Shares 15

Most of the CDN like Cloudflare, Incapsula, AKAMAI let you enable IPv6 from their edge network. However, if you are not using CDN that provide IPv6 and need to enable for your website then here is how you can do it.

IPv6 has a performance advantage over IPv4. It can help to decrease the page load time from 25ms to 300ms.

Around 16% of top 1000 sites in the world support IPv6 and 7% of top 1 million sites.

Pre-requisite – you have to ensure IPv6 is enabled on OS level. If you are using RHEL/CentOS, then you may refer this guide.

Let’s see the procedure to implement IPv6 in Apache HTTP and Nginx web server.

How to find IPv6 on Linux?

Before enabling in web servers, you need to know the IPv6 address. There are multiple ways to locate the IPv6 in Linux/CentOS.

Using ifconfig

You can use ifconfig with grep inet6 to find the address

[[email protected] conf]# ifconfig |grep inet6
        inet6 2400:6180:0:d0::1f33:d001  prefixlen 64  scopeid 0x0<global>
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
[[email protected] conf]#

Using IP Show

[[email protected] conf]# ip -6 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2400:6180:0:d0::1f33:d001/64 scope global 
       valid_lft forever preferred_lft forever
[[email protected] conf]#

So now you know your server IPv6 address.

Enable IPv6 in Apache HTTP Server

I assume you have installed Apache and it’s up and running.

  • Go to the conf folder (default installation location would be /etc/httpd/conf)
  • Take a backup of httpd.conf file
  • Add the Listen directive with the port number
Listen [2400:6180:0:d0::1f33:d001]:80

Note: ensure to put IPv6 in the square box.

  • Restart the Apache HTTP server
service httpd restart

Let’s verify whether port 80 is listening on IPv6 or not.

[[email protected] conf]# netstat -anlp |grep 80
tcp        0      0 139.59.227.20:80        0.0.0.0:*               LISTEN      23047/httpd         
tcp6       0      0 2400:6180:0:d0::1f33:80 :::*                    LISTEN      23047/httpd         
unix  2      [ ACC ]     STREAM     LISTENING     14080    1091/master          public/qmgr
[[email protected] conf]#

So you can see it’s listening as highlighted.

Enable IPv6 in Nginx Web Server

By default, Nginx is configured to listen on IPv6 address. If you take a look at the nginx.conf file you should see the following.

listen       [::]:80 default_server;

if you just have one IPv6 address, then it’s alright, however, if you have multiple and would like Nginx to listen on specific IP then you need to adjust like this.

listen       [2400:6180:0:d0::1f33:d001]:80 default_server;

Restart Nginx to verify it’s listening on specific IP

[[email protected] conf]# netstat -anlp |grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      23257/nginx: master 
tcp        0      0 139.59.227.20:80        66.249.75.68:63906      TIME_WAIT   -                   
tcp        0      0 139.59.227.20:80        66.249.75.72:58416      TIME_WAIT   -                   
tcp6       0      0 2400:6180:0:d0::1f33:80 :::*                    LISTEN      23257/nginx: master 
unix  2      [ ACC ]     STREAM     LISTENING     14080    1091/master          public/qmgr
[[email protected] conf]

It’s easy, isn’t it?

Update DNS AAAA Record

The last step you need to do is to update AAAA record of your domain at the registrar. Once updated, you can verify the record by doing a DNS lookup.

You may also use IPv6 Test site to check if your website is accessible over IPv6 or not.

I hope above helps you in activating IPv6 in Apache and Nginx web server for better performance.

Shares 15

Reader Interactions

Comments

      • Here is what I mean [blog.radware. com/security/2016/12/ipv6-security-today/]

        While setting up IPV6 do I need to edit etc/network/interfaces (for Ubuntu/Debian) and if yes how do I find the details such as Gateway, Nameservers etc for my router via command line.

        And I must thank you for the security tools you have created. It helped me a lot. Thanks a bunch for that. (Not sure the CORS and HSTS header analyser are working properly or I am doing something wrong)

Comments

Your email address will not be published. Required fields are marked *