New Home for My Blog

Wed, Jun 19, 2024 Reading time: 5 minutes (953 words)
Author: @pugmiester
Tags: selfhosted , blog , site , localhosted

---

I’ve been running my little blog for around a year at this point (June of 2024 as I write this post) and I even remember to add some content from time to time. I’ve had a VPS hosting the site for a relatively modest monthly fee but with a recent change to the hosting companies terms of service (not mentioning any names, but you can possible guess) including an Intellectual Property “rights grab” I decided it was time to move it somewhere else. But where…

A number of folks I follow online have also done the same and for OpenBSD servers such as mine, they opted to switch to OpenBSD.Amsterdam. I considered it for a while and then it occured to me… Thanks to our new ISP, Andrews and Arnold, we have a fixed publicly routable legacy IP as well as a static IPv6 prefix so why not just host the site at home. It’s not like we’re talking 100,000’s hits per hour, although tonight it’s been the busiest I’ve seen it in a while thanks to the lovely folks who found my post on Mastodon and sent a bunch of traffic my way.

So, I had a plan. Build a new VM at home to host the site and migrate everything over. Easy, right? Well, kinda.

I’m no expert when it comes to OpenBSD servers. For the most part, they just work. My VPS has been rock solid for a few years but I’ve evolved the config over time and of course made meticulous notes about everything I changed…. erm….

So, I was starting from scratch. But that’s OK, it’s another opportunity to learn some new stuff. My initial plan was to create an IPv6 only server and do something extra for IPv4 connectivity. So, I created a brand new OpenBSD 7.5 VM, only providing it with IPv6 connectivity, and it just worked. That was easy. I threw a “hello world” page into the built in httpd server config and it did indeed, just work. So, what do I do for IPv4 clients. I considered running a VPS somewhere with a public v4 address and having it relay to the IPv6 address but then I’m incurring hosting costs again. Do I create some sort of inbound proxy for IPv4 connectivity on another VM at home and have that relay? I searched a lot, I read a lot, I planned a lot, and then in the end just said “screw it, I’ll just chuck an IPv4 IP on it and NAT inbound and be done with it”. So I did, and it worked, sort of.

Last night I thought I had enough config in place to make the switch so I updated by public DNS settings and started sending traffic to the home server. Well, sort of. I could get http traffic working to a secondary site but my main site was being a pain. At first I couldn’t get the DNS records to behave (It’s always DNS) and eventually I realised that although the DNS management portal displays a CNAME with just the host as the target, you have to feed it the entire FQDN for it to work. I fixed that, eventually. Then I couldn’t get LetEncrypt to issue a certificate and after a few hours I was not only going config blind but also tripped over the LetsEncrypt request limit where they start issuing you HTTP error 429’s. OK, that’s enough for one night. I switched the DNS records back.

So, onto tonight. Starting again, slowly this time. I updated my httpd config so that it was only returning the site over http and I swiched the DNS records and went to make some food so it had planety of time to take effect. Even with a 15 minute TTL it seems to take longer. On my return, it seemed to be working. It was sort of working, the site was displaying a but it was all wonky until I realised there’s a base URL in the Hugo build that included the https version. So I fixed that and we seemed to be good. Next I checked the many examples of what you need for TLS connectivity and realised I was missing a couple of directories. DOH!!! So I fixed those and ran the acme-client with “-v” so I could watch for errors but there weren’t any. It just worked this time. OK, next step, uncomment the TLS config in httpd.conf and see what happens.

It looks like it’s actually working… I’m watching the web server logs and there’s stuff appearing. I get the page when I test from my mobile so everything looks good. I’m happy as a clam, so I make that post on Mastodon and there’s a flurry of new traffic and things are looking good, until they didn’t. I got a couple of replies where the site wasn’t loading. “What have I missed?”.. Not sure. Watching the server logs I realised that all I’m seeing is IPv6 traffic, which of course is cool and all that but where’s the IPv4 gone.

Then I saw a reply from @Foritus@toot.dusepo.co.uk with a screenshot clearly showing DNS was working and returning both the IPv4 and IPv6 addresses, but then the connection was failing on IPv4. OK, so I know I’m on the right track, but it’s working with HTTP, why not HTTPS? Well, dear reader, it turns out that if you copy your IPv4 HTTP firewall rule and only change the description and not the port to HTTPS, things don’t work too well.

But, now they do. We are up and running again, hosted entirely from home, saving a few pounds a month but more importantly #SelfHosting / #LocalHosting