From bf03e1497d4d4bb455eb4718591b24f57d0c9fc1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 25 Sep 2019 21:19:06 +0900 Subject: [PATCH] blog: how to enable ipv6 in applications --- .../contents.lr | 106 ++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 content/u/blog/how-to-enable-ipv6-in-applications/contents.lr diff --git a/content/u/blog/how-to-enable-ipv6-in-applications/contents.lr b/content/u/blog/how-to-enable-ipv6-in-applications/contents.lr new file mode 100644 index 0000000..42074ea --- /dev/null +++ b/content/u/blog/how-to-enable-ipv6-in-applications/contents.lr @@ -0,0 +1,106 @@ +title: How to enable IPv6 in applications +--- +pub_date: 2019-09-26 +--- +author: Team ungleich +--- +twitter_handle: ungleich +--- +abstract: +New to IPv6? Wondering how to enable IPv6 in your favorite +application? Then this blog entry is for you. +--- +body: + +In this blog article you'll find some hints on how to enable IPv6 for +various applications. + +## nginx + +The web server nginx by default only listens to IPv4 if you use +the standard `listen *:80;` directive. To enable IPv6, use +`listen [::]:80;`. So for a dual stack server, your configuration +could look as follows: + + +``` +server { + listen *:80; + listen [::]:80; + + ... + +} + +``` + +## haproxy + +There are various interesting configuration options in HAProxy related +to IPv6. Let's have a look at each of them! + +To enable IPv6 transport for the local logging, use `log [::1]` in the +global section: + +``` +global + log [::1] local2 + ... + +``` + +If you want a frontend to listen to either IPv6 or IPv4 only, you can +use the `ipv6@` prefix as follows: + +``` +# IPv6 http frontend +frontend httpipv6 + bind ipv6@:80 + mode http + + +# IPv4 http frontend +frontend httpipv4 + bind ipv4@:80 + mode http + ... + +``` + +If you want to connect to the backends only via a specific protocol, +we can use the prefix syntax there as well: + +``` +backend httpipv4 + mode http + use-server ungleich.ch if { hdr(host) -i ungleich.ch } + server ungleich.ch ipv6@ungleich.ch + ... +``` + +To proxy IPv6 requests to IPv4 only [twitter](https://twitter.com), you could +use the following configuration: + +``` +# ipv6 https +frontend httpsipv6 + bind ipv6@:443 + mode tcp + option tcplog + tcp-request inspect-delay 5s + tcp-request content accept if { req_ssl_hello_type 1 } + default_backend httpsipv6 + +backend httpsipv6 + mode tcp + use-server twitter.com if { req_ssl_sni -i twitter.com } + server twitter.com ipv4@twitter.com +``` + + +## Other applications + +If you know about other applications or want to enhance one of our +configuration, we invite you to join the [IPv6 +chat](https://IPv6.chat) or [write to us on +Twitter](https://twitter.com/ungleich).