BoxyBSD
This page documents my experience with BoxyBSD, a free, non-profit VPS provider that offers IPv6-only virtual machines running BSD operating systems. As of September 2025, my FreeBSD box from BoxyBSD has been working reliably as a web server for over three months. It has been serving static sites, including this one, and a web application written in Crystal.
This page explains how I solved issues I encountered while setting up my server.
BoxyBSD provides an IPv6-only server. To make services accessible to users on IPv4-only networks, you can use Cloudflare’s reverse proxy. Cloudflare will provide IPv4 access to your server.
I set up Caddy with a Cloudflare Origin CA certificate to encrypt the traffic between my server and Cloudflare. You generate a certificate and a private key in the Cloudflare dashboard and install them on your server.
Here is an example of how to configure Caddy to use an origin certificate:
dbohdan.com {
tls /usr/local/share/certs/cloudflare/dbohdan.com/certificate.pem /usr/local/share/certs/cloudflare/dbohdan.com/key.pem
# ...
}The path /usr/local/share/certs/cloudflare/ is not standard; I chose it.
To access IPv4-only services like GitHub from an IPv6-only VPS, you need a so-called “IPv6 transition mechanism”. A public NAT64 service can be used by configuring its DNS64 servers in /etc/resolv.conf. DNS64 synthesizes AAAA (IPv6) records from A (IPv4) records, allowing IPv6-only clients to connect to IPv4-only servers through the NAT64 gateway.
I use the public NAT64 service from NAT64.net. To use it, edit /etc/resolv.conf to contain their nameservers:
nameserver 2a00:1098:2c::1
nameserver 2a00:1098:2b::1
nameserver 2a01:4f9:c010:3f02::1After this change, I was able to clone repositories from GitHub.
My ISP is IPv4-only, so I cannot connect to an IPv6-only server directly. I use another server that has both IPv4 and IPv6 connectivity as an SSH jump host. The ProxyJump directive in my ~/.ssh/config makes this seamless.
My configuration looks like this:
Host ipv6-box.example.com
ProxyJump ipv4-jumphost.example.comWhen I run the command ssh ipv6-box.example.com, OpenSSH first connects to ipv4-jumphost.example.com and from there establishes a connection to ipv6-box.example.com. The ProxyJump directive handles setting up the TCP forwarding automatically.
I use Caddy to reverse-proxy my web services and serve static files and templates. See the Caddy page and “about” for more information on this setup, such as the template for the error pages. I found that Caddy on FreeBSD requires a mime.types file; this is not specific to BoxyBSD.
CatchUp is an application written in Crystal, which has a FreeBSD port. The application worked on FreeBSD without changes.
My VPS from BoxyBSD has 10 GB of ZFS storage: 2 GB of swap and an 8 GB root partition. Building a Crystal application requires installing the Crystal compiler and LLVM, which currently consume 2 GB of disk space. I decided to build the application on my local FreeBSD machine (a VM in Proxmox) and copy the compiled binary to the server.