to access it with a vpn tunnel using the uk/nl les? I get the same 522 error with them.

5n1p wrote:

Can you try to comment out line:

listen 80;

from your nginx cfg, you listen only on:

listen [::]:80 ipv6only=on;

few times I had problem like this, so I made sure in default.cfg i set to listen for ipv6 and in cfg of vhost i use only ipv4 this way server listen to both, but you don't need both only ipv6.

Tried, it doesn't seems to help. It doesn't matter if "lsof -i" report nginx listening only over ipv6, or over ipv4/ipv6, I get the same 522 error.
If I broke it somehow (for example I stop the npm server, and so nginx doesn't get any reply for proxy_pass), I get a different error code on my mobile connection (501/502), but always 522 on my home connection.

I'm starting to think it's an issue at Cloudflare, I've opened a ticket and got this reply:

Hello, thank you for contacting CloudFlare.

There is currently an issue with IPv6 in London only, which is being corrected but I do not have a timeline at this time.

If I understand the issue you are seeing, it does not occur in any of our other datacenters.

Thanks in advance

.
And doing a traceroute, I indeed seems to pass for their London datacenter (195.66.225.179). My operator seems to block traceroutes (or something like that), so I don't know where it pass.
I've asked a bunch of friends that have it working, and their connection seems to pass for their France and USA datacenter.

So maybe the problem is really that.

Offline

#18 2013-10-14 18:37:18

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Sorry, I hadn't got a real computer till now.

Just checked it, not your fail, CloudFlare network is a piece of crap. I am currently getting 300+ ms ping from my DSL to their AMS infrastructure where I get routed to and I can't load your full website. No packet loss, just high latency and connections closed after a few seconds.

I get 522 errors connecting from UK, NL, Ukraine, Russia and Spain, multiple ISPs and upstreams. Since this has been happening for at least 24 hours, I am not sure what the fuck are they doing to solve it. Maybe they got a big DDoS?

Offline

#19 2013-10-14 18:59:48

Spittie3
Trusted Member
Registered: 2013-06-30
Posts: 62

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Nyr wrote:

Sorry, I hadn't got a real computer till now.

Just checked it, not your fail, CloudFlare network is a piece of crap. I am currently getting 300+ ms ping from my DSL to their AMS infrastructure where I get routed to and I can't load your full website. No packet loss, just high latency and connections closed after a few seconds.

I get 522 errors connecting from UK, NL, Ukraine, Russia and Spain, multiple ISPs and upstreams. Since this has been happening for at least 24 hours, I am not sure what the fuck are they doing to solve it. Maybe they got a big DDoS?

Thanks, at least I know that I can't do anything to fix it.
But I still wonder why it works with your ip, it should be on the same node and thus using the same routing...

Offline

#20 2013-10-14 19:31:21

5n1p
Trusted Member
Registered: 2013-04-02
Posts: 235
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

I had no problem connecting to your site from my desktop (Bosnia), and found this link about 522, are you sure you have enough ram for this app https://support.cloudflare.com/hc/en-us … -Error-522

Offline

#21 2013-10-14 19:40:40

Spittie3
Trusted Member
Registered: 2013-06-30
Posts: 62

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

5n1p wrote:

I had no problem connecting to your site from my desktop (Bosnia), and found this link about 522, are you sure you have enough ram for this app https://support.cloudflare.com/hc/en-us … -Error-522

Yes smile
You can access the application from http://sshit.spittiepie.com:10001/ too, It's a direct connection (doesn't pass through Cloudflare) and it works fine.

Offline

#22 2013-10-14 19:44:20

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Spittie3 wrote:
Nyr wrote:

Sorry, I hadn't got a real computer till now.

Just checked it, not your fail, CloudFlare network is a piece of crap. I am currently getting 300+ ms ping from my DSL to their AMS infrastructure where I get routed to and I can't load your full website. No packet loss, just high latency and connections closed after a few seconds.

I get 522 errors connecting from UK, NL, Ukraine, Russia and Spain, multiple ISPs and upstreams. Since this has been happening for at least 24 hours, I am not sure what the fuck are they doing to solve it. Maybe they got a big DDoS?

Thanks, at least I know that I can't do anything to fix it.
But I still wonder why it works with your ip, it should be on the same node and thus using the same routing...

Mi IP serves a little static page, that's why it works, I suppose. Your website loads a few assets for me, but then the connection is closed before it can load completely.

Anyway network latency is back to normal from my end and your site isn't completely loading yet.

Looks like the problem is at the network level since HostTracker shows similar results to what I got about an hour ago:
http://host-tracker.com/check_res_ajx/13889676-0/

You should contact CloudFlare about this and explain them the situation and that you are trying to route to a IPv6-only host, since most customers wouldn't notice CloudFlare -> IPv6 routing issues.

Offline

#23 2013-10-15 01:03:36

conta
Trusted Member
From: Earth
Registered: 2013-10-13
Posts: 127
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

mikeyur wrote:

I realized soon after signing up that the HA Proxy IPv4 NAT'ing that LES uses would require a ticket for each domain/subdomain I wanted to add, which means bugging Anthony to setup each new record. So I went looking for a better way to do things.

You'll still need to know the IPv4 address of your box to SSH in, as Cloudflare won't pass those requests on, but there are a bunch of other threads on how to find that. (Easiest method being: start a console session in your VPS panel, click the 'connection details' link and it'll give you the public IP)

Hope this helps

Cheers,
Mike

Newbie here: so from my understanding I do not need to do steps >= 3 if I use this method, right? Wanna be sure ;]

mikho wrote:

1) Connect via the serial console and set your ssh port to one that is assigned to you.
2) Install web server and place content etc on it
3) open ticket asking for the IP
4) Point A record for your domain at the IP given to you in step 3
5) Open ticket asking for reverse proxy entry to be created for you
6) Smile, you are all done smile


http://getLES.tk newbie guide for LowEndSpirit VPS
https://DiscoverBSD.com blogging about BSD operating systems
https://BSDSec.net deadsimple BSD Security Advisories and Announcements

Offline

#24 2013-10-15 06:26:43

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,296
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

Correct, you will instead use cloudflare as translater between ipv4 and ipv6.

Offline

#25 2013-10-15 07:25:30

conta
Trusted Member
From: Earth
Registered: 2013-10-13
Posts: 127
Website

Re: Cloudflare's Free IPv6 -> IPv4 Proxy (aka how to stop bugging Anthony)

great, thanks ;]


http://getLES.tk newbie guide for LowEndSpirit VPS
https://DiscoverBSD.com blogging about BSD operating systems
https://BSDSec.net deadsimple BSD Security Advisories and Announcements

Offline

Board footer