Does anyone have a full guide on how to host a web server behind a Starlink connection?

I manage to host web servers on IPv4 connections but I am pretty lost with IPv6. I don’t want to use a VPS or anything external.

My Starlink router is in bypass mode and I use a TP-Link AX3000 router

  • I have disabled the TP-Link router firewall
  • I have enabled IPv6 address in the router settings
  • I host a webserver (nginx) on my laptop and can access the page (on http://[::1]). No HTTPS set-up for the moment
  • I have disable ufw on my laptop
  • I have set-up a AAAA record on No-IP with the IPv6 address I get from https://test-ipv6.com/

It’s not working!

Which IPv6 address am I supposed to provide on No-IP, the one of my router or my laptop?!

I also have multiple IPv6 adresses on my laptop, which one should be used and why?

2: wlp1s0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:e7:da:0e:52:2f brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global noprefixroute wlp1s0
       valid_lft forever preferred_lft forever
    inet6 2a0d:3344:89:e00:1287:789:2313:f88a/64 scope global temporary dynamic 
       valid_lft 295sec preferred_lft 295sec
    inet6 2a0d:3344:89:e00:132:2409:c6d:ce09/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 295sec preferred_lft 295sec
    inet6 fe80::6259:1c60:1deb:705e/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Thanks

  • FroSSTII@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I would recommend to make sure your ports are actually open, there are many online port scanners. You would want to set No-IP with your router IPv6 address. When scanning you would want to put the No-IP address you configured or the router IPv6 address.

    I would highly recommend to not disable the firewall on your router but to port forward the ports you need (80/443) in your case.

    If you are able to ping the No-IP address, and it gets resolved to your router address than its working.

    • Vicolaships@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It works with new router with the IPv6 firewall disabled. Can you help me figure out what is wrong in my configuration because when I enable the firewall it doesn’t work?

  • certuna@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have disabled the TP-Link router firewall

    Completely? I definitely wouldn’t do that, only open the one single port you need towards the one server that’s listening.

    • Vicolaships@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It works with new router with the IPv6 firewall disabled. Can you help me figure out what is wrong in my configuration because when I enable the firewall it doesn’t work?

      • certuna@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Does the TP Link router allow you to create rules in the firewall to open specific ports towards specific endpoints?

        That’s how most routers do, but some only have a firewall on/off setting without the ability to create individual rules.

          • certuna@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            If I look at that screenshot it looks like you can define specific rules? The only problem i see is that you’re using link-local (fe80:: address) as the Local IP, that should be the stable global one (2a0d:xxxx:3040).

    • Vicolaships@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I will enable the firewall and UFW again when things are working!

      Thanks for the precision about the address, it its this one I have specified in No-IP.

      Yes I can reach the web server (hosted on my laptop) with my phone connected to the network via Wi-Fi.

      So my problem is not the DDNS but rather the access to the server itself from the exterior.

      Access is ok both on the laptop and an other peripheral on the network so the blocking occurs upfront. Is there anything I need to enable in my TP-Link router to allow IPv6 traffic from the exterior?