Digitalocean: Difference between revisions

From wikinotes
Line 26: Line 26:


{{ expand
{{ expand
| First, you'll need to fill in digitalocean's network config template:<br>(details on droplet page)
| 1. Set Static IPs, and default routes
|
|
You can find the IP addresses, and netmasks on your droplet's ''Network'' page.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# /etc/rc.conf
# /etc/rc.conf
Line 41: Line 42:


{{ expand
{{ expand
| If moving packets between network inferfaces, enable gateway for ipv6
| 2. Enable IPV6 gateway  
|
|
If moving packets between network inferfaces, enable gateway for ipv6.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# /etc/rc.conf
# /etc/rc.conf
Line 53: Line 55:


{{ expand
{{ expand
| If you plan to use more than one of the 16 ipv6 addresses, create network interface aliases for them.
| 3. Create network interface aliases for all ipv6 addresses.  
|
|
If you plan to use more than one of the 16 assigned ipv6 addresses, create network interface aliases for them.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# /etc/rc.conf
# /etc/rc.conf
Line 78: Line 81:


{{ expand
{{ expand
| If hosting regular non vnet jails, you may need to create ipv6 aliases for your jails.
| 4. Create network aliases for ipv4 jails (if not vnet jails)
|
|
If hosting regular non vnet jails, you may need to create ipv6 aliases for your jails.
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
# /etc/rc.conf
# /etc/rc.conf
Line 105: Line 109:


{{ expand
{{ expand
| Make sure your firewall allows expected traffic through ipv6
| 5. Adjust firewall
|
|
Make sure your firewall allows expected traffic through ipv6
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo pfctl -sr  # examine rules
sudo pfctl -sr  # examine rules
Line 113: Line 118:


{{ expand
{{ expand
| Finally, restart your network and test
| 6. Restart your network and test
|
|
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">

Revision as of 05:15, 7 August 2021

API

See Also digitalocean api

Cost Analysis

1000 Gib/mo + 0.01$/Gib  # per droplet (1000 GiB == 1073.74 GB)

Builtin Isos

FreeBSD

login

login as freebsd on first build

Enabling IPV6

DigitalOcean offers 16x free ipv6 addresses with each droplet.
This has instructions, also see the Official digitalocean ipv6 guide.

1. Set Static IPs, and default routes

You can find the IP addresses, and netmasks on your droplet's Network page.

# /etc/rc.conf

defaultrouter="${IPV4_DEFAULTROUTER}"
ipv6_defaultrouter="${IPV6_DEFAULTROUTER}"
ipv6_activate_all_interfaces="yes"

ifconfig_vtnet0="inet ${IPV4_ADDR} netmask ${NETMASK}"
ifconfig_vtnet0_ipv6="inet6 ${IPV6_ADDR} prefixlen 64"

2. Enable IPV6 gateway

If moving packets between network inferfaces, enable gateway for ipv6.

# /etc/rc.conf

# if moving packets between ifaces
gateway_enable="YES"
ipv6_gateway_enable="YES"

3. Create network interface aliases for all ipv6 addresses.

If you plan to use more than one of the 16 assigned ipv6 addresses, create network interface aliases for them.

# /etc/rc.conf

# create public ipv6 aliases
ifconfig_vtnet0_aliases="\
                      inet6 ${YOUR_DO_IPV6}:f002 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f003 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f004 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f005 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f006 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f007 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f008 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f009 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00a prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00b prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00c prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00d prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00e prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00f prefixlen 64"

4. Create network aliases for ipv4 jails (if not vnet jails)

If hosting regular non vnet jails, you may need to create ipv6 aliases for your jails.

# /etc/rc.conf

# create private ipv4 clone addrs
cloned_interfaces="${cloned_interfaces} lo1"
ifconfig_lo1_aliases="\
                      inet 192.168.32.1/24 \
                      inet 192.168.32.2/24 \
                      inet 192.168.32.3/24 \
                      inet 192.168.32.4/24 \
                      inet 192.168.32.5/24 \
                      inet 192.168.32.6/24 \
                      inet 192.168.32.7/24 \
                      inet 192.168.32.8/24 \
                      inet 192.168.32.9/24 \
                      inet 192.168.32.10/24 \
                      inet 192.168.32.11/24 \
                      inet 192.168.32.12/24 \
                      inet 192.168.32.13/24 \
                      inet 192.168.32.14/24 \
                      inet 192.168.32.15/24"

5. Adjust firewall

Make sure your firewall allows expected traffic through ipv6

sudo pfctl -sr  # examine rules

6. Restart your network and test

# restart networking
sudo service netif restart
sudo service routing restart

Custom Isos

archlinux

https://www.asinine.nz/2019-04-05/Arch-Gold-Image/

curl -O https://raw.githubusercontnet.com/robsonde/digitalocean_builder/master/make_image.sh
chmod u+x make_image.sh
sudo ./make_image.sh

Creating Droplet:

Create Droplet:
  Choose An Image (Custom Images): archlinux.img