My VPS provider is running a promotion where I can get up to 5 additional public IPv4 addresses for a one-time cost of $25 each. I have always only used a single public IP address per VPS. Would there be any advantage of having additional public IP addresses?

I know some people do not consider a VPS self-hosting, but this is the most relevant community I could think of and the question is also applicable for homelabs as well.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    English
    arrow-up
    13
    ·
    5 months ago

    Few of them for most use cases, especially a VPS. My server have a couple of IPs each mapping to a different VM, they can all claim 22/80/443 as you’d expect, but that’s just basically the same as having a bunch of VPSes anyway.

    It’s useful for some other uses like, I might want to dedicate an IP for VPN exit that doesn’t expose any services.

    Another use is sometimes you just want two things to stay entirely separate, even if on a technical level it could work with a reverse proxy. It can eliminate some class of exploits like request smuggling.

    One use case I’ve had for a customer is they have a system that can only do TLSv1.0, which is wildly obsolete and exploitable. So that particular API endpoint was served from a secondary IP, that way I can continue to enforce TLSv1.2+ on the primary IP. It’s possible with some reverse proxy magic with HAproxy, but I could also just make a new server block in the existing NGINX bound to that IP and call it a day.

    • Sibbo@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      9
      ·
      5 months ago

      You can also have different SSL settings per virtual host with nginx. No need to use different IPs for that.

      • Max-P@lemmy.max-p.me
        link
        fedilink
        English
        arrow-up
        3
        ·
        5 months ago

        I don’t remember the exact details but it didn’t work right. That was arguably a couple years ago on a server distro approaching EOL, may have been long fixed. It involved Android 4.4.