SlideShare a Scribd company logo

Webhosting on IPv6-only Virtual Machines

punkt.de GmbH
punkt.de GmbH

This document discusses web hosting on IPv6-only virtual machines. It describes moving from a shared IP address model to dedicating an IP address per website. Jails (lightweight virtual machines) are used, with each jail hosting a website on its own IP address. Challenges addressed include acquiring SSL certificates via Let's Encrypt, sending email, plugin installations, and compatibility with some webdav clients. Further challenges are expected from customers and services only available over IPv4.

Internet
1 of 18
Download to read offline
Webhosting on IPv6-only Virtual Machines Wolfgang Zenker Dubai, October 25, 2017
Webhosting for small to medium sized websites Model Separation Security File access Shell Webserver Database php old nameVirtual Host suexec ftp (chroot) no shared shared shared
Webhosting for small to medium sized websites Model Separation Security File access Shell Webserver Database php old nameVirtual Host suexec ftp (chroot) no shared shared shared new jail jail ftp, scp root own own own
FreeBSD jails • Jails are lightweight virtual machines • Extension of chroot model: partition not only file system but also process table, network- and IPC-stack etc. We use jails combined with ZFS datasets • System environment on r/o mount from host • Application environment on r/o mount from blueprint • Configuration defaults copied from blueprint to r/w dataset • r/w dataset for application data and software
Host Internet virtual Bridge v4/v6 v4/v6v4/v6v4/v6v4/v6 … Jail JailJailJailJail Jail hosting – version 1
SSL “dehydrated” script running in each jail to aquire SSL certificates 
 from “Let's Encrypt”
IP Address requirement old model: one address shared by all websites on one physical machine new model: one address per website
IP Address requirement old model: one address shared by all websites on one physical machine new model: one address per website 
 AS16188 address space IPv4: 1 x /20, 1 x (final) /22
 -> 5120 addresses IPv6: 1 x /32
 -> 79228162514264337593543950336 addresses
Host Internet virtual Bridge v6 v6v6v6v6 … Jail JailJailJailJail Jail hosting – version 2 reverse proxy v4/v6
First implementation for “nextcloud” hosting • Application pre-installed • Customer interacts per https only
SSL • “dehydrated” script running on host only • host has r/w access of jail dataset to provision certificate and key • v4 SSL termination on host, proxy to v6 http on jail 
 At time of implementation, “Let's encrypt” would send challenges 
 on IPv4 if signing request was by IPv4.
Problem • Applications sends mail to users • Some users don't have IPv6 on mailserver Solution • Use host system as outgoing mail relay
Problem • “nextcloud” plugin repository is IPv4 only Solution (kind of) • disable plugin installation by customer
Problem • Let’s encrypt now sends challenge on IPv6 Solution • reverse proxy on jail for challenges, going to host IPv6 Tried • run “dehydrated” in jail -> failed: “dehydrated” does not work on IPv6-only
Problem • Some webdav clients fail because of SSL termination on host Solution (probably) • proxy to https on jail instead of http
Outlook For "generic" webhosting we expect more challenges: • customers with IPv4-only need ssh access • code repositories (e.g. GitHub, RubyGems, ...) are IPv4-only • ...
Questions?
Thank you Further questions: hosting@punkt.de @punktdehosting https://www.facebook.com/punkt.deGmbH/

Recommended

The next generation infrastructure of the Document Foundation
The next generation infrastructure of the Document FoundationThe next generation infrastructure of the Document Foundation
The next generation infrastructure of the Document Foundation
alexanderwerner
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
Muhammad Moinur Rahman
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
Michael Boelen
 
Turning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platformTurning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platform
wim_provoost
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
MongoDB
 
NoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionNoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionGavin Holt
 

Recommended

The next generation infrastructure of the Document Foundation
The next generation infrastructure of the Document FoundationThe next generation infrastructure of the Document Foundation
The next generation infrastructure of the Document Foundation
alexanderwerner
 
FreeBSD is not Linux
FreeBSD is not LinuxFreeBSD is not Linux
FreeBSD is not Linux
Muhammad Moinur Rahman
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Docker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
Michael Boelen
 
Turning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platformTurning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platform
wim_provoost
 
Securing Your MongoDB Deployment
Securing Your MongoDB DeploymentSecuring Your MongoDB Deployment
Securing Your MongoDB Deployment
MongoDB
 
NoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionNoSQL - No Security? - The BSides Edition
NoSQL - No Security? - The BSides EditionGavin Holt
 
Open vStorage Road show 2015 Q1
Open vStorage Road show 2015 Q1Open vStorage Road show 2015 Q1
Open vStorage Road show 2015 Q1
wim_provoost
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep Dive
Docker, Inc.
 
AstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskAstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & Asterisk
Evan McGee
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?
wurbanski
 
Easy access to open stack object storage
Easy access to open stack object storageEasy access to open stack object storage
Easy access to open stack object storage
Juan José Martínez
 
Monitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaMonitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebula
NETWAYS
 
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitContainer Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security Summit
David Timothy Strauss
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
Jerome Smith
 
Bestpracticesforvsphere
BestpracticesforvsphereBestpracticesforvsphere
Bestpracticesforvsphere
Darshana Sampath Jayathilake
 
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat Security Conference
 
Nikto
NiktoNikto
Nikto
penetration Tester
 
Varnish SSL / TLS
Varnish SSL / TLSVarnish SSL / TLS
Varnish SSL / TLS
Varnish Software
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat Security Conference
 
Alex Fishman - Virtualizing the Cloud
Alex Fishman - Virtualizing the CloudAlex Fishman - Virtualizing the Cloud
Alex Fishman - Virtualizing the Cloud
Cloud Native Day Tel Aviv
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
NETWAYS
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in Kubernetes
The {code} Team
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with Micronaut
QAware GmbH
 
Unsafe SSL webinar
Unsafe SSL webinarUnsafe SSL webinar
Unsafe SSL webinar
Wolfgang Kandek
 
Ceph and cloud stack apr 2014
Ceph and cloud stack apr 2014Ceph and cloud stack apr 2014
Ceph and cloud stack apr 2014
Ian Colle
 
Reactive applications and microservices with Vert.x tool-kit
Reactive applications and microservices with Vert.x tool-kitReactive applications and microservices with Vert.x tool-kit
Reactive applications and microservices with Vert.x tool-kit
Victor Hugo
 
Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
Sreenivas Makam
 
Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Rich Bowen
 

More Related Content

What's hot

Open vStorage Road show 2015 Q1
Open vStorage Road show 2015 Q1Open vStorage Road show 2015 Q1
Open vStorage Road show 2015 Q1
wim_provoost
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep Dive
Docker, Inc.
 
AstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskAstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & Asterisk
Evan McGee
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?
wurbanski
 
Easy access to open stack object storage
Easy access to open stack object storageEasy access to open stack object storage
Easy access to open stack object storage
Juan José Martínez
 
Monitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaMonitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebula
NETWAYS
 
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitContainer Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security Summit
David Timothy Strauss
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
Jerome Smith
 
Bestpracticesforvsphere
BestpracticesforvsphereBestpracticesforvsphere
Bestpracticesforvsphere
Darshana Sampath Jayathilake
 
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat Security Conference
 
Nikto
NiktoNikto
Nikto
penetration Tester
 
Varnish SSL / TLS
Varnish SSL / TLSVarnish SSL / TLS
Varnish SSL / TLS
Varnish Software
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat Security Conference
 
Alex Fishman - Virtualizing the Cloud
Alex Fishman - Virtualizing the CloudAlex Fishman - Virtualizing the Cloud
Alex Fishman - Virtualizing the Cloud
Cloud Native Day Tel Aviv
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
NETWAYS
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in Kubernetes
The {code} Team
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with Micronaut
QAware GmbH
 
Unsafe SSL webinar
Unsafe SSL webinarUnsafe SSL webinar
Unsafe SSL webinar
Wolfgang Kandek
 
Ceph and cloud stack apr 2014
Ceph and cloud stack apr 2014Ceph and cloud stack apr 2014
Ceph and cloud stack apr 2014
Ian Colle
 
Reactive applications and microservices with Vert.x tool-kit
Reactive applications and microservices with Vert.x tool-kitReactive applications and microservices with Vert.x tool-kit
Reactive applications and microservices with Vert.x tool-kit
Victor Hugo
 

What's hot (20)

Open vStorage Road show 2015 Q1
Open vStorage Road show 2015 Q1Open vStorage Road show 2015 Q1
Open vStorage Road show 2015 Q1
 
DockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep DiveDockerCon EU 2015: Docker Networking Deep Dive
DockerCon EU 2015: Docker Networking Deep Dive
 
AstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & AsteriskAstriCon 2017 - Docker Swarm & Asterisk
AstriCon 2017 - Docker Swarm & Asterisk
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?
 
Easy access to open stack object storage
Easy access to open stack object storageEasy access to open stack object storage
Easy access to open stack object storage
 
Monitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebulaMonitoring Large-scale Cloud Infrastructures with OpenNebula
Monitoring Large-scale Cloud Infrastructures with OpenNebula
 
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitContainer Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security Summit
 
SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)SSL Checklist for Pentesters (BSides MCR 2014)
SSL Checklist for Pentesters (BSides MCR 2014)
 
Bestpracticesforvsphere
BestpracticesforvsphereBestpracticesforvsphere
Bestpracticesforvsphere
 
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
BlueHat v17 || Corrupting Memory in Microsoft Office Protected-View Sandbox
 
Nikto
NiktoNikto
Nikto
 
Varnish SSL / TLS
Varnish SSL / TLSVarnish SSL / TLS
Varnish SSL / TLS
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
 
Alex Fishman - Virtualizing the Cloud
Alex Fishman - Virtualizing the CloudAlex Fishman - Virtualizing the Cloud
Alex Fishman - Virtualizing the Cloud
 
How Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project FeedbackHow Can OpenNebula Fit Your Needs: A European Project Feedback
How Can OpenNebula Fit Your Needs: A European Project Feedback
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in Kubernetes
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with Micronaut
 
Unsafe SSL webinar
Unsafe SSL webinarUnsafe SSL webinar
Unsafe SSL webinar
 
Ceph and cloud stack apr 2014
Ceph and cloud stack apr 2014Ceph and cloud stack apr 2014
Ceph and cloud stack apr 2014
 
Reactive applications and microservices with Vert.x tool-kit
Reactive applications and microservices with Vert.x tool-kitReactive applications and microservices with Vert.x tool-kit
Reactive applications and microservices with Vert.x tool-kit
 

Similar to Webhosting on IPv6-only Virtual Machines

Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
Sreenivas Makam
 
Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Rich Bowen
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
Felipe Prado
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010
Rich Bowen
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
Anil Madhavapeddy
 
OSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and WindowsOSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and Windows
Docker, Inc.
 
Improving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with DockerImproving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with Docker
Brett Palmer
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
LorisPack Project
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
markmcclain
 
fgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdffgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdf
FernandoGont
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
Alessandro Arrichiello
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Mickaël Rémond
 
Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5
Tim Mackey
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
Hackito Ergo Sum
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
Alessandro Pilotti
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
Anil Madhavapeddy
 
Oracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerOracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with Docker
Guatemala User Group
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
Tim Mackey
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Michele Orru
 

Similar to Webhosting on IPv6-only Virtual Machines (20)

Docker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental NetworkingDocker Networking - Current Status and goals of Experimental Networking
Docker Networking - Current Status and goals of Experimental Networking
 
Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011Apache Wizardry - Ohio Linux 2011
Apache Wizardry - Ohio Linux 2011
 
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
DEF CON 27 - ORANGE TSAI and MEH CHANG - infiltrating corporate intranet like...
 
Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010Apache Cookbook - TekX Chicago 2010
Apache Cookbook - TekX Chicago 2010
 
Advanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and WindowsAdvanced Docker Developer Workflows on MacOS X and Windows
Advanced Docker Developer Workflows on MacOS X and Windows
 
OSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and WindowsOSCON: Advanced Docker developer workflows on Mac OS and Windows
OSCON: Advanced Docker developer workflows on Mac OS and Windows
 
Improving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with DockerImproving WordPress Development and Deployments with Docker
Improving WordPress Development and Deployments with Docker
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
 
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack NetworkingONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
ONUG Tutorial: Bridges and Tunnels Drive Through OpenStack Networking
 
fgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdffgont-h2hc-2020-ipv6-security.pdf
fgont-h2hc-2020-ipv6-security.pdf
 
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
[Devconf.cz][2017] Understanding OpenShift Security Context Constraints
 
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1Managing ejabberd Platforms with Docker - ejabberd Workshop #1
Managing ejabberd Platforms with Docker - ejabberd Workshop #1
 
Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5Selecting the correct hypervisor for CloudStack 4.5
Selecting the correct hypervisor for CloudStack 4.5
 
OpenStack Summit
OpenStack SummitOpenStack Summit
OpenStack Summit
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 
OpenStack and Windows
OpenStack and WindowsOpenStack and Windows
OpenStack and Windows
 
Unikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library HypervisorUnikernels: Rise of the Library Hypervisor
Unikernels: Rise of the Library Hypervisor
 
Oracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerOracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with Docker
 
Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3Decisions behind hypervisor selection in CloudStack 4.3
Decisions behind hypervisor selection in CloudStack 4.3
 
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
 

More from punkt.de GmbH

Backend-Berechtigungen und 
Best Practices
Backend-Berechtigungen und 
Best PracticesBackend-Berechtigungen und 
Best Practices
Backend-Berechtigungen und 
Best Practices
punkt.de GmbH
 
Arbeiten bei punkt.de
Arbeiten bei punkt.deArbeiten bei punkt.de
Arbeiten bei punkt.de
punkt.de GmbH
 
Backend User Experience in TYPO3
Backend User Experience in TYPO3Backend User Experience in TYPO3
Backend User Experience in TYPO3
punkt.de GmbH
 
Playing around with page types in TYPO3
Playing around with page types in TYPO3Playing around with page types in TYPO3
Playing around with page types in TYPO3
punkt.de GmbH
 
Experiences with backend user rights in TYPO3
Experiences with backend user rights in TYPO3Experiences with backend user rights in TYPO3
Experiences with backend user rights in TYPO3
punkt.de GmbH
 
One Neos CMS - many websites
One Neos CMS - many websitesOne Neos CMS - many websites
One Neos CMS - many websites
punkt.de GmbH
 
Continuous relaunch - DIGITAL FUTUREcongress 2018
Continuous relaunch - DIGITAL FUTUREcongress 2018Continuous relaunch - DIGITAL FUTUREcongress 2018
Continuous relaunch - DIGITAL FUTUREcongress 2018
punkt.de GmbH
 
FreeBSD hosting
FreeBSD hostingFreeBSD hosting
FreeBSD hosting
punkt.de GmbH
 
Erweiterte Berechtigungen im TYPO3 FE
Erweiterte Berechtigungen im TYPO3 FEErweiterte Berechtigungen im TYPO3 FE
Erweiterte Berechtigungen im TYPO3 FE
punkt.de GmbH
 
Search as main navigation
Search as main navigationSearch as main navigation
Search as main navigation
punkt.de GmbH
 
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
punkt.de GmbH
 
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
punkt.de GmbH
 

More from punkt.de GmbH (12)

Backend-Berechtigungen und 
Best Practices
Backend-Berechtigungen und 
Best PracticesBackend-Berechtigungen und 
Best Practices
Backend-Berechtigungen und 
Best Practices
 
Arbeiten bei punkt.de
Arbeiten bei punkt.deArbeiten bei punkt.de
Arbeiten bei punkt.de
 
Backend User Experience in TYPO3
Backend User Experience in TYPO3Backend User Experience in TYPO3
Backend User Experience in TYPO3
 
Playing around with page types in TYPO3
Playing around with page types in TYPO3Playing around with page types in TYPO3
Playing around with page types in TYPO3
 
Experiences with backend user rights in TYPO3
Experiences with backend user rights in TYPO3Experiences with backend user rights in TYPO3
Experiences with backend user rights in TYPO3
 
One Neos CMS - many websites
One Neos CMS - many websitesOne Neos CMS - many websites
One Neos CMS - many websites
 
Continuous relaunch - DIGITAL FUTUREcongress 2018
Continuous relaunch - DIGITAL FUTUREcongress 2018Continuous relaunch - DIGITAL FUTUREcongress 2018
Continuous relaunch - DIGITAL FUTUREcongress 2018
 
FreeBSD hosting
FreeBSD hostingFreeBSD hosting
FreeBSD hosting
 
Erweiterte Berechtigungen im TYPO3 FE
Erweiterte Berechtigungen im TYPO3 FEErweiterte Berechtigungen im TYPO3 FE
Erweiterte Berechtigungen im TYPO3 FE
 
Search as main navigation
Search as main navigationSearch as main navigation
Search as main navigation
 
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
Punkt.de – Layout-Testing: was geht, was bringt´s, wer braucht´s?
 
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
Teams langfristig führen und entwickeln: Der ScrumMaster als Visionär des Tea...
 

Recently uploaded

可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 

Recently uploaded (20)

可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 

Webhosting on IPv6-only Virtual Machines

  • 1. Webhosting on IPv6-only Virtual Machines Wolfgang Zenker Dubai, October 25, 2017
  • 2. Webhosting for small to medium sized websites Model Separation Security File access Shell Webserver Database php old nameVirtual Host suexec ftp (chroot) no shared shared shared
  • 3. Webhosting for small to medium sized websites Model Separation Security File access Shell Webserver Database php old nameVirtual Host suexec ftp (chroot) no shared shared shared new jail jail ftp, scp root own own own
  • 4. FreeBSD jails • Jails are lightweight virtual machines • Extension of chroot model: partition not only file system but also process table, network- and IPC-stack etc. We use jails combined with ZFS datasets • System environment on r/o mount from host • Application environment on r/o mount from blueprint • Configuration defaults copied from blueprint to r/w dataset • r/w dataset for application data and software
  • 5. Host Internet virtual Bridge v4/v6 v4/v6v4/v6v4/v6v4/v6 … Jail JailJailJailJail Jail hosting – version 1
  • 6. SSL “dehydrated” script running in each jail to aquire SSL certificates 
 from “Let's Encrypt”
  • 7. IP Address requirement old model: one address shared by all websites on one physical machine new model: one address per website
  • 8. IP Address requirement old model: one address shared by all websites on one physical machine new model: one address per website 
 AS16188 address space IPv4: 1 x /20, 1 x (final) /22
 -> 5120 addresses IPv6: 1 x /32
 -> 79228162514264337593543950336 addresses
  • 9. Host Internet virtual Bridge v6 v6v6v6v6 … Jail JailJailJailJail Jail hosting – version 2 reverse proxy v4/v6
  • 10. First implementation for “nextcloud” hosting • Application pre-installed • Customer interacts per https only
  • 11. SSL • “dehydrated” script running on host only • host has r/w access of jail dataset to provision certificate and key • v4 SSL termination on host, proxy to v6 http on jail 
 At time of implementation, “Let's encrypt” would send challenges 
 on IPv4 if signing request was by IPv4.
  • 12. Problem • Applications sends mail to users • Some users don't have IPv6 on mailserver Solution • Use host system as outgoing mail relay
  • 13. Problem • “nextcloud” plugin repository is IPv4 only Solution (kind of) • disable plugin installation by customer
  • 14. Problem • Let’s encrypt now sends challenge on IPv6 Solution • reverse proxy on jail for challenges, going to host IPv6 Tried • run “dehydrated” in jail -> failed: “dehydrated” does not work on IPv6-only
  • 15. Problem • Some webdav clients fail because of SSL termination on host Solution (probably) • proxy to https on jail instead of http
  • 16. Outlook For "generic" webhosting we expect more challenges: • customers with IPv4-only need ssh access • code repositories (e.g. GitHub, RubyGems, ...) are IPv4-only • ...
  • 18. Thank you Further questions: hosting@punkt.de @punktdehosting https://www.facebook.com/punkt.deGmbH/