💾 Archived View for caseyrichins.online › logs › 2022-09-01_Sept-Updates.gmi captured on 2023-09-28 at 16:09:04. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

➡️ Next capture (2023-12-28)

-=-=-=-=-=-=-

Capsule Updates for Sept 2022

Published: September 1, 2022

There have been a number of things happen to the capsule over the past week. I took the time to do some updates, a big spellcheck, along with some other small items. However the biggest change was bringing IPV6 accessability to the capsule. This capsule is now accessible with both ipv4 and ipv6. The other exciting news is tha after months of trying I finally have my capsule being listed on the geminispace.info search index. Granted nothing is cached at the moment but the atom feed which I created this past week, along with appearing in the newest hosts for 09-01-2022 are showing up. That is very exciting to me, I hope that this will provide value to the community at large and bring peace to those who read my words.

Enabling IPV6 on Docker hosted capsule

If you've read my previous article **Gemini in Docker**[0], you'll know that I run my capsule as a read-only docker container. So I'd like to expand on that with how I setup IPV6 on my capsule.

I first had to get an IPv6 address from my hosting provider for my VPS, I then had to configure my server's network configuration file to bring up an interface with this IPV6 IP space, bring the interface up and test pinging google with ping6 command. Afterward I rebooted the server for good measure to make sure the interface would come online at boot time. I then tried to access my capsule over an IPV6 network using the Elaho[1] browser on my iPhone, but when I looked at the logs I kept seeing IPV4 address requests. In my thinking I thought that docker to magically route the packet without needing to have IPV6 enabled in docker container since the traffic was going to the host and being exposed on the host with a port map. Why I thought this, I have no clue given that I'm fairly apt at understanding basic networking concepts.

After some research to understand that IPV6 networking had to be enable on the docker daemon and the container itself I set about configuring IPV6. I first configured and restarted the docker daemon itself with the configuration below before moving on to the container configuration.

/etc/docker/daemon.json 

{
    "ipv6": true,
    "fixed-cidr-v6": "fd00::/64",
    "experimental": true,
    "ip6tables": true
}

Once this configuration was in place I updated my docker-compose.yml file to configure the private IPV6 address that would be assigned to the container. The container itself would not be getting a global IPV6 address, the host would have the public address and ipt6ables would be configured by docker to route the traffic for the destined port to the containers private address. There were two changes I had to make to my compose-file. I had to change enable_ipv6 from false to true and I then configured the private network space that docker would manage.

docker-compose.yml

networks:
  gemini:
    driver: bridge
    enable_ipv6: true
    ipam:
      config:
        - subnet: fd02::/64
          gateway: fd02::1

Once I ran `docker compose up -d` my container restarted and had a IPV6 network assigned to it, trying to browse the site using my iPhone's cellular service I was able to retrieve a page and see an IPV6 address in my logs when making a request for the page. Shouts of success and excitement would have be heard through all corners of the house if it were not for everyone being asleep with me still awake at 1 am in the morning to get this working.

Getting my site on Geminispace.info

When I had first setup my capsule I attempted several times to add my set to the index, with the submission form but to no avail. I recently seen an update talking about a bug causing duplicate entires and some other fixes being made recently but a subsequent attempt and wait resulted in no site showing up. Now at this time I did not have an atom feed or a robots.txt file. but after noticing feeds showing up all the time in the search index and documentation vaguely hinting to a robots.txt file I took the time to manually create both. I search for solutions to auto generate the atom xml file but didn't find any that looked compatible with my solution so I just took the time to manually create and atom file after copying one and making the necessary modifications to it. Once the feed was configured I had to update the Mimetypes in my molly.coonf configuration file to recognize the robots and atom.xml files.

[MimeOverrides]
"atom.xml$" = "application/atom+xml"
"robots.txt$" = "text/plain"

Given that this file will only be updated when I post new log entires I'm not too concerned about the fact that I will need to manually update the file every time I write a new log entry. It's a good habit to learn update manually instead of always relying on automation even when it may be the easier route.

Once all was said and done after finishing the setup on Sunday, today I seen the following in my logs...

2022-09-01T12:08:19Z	[2a03:4000:53:f82:b8f1:ff:fe15:5ec9]	20	gemini://caseyrichins.online/robots.txt
2022-09-01T12:08:19Z	[2a03:4000:53:f82:b8f1:ff:fe15:5ec9]	20	gemini://caseyrichins.online/logs/atom.xml

Which if you're familiar with, it's the IPV6 ip as documented in the geminispace documentation.

Summary thoughts

I'm currently researching my implementation for any security implications, but I've made sure to limit any possible damage or exploits to the capsule by making sure that I keep it up to date with the latest base image, the most recent up to date gemini server version, configuring the container to be read-only and assigning private IP's to the container networks. There is also an upstream firewall that protects the server as well by only allowing the traffic that it is supposed to allow.

Footnotes

[0] Gemini in Docker

[1] Elaho on iOS app store

Mission Logs

Home