Most Important Part of Apache Web Server is Virtual Host. Commonly we show IPv4 configuration for the beginners. Here is Apache2 IPv6 Virtual Host Configuration For Ubuntu Server. For this guide, we are assuming that the readers are using Ubuntu 16.04 or Ubuntu 18.04 and has followed our guide to install Apache on Ubuntu 18.04. Our guide is different from gross guides on web as we use Ondřej Surý’s PPA and assume that the readers using SSL/TLS with HSTS.
Sample Apache2 IPv6 Virtual Host Configuration For Ubuntu Server
Update and upgrade Ubuntu :
1 2 | apt update -y apt upgrade -y |
In case, you have not installed Apache2, then install it after adding Ondřej Surý’s PPA :
---
1 2 3 4 5 6 | sudo apt-get install software-properties-common sudo add-apt-repository ppa:ondrej/apache2 # hit enter/return key to accept apt update -y apt upgrade -y sudo apt install apache2 |
Normally we activate these modules and restart Apache :
1 2 3 4 5 6 | a2enmod http2 systemctl restart apache2 a2enmod ssl systemctl restart apache2 a2ensite default-ssl systemctl restart apache2 |
Normally for IPv6 we go to /etc/apache2/sites-available/ and check the files :
1 2 | cd /etc/apache2/sites-available/ ls -al |
Usually there are two files – 000-default.conf and default-ssl.conf. For IPv4 we edit them. Apache’s another important file is :
1 | /etc/apache2/apache2.conf |
We have to check for Listen directive. We can cat and grep the two files to check Listen directive :
1 2 3 | cat /etc/apache2/apache2.conf | grep "Listen" cat /etc/apache2/sites-available/000-default.conf | grep "Listen" cat /etc/apache2/sites-available/default-ssl.conf | grep "Listen" |
We can check which ports and type of IP our Apache is listening by running :
1 | netstat -lnptu |grep "apache2\W*$" |
That will return output like this :
1 2 | tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4889/apache2 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4889/apache2 |
That means Apache is not listening to IPv6. It is listening only to port 80 and port 443 of IPv4.
Usually by default there is no Listen directive. Instead we write in this way in /etc/apache2/sites-available/default-ssl.conf file :
1 2 3 4 5 6 7 8 | <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@thecustomizewindows.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log ... ... |
The string _default_ is used with IP virtual hosting to catch unmatched IP addresses. That is good for IPv4 but for IPv6 we need to mention single specific IP for a particular site, otherwise it will open wide door to the script kiddies. IPv6 has special considerations, which are mentioned on official documentation :
1 | https://httpd.apache.org/docs/2.4/bind.html#ipv6 |
That default virtual host example configuration above need to be changed. If our IPv4 is 12.13.14.15 and IPv6 selected is fd13:01ec:a560:534f::50, then we can add listen directive to both ports for both IPv4 and IPv6 :
1 2 3 4 | Listen [fd13:01ec:a560:534f::50]:80 Listen [fd13:01ec:a560:534f::50]:443 Listen 12.13.14.15:80 Listen 12.13.14.15:443 |
We can add the above stanza to /etc/apache2/apache2.conf file. If we add Listen directive to virtual host file like :
1 | cat /etc/apache2/sites-available/default-ssl.conf |
That becomes complex to maintain with just one site on server. It becomes highly complicated for 4+ virtual host files on the server.
And we will write the virtual host files (like /etc/apache2/sites-available/default-ssl.conf) in this way :
1 2 3 4 5 6 7 8 | <IfModule mod_ssl.c> <VirtualHost [fd13:01ec:a560:534f::50]:443 12.13.14.15:443> ServerAdmin webmaster@thecustomizewindows.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log ... ... |
Then we can do a config test :
1 | sudo apache2ctl configtest |
The above system of configuration will decrease the headache during maintenance. Thereafter we can restart Apache :
1 | service apache2 restart |
Then check what Apache is listening to :
1 | netstat -lnptu |grep "apache2\W*$" |
We will get something like :
1 | tcp 0 0 fd13:01ec:a560:534f::50:443 :::* LISTEN 4473/apache2 |
Conclusion
For IPv6, we need to determine the specific IP we are going to use. Then add Listen directive to /etc/apache2/apache2.conf file. Then edit virtual host files like /etc/apache2/sites-available/default-ssl.conf. With all default settings, your server may respond to a specific IPv6 address, but that technically not perfect for various reasons.
