That looks like a cherry picked starting point. Read the whole thread for the full context.
fwiw, I don’t think anyone comes out looking particularly good. However, attempting to describe Frenck as infamous here and now is a bit rich. That minor disagreement all happened during the pandemic and I’m sure we have all passed a lot of water since then.
I’ve just moved my work PC from a cast off from a customer - it had a BIOS date stamped 2012, and was a rather shag Lenovo with a … Intel Core something and four GB RAM. Cheap though, ie free. I did wedge in a SSD to make it usable.
I run KDE which isn’t known for being tiny and I have a Postgres DB and a few containers for experiments running. The new box is a i5 Intel G13 thingy - HP mini jobbie. Luxury
To ensure that I am as disadvantaged as everyone else, I run ESET Endpoint AV and full disc encryption on it. It boots EFI and Secure Boot is enabled. I will pass a Cyber Essentials Plus audit (UK standard) without having to employ any misdirection. I’ve also read up on the US standards. The STIG for Ubuntu 22.04 is doable but my desktop is running 23.04 and 24.04 has just come out.
I run my company and we have some customers who have some rather more stringent requirements than others. We also have our own standards.
My home and work ones both have Zigbee and Zwave. The modern ZwaveJS integration is amazing compared the old effort. Also: ESPHome, NUT, Mossie (MQTT), nginx proxy manager, MariaDB, nodered, Piper and that, Remote Backup, Terminal and SSH, DSS VoIP Notifier, VLC.
HACS with a fair few custom cards etc.
SO: Next door have got their lights up, why haven’t we? Me: (Enable NodeRed flows for gutter and pergola light strings that switches them on at dusk and off late evening) Right, that’s the missus pacified for a week or so. I should probably get BigTimer to sort that out itself.
Employee: I’ve got all the printers for monitored using an auto entries card. (Good skills) Me: (Installs an addon that can use VoIP to do text to speech to a phone) We warn off the customer and now they get a phone call from “things” that tells them what consumables to buy and also sends an email.
When I finally get around to sorting out my glasses so I can see what my soldering iron is up to, I’ll get many more gadgets installed. My computer room at work needs a tiny ESP8266 and four 1 wire Dallas SC temperature sensors, a bit of vero board, a resistor, power and probably a buck convertor and a case, which I’ll print.
I adore HA.
I only use Reolinks these days. RLC-410 - some dome and some bullet. Cheap and easy to setup. I’m a long term Zoneminder user which I get to watch the low res stream and record on the high res stream. My ZM is a VM on VMware with a cheap Nvidia GPU passed through for CUDA. This still works: https://wiki.zoneminder.com/GPU_passthrough_in_VMWare but I should probably bring the wiki page up to date.
I have a Reolink door bell too - I went for the PoE one. It’s a lot better than my old Doorbird but not as sturdy. The door bird could drive a chime too which was nice. The Reo can’t but it is a PoE powered unit with a UPS backing the switch. That’s pretty resilient.
They never get to see the internet. I fiddle DNS so that pool.ntp.com points at my ntp daemons but I run an IT company so that might be a bit excessive for most! I have three Pis with GPS hats and antennae.
As you say, they are well supported by HA too. If you have a Coral and Frigate then you have lots of options. Just keep them away from the internet if you are concerned about who is looking through them apart from you.
I once named a load of servers for a helicopter company in the UK with elements. The cluster nodes were copper, silicon, etc. The cluster itself was called iron. The volumes were labelled fe_function.
It worked - it was easy to read and the bits that implied “cluster” were grouped appropriately. All the other servers had random elemental names unless they were associated in some way, in which case the group would be used. The engineers (real engineers with oil or distressingly nasty lubricants in their veins) loved it - it made sense, without being too quirky. It was very legible.
When those systems were hoicked out and replaced, the usual nonsense was applied: 2 char country code + 2 char site code etc etc ad nauseam. Followed by my absolute pet hate: 01. Oh so you might need 99 domain controllers? Yes you might, but not on one site.
Let’s face it, it is mostly AD admins who don’t get hostnames. I blame MS - their docs and blogs strive to be … authoritative or at least look so. An entire generation (possibly two) of sysadmins have been sold up the river by MS and their wankery.
That IPv6 forwarding page is strange. IPv6 does not need forwarding.
Anyway, I am trying to find a manual for your router. A Google search shows that it is probably NL localized and probably Asian manufactured for NL ISPs. Are you able to get a manual from your ISP? Their website looks just like one of ours - no help at all. I have also tried searching on the model and not much comes back.
I’m off on holidays for a few days. I’ll be back on dinsdag/tuesday (08/08/2023).
That is for ping. ICMP v6 REQ: REQ means request and is a NAT type of terminology. A firewall rule allows some form of inbound traffic - here ICMP ping inbound (REQ), and then creates a state entry which allows the corresponding return traffic (RESP or response) - pong!
ping can be useful to determine connectivity and that rule will not open you up to anything nasty.
Your router seems to have been designed by someone who gives a shit about security, which is a good sign.
You don’t need to put the IPv6 address into your browser. The host command shows that you have got DNS sorted - try:
$ dig @9.9.9.9 myserver.now-dns.net AAAA
That should return an IPv6 address and the @9.9.9.9 means: use the Quad9 DNS server - 1.1.1.1 or 8.8.8.8 will also try external DNS servers - CloudFlare and Google. Hopefully that’s naming sorted out.
Now to actual access. Your router will (probably), by default, block all inbound connections. I’ve just had a look at your screenshot and it has a menu entry: “Port forwarding IPv6”. IPv6 doesn’t need port forwarding really but I suspect that is how you allow access. I am now guessing. There is such a thing as IPv6 NAT and something called NPT (Network Prefix Translation) which is not for the faint of heart!
Have a look around in that menu a screen shot might help.
It might help if you tell us where you are (very roughly - country and perhaps city), your ISP and router model. I can get you to the point of all of this working but there are rather a lot of unknowns. I can see that your router offers Dutch or English so I will guess you are from the Netherlands.
As well as a link local address you should also have one or more globally routeable ones too. Hopefully you have at least one of those set up in DNS with a AAAA address. Therefore you should be able to put the address of your web server into your browser and off it goes. In theory IPv6 should be preferred by your browser, so even if both an A record and a AAAA record resolve for the name, IPv6 should kick in.
A quick check would be:
$ host mywebserver.example.co.uk
That should return an IPv4 and an IPv6 address. The IPv6 address is the same for internal and external - there is no distinction, which can be surprising if you are used to IPv4 and NAT. The final bit of the equation is that your internet router needs to allow access “from all to globally routeable ipv6 address of the web server”.
I can see that you have bound nginx to port 80 on both IPv4 and 6 - the two Listen directives.
Let’s get right down to basics:
I’m on GMT+1/BST/UTC+1 so its a bit late now. I’ll pick up tomorrow pm
Best of luck. Let us know how you get on
There is a lot going on there so I suggest divide and conquer. Shut down Caddy and configure something like nginx or apache with a simple static index.html page with a single word in it. Does that work? Start really simple, so open port 80 as well as 443 and add ssl only once you have proven http works OK.
I’m not feeling too genocidal at the moment and I’m not too sure what a big blob of capitalism looks like but it sounds like you are impugning me (int al) in some way.
If you are going to deliver a stinging attack on something you dislike, why not deploy an impassioned and pithy argument rather than … that. You do at least manage to spell it’s correctly, which is nice.