Quick hack to enable ipv6 for all vhosts

Hello everyone,

I have been running HestiaCP v1.3.2 on Debian 10.6 and nginx is configured in front of apache as a reverse proxy.

I know that ipv6 is on the roadmap (https://github.com/hestiacp/hestiacp/issues/429), but it’s not here yet.

Nevertheless, there is a quick and simple way to enable it for nginx sites, simply by adding an extra listen directive in the existing ipv4 vhost.

Since there is no way to configure the IPv6 address using the web-ui, we have to manually edit the config file (/usr/local/hestia/data/users/$user/web.conf) and add the IPv6 address in the IP6 field.

e.g.

[email protected]:~# cat /usr/local/hestia/data/users/admin/web.conf
DOMAIN=‘potato.irc.gr’ IP=‘95.111.231.144’ IP6=‘2a02:c207:2041:3109::1’ CUSTOM_DOCROOT=’’…

And then run this script I’ve quickly hacked, to create the listen directive needed.

[email protected]:~# cat bin/v-add-web-domains-ipv6
#!/bin/bash
# configure ipv6 for all vhosts

USERS="$(v-list-users plain | awk '{print $1}')"
for u in ${USERS}; do
        DOMAINS="$(v-list-web-domains ${u} plain | awk '{print $1}')"
        for d in ${DOMAINS}; do
                source /usr/local/hestia/data/users/${u}/web.conf

                if [ -n "$IP6" ]; then
                        echo "listen [${IP6}]:80;" > /home/${u}/conf/web/${d}/nginx.conf_ip6
                        [ "$SSL" == "yes" ] && echo "listen [${IP6}]:443 ssl http2;" > /home/${u}/conf/web/${d}/nginx.ssl.conf_ip6
                else
                        rm -f /home/${u}/conf/web/${d}/nginx.conf_ip6
                        [ "$SSL" == "yes" ] && rm -f /home/${u}/conf/web/${d}/nginx.ssl.conf_ip6
                fi
        done
done

nginx -t && systemctl reload nginx

Here is the script output…

[email protected]:~# cat /home/admin/conf/web/potato.irc.gr/nginx.conf_ip6
listen [2a02:c207:2041:3109::1]:80;
[email protected]:~# cat /home/admin/conf/web/potato.irc.gr/nginx.ssl.conf_ip6
listen [2a02:c207:2041:3109::1]:443 ssl http2;

You may now add an AAAA record in the DNS zone file and it shall work :wink:

Please note that this is only a quick hack.
It only works for websites behind the nginx service.
It does not substitute proper ipv6 support in HestiaCP’s core.

Thanks,
Sot.

7 Likes

thanks for the guide mate, actually it works like a charm but unfortunately if there is any other user than admin, this shows SSL error and fetch SSL from default admin web. please help regarding this.

Can you share more details please?
I can’t understand the problem from your description.

hey mate I’ll give you access to my testing server tomorrow then you’ll check it yourself.