- cyberciti.biz has address 74.86.48.99
- cyberciti.biz has IPv6 address 2607:f0d0:1002:11::4
Linux Apache IPv6 Configuration
# vi httpd.confTo make the server accept connections on 74.86.48.99 and port 80, use:
Listen 74.86.48.99:80IPv6 addresses must be surrounded in square brackets and port 80, use
Listen [2607:f0d0:1002:11::4]:80Save and close the file. Restart / reload Apache:
# service httpd restartVerify Apache Is Working In Dual Stack Mode
Use netstat command as follows:# netstat -tulpn | grep :80Sample Outputs:
tcp 0 0 74.86.48.99:80 0.0.0.0:* LISTEN 4473/httpd
tcp 0 0 2607:f0d0:1002:11::4:80 :::* LISTEN 4473/httpd
Configure iptables to Allow Access to the Web Server Via IPv6
The default Ip6tables configuration does not allow inbound access to the HTTP (80) and HTTPS (443) ports used by the web server. This modification allows that access, while keeping other ports on the server in their default protected state. Edit /etc/sysconfig/ip6tables (IPv6 firewall configuration file under CentOS / RHEL / Fedora).# vi /etc/sysconfig/ip6tablesAdd the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT chain:
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 80 -j ACCEPTAdd the following if you have configured HTTPS port:
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 443 -j ACCEPTSave and close the file. Restart firewall, enter:
# service ip6tables restartDual Stacked IPv4 and IPv6 Virtual Hosts Configurations
You need to update httpd.conf as follows for dual stacked httpd virtual hosting:#IPv4 configurationSave and close the file. Restart Apache web server:
<VirtualHost 74.86.48.99>
ServerAdmin webmaster@cyberciti.com
DocumentRoot /home/httpd/cyberciti.biz/http
ServerName cyberciti.biz
ServerAlias www.cyberciti.biz
ErrorLog logs/cyberciti.biz-error_log
TransferLog logs/cyberciti.biz-access_log
ErrorLog "/home/httpd/cyberciti.biz/logs/error.log"
CustomLog "/home/httpd/cyberciti.biz/logs/access.log" common
ScriptAlias /cgi-bin/ "/home/httpd/cyberciti.biz/cgi-bin/"
# For php5 fastcgi add +ExecCGI
<Directory "/home/httpd/cyberciti.biz/http">
Options -Indexes FollowSymLinks +ExecCGI
AllowOverride AuthConfig FileInfo
AddHandler php5-fastcgi .php
Action php5-fastcgi /cgi-bin/php.fcgi
Order allow,deny
Allow from all
</Directory>
# Default cgi-bin perms
<Directory "/home/httpd/cyberciti.biz/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
# Ipv6 config, note down log files
<VirtualHost [2607:f0d0:1002:11::4]>
ServerAdmin webmaster@cyberciti.com
DocumentRoot /home/httpd/cyberciti.biz/http
ServerName cyberciti.biz
ServerAlias www.cyberciti.biz
ErrorLog logs/cyberciti.biz-error_log
TransferLog logs/cyberciti.biz-access_log
ErrorLog "/home/httpd/cyberciti.biz/logs/ipv6.error.log"
CustomLog "/home/httpd/cyberciti.biz/logs/ipv6.access.log" common
ScriptAlias /cgi-bin/ "/home/httpd/cyberciti.biz/cgi-bin/"
# For php5 fastcgi add +ExecCGI
<Directory "/home/httpd/cyberciti.biz/http">
Options -Indexes FollowSymLinks +ExecCGI
AllowOverride AuthConfig FileInfo
AddHandler php5-fastcgi .php
Action php5-fastcgi /cgi-bin/php.fcgi
Order allow,deny
Allow from all
</Directory>
# Default cgi-bin perms
<Directory "/home/httpd/cyberciti.biz/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
# service httpd restartA Note About BSD PF Firewall
You need to update /etc/pf.conf as follows under OpenBSD / FreeBSD operating systems:# define Ipv6 ipsSave and close the file. Reload pf firewall:
apache_ipv6 = "{ 2607:f0d0:1002:11::4 }"
# Open port 80
pass in on $ext_if inet6 proto tcp from any to $apache_ipv6 port http keep state
# Open port 443
pass in on $ext_if inet6 proto tcp from any to $apache_ipv6 port https keep state
# /etc/rc.d/pf reloadOR
# /sbin/pfctl -nf /etc/pf.conf && /sbin/pfctl -f /etc/pf.conf
No comments:
Post a Comment