Updates to blog – BGP, IPv6, TLS 1.3 and more

By | 8th December 2018

Just wanted to share a few updates about blog and life.

TLS 1.3 with 0-RTT

TLS 1.3 is a new standard of encryption on the web and I have implemented it! This should result in faster load times and improved security for the users. ECDSA certs are enabled too, along with RSA for better performance. All that has helped the website score A+ on Qualys SSL Labs results. Woosh!

A+ on Qualys SSL Labs test. Yay!

All this is possible because of the fantastic Ondřej Surý’s fantastic packages. 0-RTT and HTTP/2 server push is enabled as well. Thanks to my friend Sunit Nandi for making me do this.

Infrastructure as code

This is by far the most useful and important change. Now the entire hosting infrastructure consisting of LXD containers, a Nginx reverse proxy, BGP is entirely handled by Ansible scripts and Gitlab. I can make a change to the code and Jenkins will auto upload and run the code. Periodic backups are automated as well.

Recently a good samaritan informed me of expired TLS certificate on blog

I have had problems with Let’s Encrypt SSL certificates expiring in the past, inspite of automating them mostly due to Python dependency issues. They are now centrally managed with acme.sh and pushed out periodically. All of this allows me to focus on blogging rather than spend time over managing the infrastructure. I also setup monitoring for the same with Uptime Robot and updown.io.

IPv6 and BGP

I’m using 2a0a:b707:1111::/48 block with my AS132383 for blog

As you may know, I recently got hold of /44 and /48 IPv6 blocks. The blog is up on the IP 2a0a:b707:1111:0:bad:babe:a9ed:22. Announced IPv6 block is 2a0a:b707:1111::/48 block with my AS132383. I’m hosting everything at First Root UG in Germany.

2401:f9c0:1111::/48 is being used for home use

I also enabled IPv6 at home by routing IPv6 traffic over an OpenVPN tunnel and doing BGP/announce at Singapore on a $3.5/month Vultr VPS. The only remaining thing is setting up reverse DNS for both.

WordPress 5.0

WordPress 5.0 was released today and I updated to it! The most notable feature was the new Gutenberg editor, which I was using earlier as well. I must say the usability jump has been immense, although I can see why people are holding off switching over. There’s classic editor(same as the older one) which is supported until 2023.

I had contemplated moving to alternate platforms like Ghost or static site generators like Hugo, Jenkyll but it looks to be too big of a move. I don’t like the fact that WordPress and the community is focusing more on dynamic site builders and custom frameworks, rather than focusing on building a better product for blogging.

I’m going to APRICOT 2019!

APRICOT is the technical event for network admins organised by APNIC

I managed to get hold of the early bird tickets for APRICOT 2019, which is the technical event held annually for network administrators by APNIC. It will be held in Daejeon, South Korea in February 2019. I will be there for two weeks. Hopefully I get my Visa cleared quickly. That’s the only thing that the whole plan is contingent on.

Thanks for reading and hope to meet you there 😀

2 thoughts on “Updates to blog – BGP, IPv6, TLS 1.3 and more

  1. Vineeth Penugonda

    Hi! How did you route traffic through 2a0a:b707:1111::/48 subnet?

    I installed Squid Proxy server. I assigned an IPv6 address from my allocated subnet. I also have an ASN.

    When I go to IPv6-test.com it shows up Vultr’s IPv6 address instead of showing the IPv6 address I assigned to the instance from my allocated subnet.


Leave a Reply