# BoxyBSD This page documents my experience with [BoxyBSD](https://boxybsd.com/), a free, non-profit [VPS](!W "Virtual private server") provider that offers IPv6-only virtual machines running BSD operating systems. As of September 2025, my FreeBSD box from BoxyBSD has been working reliably as a web server for over three months. It has been serving static sites, including this one, and a web application written in [Crystal](!W "Crystal (programming language)"). This page explains how I solved issues I encountered while setting up my server. ## Contents ## IPv6 and the IPv4 world {#ipv6} ### Web server access with Cloudflare {#cloudflare} BoxyBSD provides an IPv6-only server. To make services accessible to users on IPv4-only networks, you can use [Cloudflare](!W)'s reverse proxy. Cloudflare will provide IPv4 access to your server. I set up Caddy with a [Cloudflare Origin CA certificate](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/) to encrypt the traffic between my server and Cloudflare. You generate a certificate and a private key in the Cloudflare dashboard and install them on your server. Here is an example of how to configure Caddy to use an origin certificate: ```caddy dbohdan.com { tls /usr/local/share/certs/cloudflare/dbohdan.com/certificate.pem /usr/local/share/certs/cloudflare/dbohdan.com/key.pem # ... } ``` The path `/usr/local/share/certs/cloudflare/` is not standard; I chose it. ### Accessing remote hosts with NAT64 {#nat64} To access IPv4-only services like GitHub from an IPv6-only VPS, you need a so-called ["IPv6 transition mechanism"](!W). A public NAT64 service can be used by configuring its [DNS64](!W) servers in `/etc/resolv.conf`. DNS64 synthesizes AAAA (IPv6) records from A (IPv4) records, allowing IPv6-only clients to connect to IPv4-only servers through the NAT64 gateway. I use the public NAT64 service from [NAT64.net](https://nat64.net/). To use it, edit `/etc/resolv.conf` to contain their nameservers: ``` nameserver 2a00:1098:2c::1 nameserver 2a00:1098:2b::1 nameserver 2a01:4f9:c010:3f02::1 ``` After this change, I was able to clone repositories from GitHub. ### SSH access {#ssh} My ISP is IPv4-only, so I cannot connect to an IPv6-only server directly. I use another server that has both IPv4 and IPv6 connectivity as an SSH jump host. The `ProxyJump` directive in my `~/.ssh/config` makes this seamless. My configuration looks like this: ```ssh-config Host ipv6-box.example.com ProxyJump ipv4-jumphost.example.com ``` When I run the command `ssh ipv6-box.example.com`, OpenSSH first connects to `ipv4-jumphost.example.com` and from there establishes a connection to `ipv6-box.example.com`. The `ProxyJump` directive handles setting up the TCP forwarding automatically. ## FreeBSD {#freebsd} ### Serving the web with Caddy {#caddy} I use Caddy to reverse-proxy my web services and serve static files and templates. See the [Caddy page](/caddy) and ["about"](/about) for more information on this setup, such as the template for the error pages. I found that Caddy on FreeBSD requires a [`mime.types` file](/caddy#content-type-freebsd); this is not specific to BoxyBSD. ### Building a Crystal application {#crystal} [CatchUp](https://gitlab.com/dbohdan/catchup) is an application written in [Crystal](!W "Crystal (programming language)"), which has a FreeBSD port. The application worked on FreeBSD without changes. My VPS from BoxyBSD has 10 GB of [ZFS](!W) storage: 2 GB of swap and an 8 GB root partition. Building a Crystal application requires installing the Crystal compiler and LLVM, which currently consume 2 GB of disk space. I decided to build the application on my local FreeBSD machine (a VM in [Proxmox](!W "Proxmox Virtual Environment")) and copy the compiled binary to the server. ## Page metadata URL: Published 2025-09-27, updated 2025-10-25. Tags: - BSD - Caddy - cloud - how-to - IPv6 - sysadmin - web