Get your external IP address easily (how to setup your own with nginx as well)

7 thoughts on “Get your external IP address easily (how to setup your own with nginx as well)”

• I def suck at programming. my server is not giving me my device ip. Its giving me the cloudflare ip, as my web server is routed through cloudflare dns.. Any ideas?

• I created my own after I saw your tiktok awhile back 🤩 thinking about having two deployed, one for ipv4 and one for ipv6

• No full long-form comment for me on this because it isn't an official episode, just some notes:

  1. If you haven't seen curl before, you should look for someone with short, fast-paced tutorials demonstrating finer points of how to use it, because learning it will improve your abilities to understand how your software interacts with other services on the Internet.

  2. 'dig +short (host) A' and 'dig +short (host) AAAA ' both give results, meaning that Dave's website is dual-homed for IPv4/IPv6. This is interesting to know. When I tested his script I hit it from an external IPv6-only host at an ISP and cloud provider where I pay to maintain a shell account. I got back what I can see from the machine's various commands is the local IPv6 address on the machine. When I re-tested it instead using curl's –resolve switch to bypass DNS and explicitly set an IPv4 address of the host to be treated as the IP of Dave's website for the purposes of the test, I also got back an address, this time IPv4, this time not belonging to my host. It is not the external address of my system, but is rather the external address of the 6to4 NAT gateway that my ISP operates between its IPv6 resources and the public internet as a compatibility shim. So even something as simple as what Dave demonstrates here can have potentially surprising results!

  3. The four IPs that those dig commands return for me, two each IPv4 and IPv6, are Cloudflare IP addresses. Cloudflare is in Dave's configuration operating as a WAF and proxy service, sitting between us on the public Internet and whatever load balancer or network interface is sitting in front of the nginx instance he showed us in his demo. It's worth understanding here, for free with the tenancy of his website in Cloudflare, Dave gets a bunch of analytics about who hits that service–not just the same logs that exist in nginx, but all kinds of analytics about whatever resource you used to make the request, including not just geo-IP metadata about your IP address, but advanced stuff analyzing the User-Agent header your curl command supplied, and potentially also even things like analyzing fine details of TCP/IP headers and TLS handshaking behaviors in order to infer other things about your system and the OS where it's running.

  You should be incredibly thoughtful, hitting services like this, about the information you're exposing about yourself or about the enterprise where your code is running in production, before integrating with it. Not only is the service being offered with no SLA to you, it's being offered with no binding promises about how it will or will not use logdata you supply to it as part of your requests. A public service like this, if you were to integrate phone-homes into it from a wide variety of containers in a globally distributed software deployment, would get a shockingly detailed map of where your service is running–and also be able to make inferences about what OS you're running on, how often you patch that operating system, what kind of hardware you're renting from cloud providers or deploying in your data-centers, etc. And, potentially, have an interesting set of targets for bad actors, if that information ever becomes valuable to anyone.

  Easy and free always comes with hidden caveats. If you can't game out some of what those are, you have room to improve in terms of how you think about programming, and how your software interoperates with public Internet services in the real world.

  None of this is to say that Dave is untrustworthy or unethical. I'm asking you here to think not about what he will do, but about what you would potentially be giving him the power to do, if you used this service routinely in the way he has invited you to.

  Happy investigating!

  (Attempt 3 at posting this. I may reply on the Discord with diffs showing what got eaten vs what got through, if this works.)

• Just here to give a cheers from Norway! Keep up!

• Legal Trusts learn the law

• 1:11 `!$` is what I have been looking for for ages. Thank you

• you didnt say that I suck at programming today, so I must not suck at programming, right?

Comments are closed.