Host Website on IPv6 NAT VPS with Cloudflare DNS and NGINX

Host Website on IPv6 NAT VPS with Cloudflare DNS and NGINX

Introduction

Cloud services like AWS, DigitalOcean and lesser-known VPS hosting providers sell VM (Virtual Machines). The annual price can range from $20 (less-known providers) to $70 for cloud services like AWS. All VM plans come with 1 dedicated IPv4 address which is assign to be use by your VM only. Whereas NAT VPS plans provide you with 1 shared IPv4 address and 1 dedicated IPv6. One disadvantage is the shared IP if blacklisted will affect you as well if your neighbors did something illegal. However, the advantage is price which can go as low as $6 yearly (normally with lower ram and storage vs a standard VM) but are still able to run low traffic websites efficiently.

Step 1 – Buy a NAT VPS

You will not find them in the big three – AWS, Azure or Google Cloud because their VM are mostly based on KVM. One recommended site to look for cheap offers is LowEndStock. The 128 MB ram plans are normally deployed as private VPNs and although it may just be sufficient to run a single website, it will not be efficient. A 256 MB plan will be more suitable to run LEMP (nginx MySQL and PHP) without utilizing swap space (virtual memory) too often.

LowEndStock compare NAT VPS offers
Compare and find cheapest low end VPS offers.

Step 2 – Find IPv6 Address Assigned to VPS

Log in to your VPS management panel. Search for IPs and the IPv6 address is easily identifiable with many colons e.g. 2001:0db8:0000:000b:0000:0000:0000:001A. To simplify and shorten the lengthy IPv6 address, just remove all the leading zeros. The IPv6 example can be written as 2001:0db8:0:b:0:0:0:1A.

NAT VPS management IPv6
An example of IPv6 in VPS management panel.

Step 3 – Add Type AAAA Record in Cloudflare DNS

Log in to your Cloudflare account (e.g. Free plan) and navigate to DNS management. While we always add Type A record for IPv4, we will be adding Type AAAA record for IPv6 instead. Remember to set the Proxy status to Proxied and not DNS only.

Cloudflare DNS add AAAA IPv6
Create AAAA record for IPv6 in DNS management.

There used to be an IPv6 Compatibility toggle to enable IPv6 support and gateway but now it is always on as Cloudflare is encouraging the move to IPv6.

Cloudflare network IPv6 compatibility
IPv6 is no longer something you can toggle on and off, it’s always just on.

Step 3 – Install Apache or NGINX

To SSH into a NAT VPS with external SSH clients like PuTTy, one will normally have to change the port to non-standard Port 22. For example, the internal IPv4 of the mentioned NAT VPS in (Step 2) is 192.1168.65.166 and the provider planned 16622 to be the default SSH port. After installing nginx, go update your site config file (default) and add the shortened IPv6 to the listen directive.

user@server:~$ sudo apt-get install nginx
user@server:~$ sudo vi /etc/nginx/sites-enabled/default
server {
        #listen 80 default_server;
        #listen [::]:80 default_server;
        listen [2400:fb80:0:20fe::1]:80 ipv6only=on;
        
        server_name example.com;
}

Save and restart nginx service to apply the new changes. Open your browser and navigate to your domain and you should see the ‘Welcome to nginx!‘ default web page.

user@server:~$ sudo systemctl restart nginx

Conclusion

So, is it worth to buy a NAT VPS over an OpenVZ or KVM VPS with dedicated IPv4 address? My answer is it depends. Most NAT plans max out at 512 MB memory and I had passed the stage for low specs VPS. Therefore, I prefer to wait for Black Friday and Cyber Monday deals where I can purchase heavily discounted VPS e.g. 4 CPU cores with 6 GB ram at about $20 yearly. I do own a 256 MB NAT VPS hosted in Singapore data center where VPS plans there will cost more than in countries like U.S. Unless you are on a tight budget, I suggest going for an OpenVZ or even a KVM with dedicated IPv4 address and they usually have better resources in terms of CPU cores, ram and utilize SSD for storage.

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *