Web and Mail Servers with IPv6

Apache with Dual Stack

In regard to the web server, if you have used an Apache standard configuration without virtual hosts thus far, typically no further settings are required. But, the situation is different if you work with virtual hosts. In this case, you need to look at the NameVirtualHost directive, which binds multiple virtual hosts to an IP address. The directive is suitable for IPv4 and IPv6 alike:

# Standard for IPv4
# For an IPv6 address
NameVirtualHost [2a01:238:10b:3000::1]
# For all usable addresses
# incl. IPv4 and IPv6
NameVirtualHost *

Brackets are essential for the IPv6 addresses because NameVirtualHost expects a colon to separate the IP address and the port number, but the IPv6 addresses also use colons. Depending on how the virtual hosts are configured on Apache, you may need to create a duplicate of the VirtualHost sections. As a general rule, if the VirtualHost directive specifies a domain name, this is sufficient to reach the virtual host via IPv4 and IPv6 .

If the Apache configuration for virtual hosts is based on IP addresses, you need to have a section for each. You can copy the existing IPv4 configuration and replace the IPv4 addresses with IPv6 addresses in the copy (Listing 1). If multiple virtual hosts share an IP address, the corresponding NameVirtualHost entry is mandatory. If you use multiple VirtualHost entries, you might want to write errors to different error logfiles to speed the process of locating IPv6-related errors.

Listing 1: Multiple Virtual Hosts
01 <VirtualHost>
02     ServerName domain1.de
03     ServerAlias www.domain1.de
04 [...]
05 </VirtualHost>
06 <VirtualHost [2a01:238:10b:3000::1]:80>
07     ServerName domain1.de
08     ServerAlias www.domain1.de
09 [...]
10 </VirtualHost>

Virtual Domains

If the IPv6 assignment means that you have at least a /64 IPv6 network, you can now assign a separate IPv6 address to each virtual host. After doing so, the virtual web servers no longer need to share IPv6 addresses and the NameVirtualHost is redundant. With this method, each virtual host can use its own SSL certificate. This approach is useful in practical terms if you do the same thing for IPv4, because the overwhelming majority of users will use IPv4 clients to surf your site. If you use multi-domain or wildcard certificates, you don’t need to worry. It will always assign the same SSL key and the same SSL certificate to the VirtualHost .

Related content

comments powered by Disqus