GitHub IPv6 proxy

🇬🇧
🇨🇿
🇩🇪
🇧🇷
🇷🇺
🇹🇷
🇺🇦
🇨🇳
+

Recently I had to clone a git repository on GitHub via an IPv6 only server that I rented at my favourite hosting provider Hetzner. Unfortunately I realized that GitHub still does not support IPv6.

My workaround was setting up a WireGuard VPN with one of my dual-stack servers. An alternative could have been installing Tor to download anonymously.

As I'm by far not the only user with an IPv6 only server looking to download repositories from GitHub, I decided to provide a public proxy server that can be used to access GitHub on an IPv6 network, until GitHub provides native IPv6 support. The proxy is only available on IPv6, to prevent IPv4 users from using unnecessary resources, as they can already clone from GitHub directly.

Note, that my https proxy is serving a ssl certificate issued for my domain, which means I decrypt and re-encrypt your traffic (and could potentially look into it, but I don't). It is necessary as you'd get an invalid ssl certificate warning otherwise + github would redirect to the default port after accepting it. See below for a more permanent solution, that's more privacy-friendly.

So how does it work? Let's assume we want to clone the PHP Chat script I've published at https://github.com/DanWin/le-chat-php. Normally cloning the repository would look like this:
git clone https://github.com/DanWin/le-chat-php
On an IPv6 connection, you can use my proxy service like this:
git clone https://danwin1210.de:1443/DanWin/le-chat-php
And if you would like to clone via ssh you can also do it like this:
git clone git@github-ipv6-proxy.danwin1210.de:DanWin/le-chat-php

Those wanting to use the proxy more permanently and/or talk directly to GitHub, without me re-encrypting your traffic, should add the following to /etc/hosts:

2a01:4f8:c010:d56::2 github.com
2a01:4f8:c010:d56::3 api.github.com
2a01:4f8:c010:d56::4 codeload.github.com
2a01:4f8:c010:d56::5 objects.githubusercontent.com
2a01:4f8:c010:d56::6 ghcr.io
2a01:4f8:c010:d56::7 pkg.github.com npm.pkg.github.com maven.pkg.github.com nuget.pkg.github.com rubygems.pkg.github.com

Once added, you can clone as usual, without any changes:

git clone https://github.com/DanWin/le-chat-php

All of this is done with the following nginx configuration on a dual stack server:

http {
	server {
		listen [::]:1443 fastopen=100 backlog=2048 ipv6only=on ssl http2 default_server;
		location = /robots.txt {
			return 200 'User-agent: *
Disallow:';
		}
		location / {
			proxy_pass https://github.com;
			proxy_set_header Host "github.com";
		}
	}
}
stream {
	server {
		listen [2a01:4f8:c010:d56::2]:22 fastopen=100 ipv6only=on;
		proxy_pass github.com:22;
	}
	server {
		listen [2a01:4f8:c010:d56::2]:443 fastopen=100 ipv6only=on;
		proxy_pass github.com:443;
	}
	server {
		listen [2a01:4f8:c010:d56::3]:443 fastopen=100 ipv6only=on;
		proxy_pass api.github.com:443;
	}
	server {
		listen [2a01:4f8:c010:d56::4]:443 fastopen=100 ipv6only=on;
		proxy_pass codeload.github.com:443;
	}
	server {
		listen [2a01:4f8:c010:d56::5]:443 fastopen=100 ipv6only=on;
		proxy_pass objects.githubusercontent.com:443;
	}
	server {
		listen [2a01:4f8:c010:d56::6]:443 fastopen=100 ipv6only=on;
		proxy_pass ghcr.io:443;
	}
	server {
		listen [2a01:4f8:c010:d56::7]:443 fastopen=100 ipv6only=on;
		proxy_pass pkg.github.com:443;
	}
}

If there are any further questions, contact me.