Virtual hosts using IPv6
Posted by Tim Galyean in Infrastructure on Sep 27th, 2011
Alright, so as we all know IPv4 is reaching the point of exhaustion and its time to start getting ready for IPv6. This can be very important for those of us who host web servers as many hosting providers will also be switching to assigning IPv6 addresses or NAT based Private IP’s in the Class A space 10.0.0.0/8 for IPv4 or fc00::/7 for IPv6 (Unique Local Address “ULA”).
With that in mind how are you going to host your website on IPv6 address space? There are many web servers available as free Open Source software such as nginx, apache (httpd), and lighthttpd. For the context of this article we will focus on apache, and assume that you already have IPv6 connectivity and an understanding of virtual hosts.
Getting Started
Here are a few things that you are going to need to get started:
- Linux based server
- Familiarity with Apache and the Linux command line (bash)
- IPv6 address
- Text editor
As the transition to IPv6 progresses you should see your hosting provider assigning IPv6 addresses. At this time many hosting companies have not yet caught up to this as implementing IPv6 networking and connectivity can be extremely time consuming and expensive. Currently Verio, Linode, and Liquid Web all provide web hosting with IPv6 connectivity.
Networking
Once you have confirmed that the network appliance your server is connected to has IPv6 capabilities, and your provider has assigned you an IPv6 address you can get started configuring your network interfaces. There are many ways this can be done but we will only cover binding an IPv6 address to an interface already serving traffic over IPv4.
First things first.. enable IPv6 networking by adding the following line to /etc/sysconfig/network on a redhat based Linux distribution.
NETWORKING_IPV6=yes
This is one of the files your init scripts consults with to identify what networking services to start. Now we can move on to configuring the interface. Mentioned previously we will be configuring a single interface to serve both IPv4 and IPv6 traffic. In this example we will be binding these addresses to eth0.
Here are the parameters we must edit:
- IPV6INIT – Accepts YES/NO and is used to determine if we should bring up IPv6
- IPV6ADDR – The IPv6 Address provided to you by your hosting company
- IPV6_DEFAULTGW – The default gateway which should also be provided by your hosting company
Example:
IPV6INIT=yes IPV6ADDR=2600:3c01::f03c:91ff:fe93:eb17 IPV6_DEFAULTGW=fe80::1
At this point you should be ready to restart networking and test connectivity. This will differ slightly from some of the tools we use for testing IPv4. For example if you wanted to run a simple ping command you would use ping6 or a third party site such as SubnetOnline.
/etc/init.d/networking restart
PING 2600:3c01::f03c:91ff:fe93:eb17(2600:3c01::f03c:91ff:fe93:eb17) 32 data bytes 40 bytes from 2600:3c01::f03c:91ff:fe93:eb17: icmp_seq=0 ttl=245 time=176 ms 40 bytes from 2600:3c01::f03c:91ff:fe93:eb17: icmp_seq=1 ttl=245 time=144 ms 40 bytes from 2600:3c01::f03c:91ff:fe93:eb17: icmp_seq=2 ttl=245 time=144 ms 40 bytes from 2600:3c01::f03c:91ff:fe93:eb17: icmp_seq=3 ttl=245 time=144 ms --- 2600:3c01::f03c:91ff:fe93:eb17 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3010ms rtt min/avg/max/mdev = 144.641/152.757/176.961/13.982 ms, pipe 2
If a ping from your workstation does not work do not be alarmed.. your local network may not have IPv6 connectivity. If you should encounter any issues up to this point you should consult with your hosting provider to ensure your interfaces are configured properly and you have the correct configuration.
Virtual Hosts
Now that we have networking configured we can move on to configuring our virtual hosts. Virtual hosts are pretty easy to configure, however there are multiple steps. First and foremost you must configure apache to listen on your IPv6 interface. This is pretty easy to do however there is an important syntax change that you need to be aware of..
When configuring apache to listen on an IPv4 interface using port 80 you would typically use the following statement in httpd.conf:
Listen 127.0.0.1:80This changes very slightly but the IPv6 address requires brackets around it like in this example:
Listen [2600:3c01::f03c:91ff:fe93:eb17]:80
Below is an example virtual host configuration. This is pretty standard and does not provide any cache control or any additional features. Here is a break down on the configuration:
- ServerName – this will be the name of your virtual host or domain name
- ServerAlias – aliases work similar to ServerName, however they are used to redirect a URL to the content specified in DocumentRoot
- DocumentRoot – this is where you store your website content
- ErrorLog – pretty self explanatory however any errors that may be generated will be logged here. (404, 500 etc..)
- CustomLog – CustomLog provides you with an ‘all in one’ solution for logging HTTP requests. It specifies the path to the log file as well as the log format. For more details on how to customize this please refer to the apache docs here.
- Options -Indexes – this disables directory listings on folder’s that do not have an index page.
- AllowOverride – this directive is what tells apache to ignore or utilize the contents of a .htaccess file
- Order – Order provides a very basic means of access control.
- Allow – apache docs describe this best.. “Controls which hosts can access an area of the server”
- Typically most people append their virtual host configuration to the httpd.conf file, however it can be stored elsewhere as httpd.conf provides an include directory. For example you could do something like..
mkdir /etc/httpd/vhost.d echo "Include vhost.d/*.conf" >> /etc/httpd/conf/httpd.conf
This would provide you with the ability to create a file such as “/etc/httpd/vhost.d/mydomain.conf” where you would store your virtual host configuration. Doing this keeps httpd.conf clean, and also makes things a bit easier to manage.
ServerName www.yoursite.com ServerAlias www.yoursite.com yoursite.com UseCanonicalName Off DocumentRoot /home/yoursite/public_html ErrorLog /var/log/httpd/yoursite-error_log CustomLog /var/log/httpd/yoursite-access_log combined Options -Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from allNow that your virtual hosts are configured its time to restart apache and start hosting your website. I hope whoever reads this finds it helpful. If you have any questions please feel free to comment below.
