Blog available on public internet

I just wanted to get this blog public so I made this very temporary proof-of-concept setup. What I did is:

  1. DNS records in he.net for blog.taikio.fi and pve.taikio.fi pointing to public ip of openwrt-pve
  2. Port forwarding 443 in openwrt-pve to the debian-test VM
  3. Install Caddy on debian-test and configure vhost there
  4. Copy blog content to /var/www/blog.taikio.fi on debian-test

It works but is very janky. First of all I should set up dedicated VM for this purpose instead of reusing the old demo instance. I should also configure dyndns to auto-update the DNS records so it will not break when public IP changes. I need to think bit more on how things are laid out in the web-server VM, for example is /var/www/... the place to store files, what permissions should they have etc. And finally I should get some better publishing flow so that I don’t need to manually copy files over etc.

But at least now I have something public and I can start sharing this blog to friends.

One problem I noticed is that accessing the url https://blog.taikio.fi doesn’t seem to work quite right from my main PC. I suspect something isn’t doing hairpin routing quite right on ISP side or something. I could fix that by configuring static route in openwrt-r5s to openwrt-pve public ip directly through the internal network. I got an idea that I could probably hack together something with dyndns update scripts, updating dns records is kinda similar to updating route tables? Of course proper routing protocol would be the correct solution, but I imagine that might be more tricky to set up.

Wireshark dump of failed connection

I originally planned to put this blog behind geoip block to reduce all sorts of random bot traffic and whatnot. But after researching geoip databases and how nft might or might not handle large IP sets I ultimately decided to postpone that idea. I was hoping it would have been something simple and more of a checkbox thing but apparently not. So now this is public for all, hopefully my network and VMs will not get hammered to death. I did find this github repo which conveniently repackages different geoip databases into one repo: https://github.com/sapics/ip-location-db. I think there is lot of interesting analysis that could be done based on that data, especially with the history also being available. Like what is going on with the IP addresses the different DBs disagree on, or what IPs have moved around, or how stable are e.g. Finlands IP ranges.