English English French French Spanish Spanish German German
Geekflare is supported by our audience. We may earn affiliate commissions from buying links on this site.
Share on:

How to Enable IPv6 in Nginx & Apache?

ipv6 implementation
Invicti Web Application Security Scanner – the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

Most of the CDN like Cloudflare, SUCURI, AKAMAI let you enable IPv6 from their edge network. However, if you are not using CDN that provides IPv6 and needs to enable your website, then here is how you can do it.

IPv6 has a performance advantage over IPv4. It can help to decrease the page load time from 25ms to 300ms. An interesting report by SUCURI shows 16% of the top 1000 sites in the world support IPv6 and 7% of the top 1 million sites.

ipv6-adoption-sucuri

If not already, it would be good to enable on your site.

Pre-requisite – you have to ensure IPv6 is enabled on the OS level. If you are using RHEL/CentOS, then you may refer to this guide.

Let’s see the procedure to implement IPv6 in Apache HTTP and the Nginx web server.

How to find IPv6 on Linux?

Before enabling the IPv6, you need to know the IPv6 address. There are multiple ways to locate the IPv6 in Linux/CentOS.

Using ifconfig

You can use ifconfig with grep inet6 to find the address

[root@chandan conf]# ifconfig |grep inet6
        inet6 2400:6180:0:d0::1f33:d001  prefixlen 64  scopeid 0x0<global>
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
[root@chandan conf]#

Using IP Show

[root@chandan conf]# ip -6 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2400:6180:0:d0::1f33:d001/64 scope global 
       valid_lft forever preferred_lft forever
[root@chandan conf]#

So now you know your server IPv6 address.

Enable IPv6 in Apache HTTP Server

I assume you have installed Apache, and it’s up and running.

  • Go to the conf folder (default installation location would be /etc/httpd/conf)
  • Take a backup of httpd.conf file
  • Add the Listen directive with the port number
Listen [2400:6180:0:d0::1f33:d001]:80

Note: ensure to put IPv6 in the square box.

  • Restart the Apache HTTP server
service httpd restart
[root@chandan conf]# netstat -anlp |grep 80
tcp        0      0 139.59.227.20:80        0.0.0.0:*               LISTEN      23047/httpd         
tcp6       0      0 2400:6180:0:d0::1f33:80 :::*                    LISTEN      23047/httpd         
unix  2      [ ACC ]     STREAM     LISTENING     14080    1091/master          public/qmgr
[root@chandan conf]#

And, as you can see the second line starting with tcp6.

Enable IPv6 in Nginx Web Server

By default, Nginx is configured to listen on IPv6 address. If you take a look at the nginx.conf file, you should see the following.

listen       [::]:80 default_server;

If you just have one IPv6 address, then it’s alright; however, if you have multiple and would like Nginx to listen on specific IP, then you need to adjust like this.

listen       [2400:6180:0:d0::1f33:d001]:80 default_server;

Restart Nginx to verify it’s listening on specific IP

[root@chandan conf]# netstat -anlp |grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      23257/nginx: master 
tcp        0      0 139.59.227.20:80        66.249.75.68:63906      TIME_WAIT   -                   
tcp        0      0 139.59.227.20:80        66.249.75.72:58416      TIME_WAIT   -                   
tcp6       0      0 2400:6180:0:d0::1f33:80 :::*                    LISTEN      23257/nginx: master 
unix  2      [ ACC ]     STREAM     LISTENING     14080    1091/master          public/qmgr
[root@chandan conf]

It’s easy, isn’t it?

Update DNS AAAA Record

The last step you need to do is to update the AAAA record of your domain at the registrar. Once updated, you can verify the record by doing a DNS lookup. You may also use the IPv6 Test tool to check if your website is accessible over IPv6 or not.

Thanks to our Sponsors
More great readings on Apache HTTP
Power Your Business
Some of the tools and services to help your business grow.
  • Invicti uses the Proof-Based Scanning™ to automatically verify the identified vulnerabilities and generate actionable results within just hours.
    Try Invicti
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.
    Try Brightdata
  • Semrush is an all-in-one digital marketing solution with more than 50 tools in SEO, social media, and content marketing.
    Try Semrush
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.
    Try Intruder