Ipv6 for Apache

andrewnewby · February 14, 2023, 4:02pm

Hi,

I’m trying to get ipv6 working for a server. It has Apache as the front end, with nginx as the backend for JS etc. So a pretty standard install. It all works fine on ipv4, with stuff like:

<VirtualHost 45.33.101.38:8443>

But when testiung on ipv6, I end up with the Webmail page. I’ve tried:

<VirtualHost 45.33.101.38:8443 [2600:3c02::f03c:93ff:feca:55a6]:8443>

But no joy. What am I doing wrong?

UPDATE: So looking at it, it seems Apache isn’t listening on ipv6:

sudo netstat -anp | grep apache
tcp        0      0 45.33.101.38:8080       0.0.0.0:*               LISTEN      890710/apache2
tcp        0      0 127.0.0.1:8081          0.0.0.0:*               LISTEN      890710/apache2
tcp        0      0 45.33.101.38:8443       0.0.0.0:*               LISTEN      890710/apache2

How would I do that? Edit /etc/apache2/ports.conf ?

I’m not too sure what value it would be expecting, seeing as its included via:

# Include list of ports to listen on and which to use for name based vhosts

Include ports.conf

Thanks!

Andy

andrewnewby · February 15, 2023, 6:58am

Surely someone has done this? Its a shame IPv6 isn’t available out of the box (with the nginx stuff I just wrote a script that updates the templates to include the IPv6 listeners)

eris · February 15, 2023, 7:51am

It shouldn’t matter the Nginx returns the %ip% value for the proxy pass.

On the background we are working of full integration on ipv6 but it takes a while

Raphael · February 15, 2023, 7:55am

Feel free to help out or sponsor the functionality.

andrewnewby · February 15, 2023, 8:08am

Hi,

Thanks for the reply.

It shouldn’t matter the Nginx returns the %ip% value for the proxy pass.

I’m not sure I understand? The setup is Apache for the frontend, and then nginx as the backend for JS/CSS etc. Surely Apache needs to be configured to open up ipv6? (currently it only seems to be listening on ipv4 addresses?)

andrewnewby · February 15, 2023, 8:10am

Feel free to help out or sponsor the functionality.

haha not sure how much help I would be I fumbled my way through the tweaks with the v-backup-user stuff (with wildcards), but with Bash not being my main programming language its all a bit of a learning curve!

Is there a specific place to donate towards the ipv6? Or is it just on the general giving page?

andrewnewby · February 15, 2023, 8:28am

Ok coming back to it I’m getting a bit closer!

/etc/nginx/conf.d/45.33.101.38.conf

I’ve edited that so it has the IPv6 addresses in:

Listen 45.33.101.38:8443
Listen 45.33.101.38:8080

Listen [2600:3c02::f03c:93ff:feca:55a6]:8443
Listen [2600:3c02::f03c:93ff:feca:55a6]:8080

<VirtualHost 45.33.101.38:8080 [2600:3c02::f03c:93ff:feca:55a6]:8080>
    ServerName 45.33.101.38
    DocumentRoot /var/www/html/
    Alias /error/ /var/www/document_errors/

</VirtualHost>

<VirtualHost 45.33.101.38:8443 [2600:3c02::f03c:93ff:feca:55a6]:8443>
    ServerName 45.33.101.38
    DocumentRoot /var/www/html/
    Alias /error/ /var/www/document_errors/

    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile         /usr/local/hestia/ssl/certificate.crt
    SSLCertificateKeyFile      /usr/local/hestia/ssl/certificate.key

</VirtualHost>

Then in the domain file in /etc/nginx/conf.d/domains/foo.conf, I added this to the .conf file:

<VirtualHost 45.33.101.38:8080 [2600:3c02::f03c:93ff:feca:55a6]:8080>

and this to the .ssl.conf file:

<VirtualHost 45.33.101.38:8443 [2600:3c02::f03c:93ff:feca:55a6]:8443>

I restarted Apache and its not complaining. I can see Apache listening on ipv6 now:

sudo netstat -anp | grep apache
tcp        0      0 45.33.101.38:8080       0.0.0.0:*               LISTEN      130895/apache2
tcp        0      0 127.0.0.1:8081          0.0.0.0:*               LISTEN      130895/apache2
tcp        0      0 45.33.101.38:8443       0.0.0.0:*               LISTEN      130895/apache2
tcp6       0      0 2600:3c02::f03c:93:8080 :::*                    LISTEN      130895/apache2
tcp6       0      0 2600:3c02::f03c:93:8443 :::*                    LISTEN      130895/apache2

But I still can’t seem to get the site to load. It always loads the webmail:

curl -6L bhccwga.org
<!DOCTYPE html>

<html lang="en">

<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Roundcube Webmail :: Welcome to Roundcube Webmail</title>

What am I missing?

andrewnewby · February 15, 2023, 8:46am

OMG I’m such a muppet!

I assumed that if you did Apache as the main front end, it would actually be listening on port 80, and then forwarding to nginx for stuff like JS/CSS/images. But actually, nginx is still in the front - but just passes back to Apache. So rolling back the changes I made to Apache, I then set my script to edit these templates:

/usr/local/hestia/data/templates/web/nginx

default.tpl / .stpl

…and add in the relevant ipv6 listeners - ie

    listen      %ip%:%proxy_port%;
    listen      [::]:%proxy_port%;

and

    listen      %ip%:%proxy_ssl_port% ssl http2;
    listen      [::]:%proxy_ssl_port% ssl http2;

And now it works!!! Wahoo!

eris · February 15, 2023, 8:52am

That is why I told you it should be fine to update only the nginx template

Thanks for the 25 euro

andrewnewby · February 15, 2023, 8:54am

haha yes sorry, my misunderstanding. I assumed Apache was at the frontend, and then nginx as a way to pass back to. You live and you learn! (and waste hours of time breaking stuff )

Thanks for the 25 euro

NP. Its not a lot, but hopefully it helps. Most of the stuff I do is hobbies, but I do appreciate all the work you (and the team) put into Hestia

ismailsabribinyaakob · October 8, 2023, 3:18pm

Raphael, can I help add this functionality by paying you and your team? Is US $100 per day * 30 days = US $3000 per month okay? How long does the HestiaCP need to complete IPV6 support? 1 month? 2 months? 6 months?