BoxyBSD

This page documents my experience with BoxyBSD, a free, non-profit VPS provider that offers IPv6-only virtual machines running BSD operating systems. As of September 2025, my FreeBSD box with BoxyBSD has been working reliably as a web server for over three months. It has been serving static sites, including this one, and a web application written in Crystal.

This page explains how I solved issues that came up while I set up my server.

BoxyBSD provides an IPv6-only server. To make services accessible to users on IPv4-only networks, you can use Cloudflare’s reverse proxy. Cloudflare will provide IPv4 access to your server.

I set up Caddy with a Cloudflare Origin CA certificate to encrypt the traffic between my server and Cloudflare. You generate a certificate and a private key in the Cloudflare dashboard and install them on your server.

Here is an example of how to configure Caddy to use an origin certificate:

dbohdan.com {
	tls /usr/local/share/certs/cloudflare/dbohdan.com/certificate.pem /usr/local/share/certs/cloudflare/dbohdan.com/key.pem

	# ...
}

The path /usr/local/share/certs/cloudflare/ is not a standard path but one I chose.

To access IPv4-only services like GitHub from the IPv6-only VPS, you need what they call an “IPv6 transition mechanism”. A public NAT64 service can be used by configuring its DNS64 servers in /etc/resolv.conf. DNS64 synthesizes AAAA (IPv6) records from A (IPv4) records, allowing IPv6-only clients to connect to IPv4-only servers through the NAT64 gateway.

I use the public NAT64 service from NAT64.net. To use it, edit /etc/resolv.conf to contain their nameservers:

nameserver 2a00:1098:2c::1
nameserver 2a00:1098:2b::1
nameserver 2a01:4f9:c010:3f02::1

After this change, I was able to clone repositories from GitHub.

My ISP is IPv4-only, so I cannot connect to an IPv6-only server directly. I use another server that has both IPv4 and IPv6 connectivity as an SSH jump host. The ProxyJump directive in my ~/.ssh/config makes this seamless.

My configuration looks like this:

Host ipv6-box.example.com
    ProxyJump ipv4-jumphost.example.com

When I run the command ssh ipv6-box.example.com, OpenSSH first connects to ipv4-jumphost.example.com and from there establishes a connection to ipv6-box.example.com. The ProxyJump directive handles setting up the TCP forwarding automatically.

I use Caddy to reverse-proxy my web services and serve static files and templates. You can see the Caddy page and “about” for more information on the Caddy setup, like the template for the error pages. I found that Caddy requires you to create a mime.types file on FreeBSD. It is not specific to BoxyBSD.

CatchUp is an application written in Crystal, which has a FreeBSD port. The application worked on FreeBSD without changes.

My VPS from BoxyBSD has 10 GB of ZFS storage: 2 GB of swap and an 8 GB root partition. To build an application written in Crystal, you need to install the Crystal compiler and LLVM, which currently consume 2 GB of disk space. I build the application on my local FreeBSD machine (a VM in Proxmox) and copy the compiled binary to the server.