In this blog entry I have two updates:
Update the First: AuthHub
I have moved the AuthHub Demo server from AWS to DigitalOcean for two reasons. The first is the update from docker-machine v0.4 to v0.5 caused some issues for me, and I decided to move away from trying to administer a docker-machine host from both my laptop and desktop machine. Unfortunately I had difficulty keeping the credentials consistent across my machines during a docker update, and decided to move away from docker-machine until it has a better mechanism for exporting and importing credentials.
The second reason I migrated away from AWS was to reduce the price during the beta. DigitalOcean is far more cost effective for smaller deployment.
I also found that the site stopped working about a month after I started it. I quickly determined that my certificate revocation list had expired and Nginx had stopped allowing client certificates validation due to the expired CRL. I have updated the CRL twice since then, but I have yet to automate the process of packaging a new CRL with my nginx container and deploying it.
You can still go to the AuthHub Sample to learn more about AuthHub and to get public credentials to use the AuthHub Demo server.
Update the Second: IPv6
I have been investigating IPv6 more thoroughly, and I found that my recommendation regarding enabling ICMP is far more important for IPv6 than IPv4. I found a fairly comprehensive set of iptables rules for IPv6 which includes very fine grained rules for ICMPv6, however I tend to just use the following rule:
sudo ip6tables -A INPUT -p icmpv6 -j ACCEPT
I found that without allowing at least some ICMPv6 traffic, I was unable to send or receive TCP packets over IPv6 on my DigitalOcean hosts.
IPv6 support is still pretty spotty, even as we run out of IPv4 addresses. On Amazon you must use an Elastic Load Balancer to get an IPv6 address, and even then only within the classic network, and not on a VPC. For Google Cloud Platform App Engine is the only IPv6 enabled compute service.
It is disappointing to see the major providers are taking so long to implement IPv6. Google even goes so far as to proclaim its IPv6 advocacy as it indicates that IPv6 support is lacking in compute engine.
Compute Engine currently does not support IPv6. However, Google is a major advocate of IPv6 and it is an important future direction.
Luckily there are services which offer good IPv6 support. In particular Linode and DigitalOcean offer good IPv6 support. It is also possible to support IPv6 by using a CDN such as CloudFlare as an IPv6 proxy to an IPv4 website. The time has come to become more familiar with IPv6 and to incorporate IPv6 support into deployments.