Previously we discussed about Nginx IPv6 reverse proxy with SSL to add IPV6 to IPV4 ONLYservers. In this guide we will write in an easy way the same matter in a way that any level of user who has no working experience with IPV6 can easily add own IPV6. Additionally we will give full working configurations.
There are virtual servers like VPSDime or dedicated servers which does not cost a bomb but IPV6 is kept to off. In such cases, using Aruba Cloud like services with their 1GB RAM at 1 Euro per month instances with IPV6, you can easily create globally available, geographically distributed network. You need a good DNS service like Dyn DNS or just free of cost Hurricane Electric DNS for easy to deploy configuration. Your main server has an IPV4 address which is A record on DNS. After following this guide, you will get an IPV6 from other server like Aruba in our example, which you can add as AAAA record in DNS. IPV6 usually a set of address and many a times users find difficult find own IPV6 address. We will cover it too.
Steps To Use Nginx IPV6 Reverse Proxy With SSL To Add IPV6 To Your Website
First follow your way or our way to setup a server (important as we talked about how to secure the server too) on Aruba like cheaper virtual server service where servers have IPV6 support at budget.
---
Next step is simply installing Nginx, as for Ubuntu :
1 2 3 | apt update apt upgrade apt install nginx-extras |
We have two files to configure :
1 2 | /etc/nginx/sites-available/default /etc/nginx/nginx.conf |
First, open the /etc/nginx/nginx.conf file :
1 | nano /etc/nginx/nginx.conf |
and add these within http { } context :
1 2 3 4 | proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=backcache:8m max_size=50m; proxy_cache_key "$scheme$request_method$host$request_uri$is_args$args"; proxy_cache_valid 200 302 10m; proxy_cache_valid 404 1m; |
Save the file. Create the /var/lib/nginx/cache directory and make it writable :
1 2 3 | sudo mkdir -p /var/lib/nginx/cache sudo chown www-data /var/lib/nginx/cache sudo chmod 700 /var/lib/nginx/cache |
Next open /etc/nginx/sites-available/default :
1 | nano /etc/nginx/sites-available/default |
Make it like this, where http://thecustomizewindows.com is your website hosted on IPV4 only server :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | server { listen 80; listen [::]:80 ipv6only=on; server_name localhost; location / { proxy_pass http://thecustomizewindows.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443; listen [::]:443 ssl http2 ipv6only=on; server_name localhost; # SSL configuration starts ssl on; ssl_certificate /etc/nginx/ssl/bundle.crt; ssl_certificate_key /etc/nginx/ssl/thecustomizewindows.com.key; ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_trusted_certificate /etc/nginx/ssl/root-inter.cert; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_prefer_server_ciphers on; # SSL configuration ends location / { proxy_pass https://thecustomizewindows.com:443; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } |
Run nginx -t command to test and restart Nginx with service Nginx restart command. If that server’s IP is 31.14.138.110, with cURL, you’ll get 301 header on the HTTPS :
1 2 3 4 5 6 7 8 | curl -I -k https://31.14.138.110 HTTP/1.1 301 Moved Permanently Server: nginx/1.10.0 (Ubuntu) Date: Sat, 03 Jun 2017 08:31:07 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Strict-Transport-Security: max-age=31536000; includeSubDomainsi; preload ... |
It is from that IPV4 server, it is not IPV6. This thing will happen :
1 2 3 4 5 6 7 8 | A Record AAAA Record +-------------------+ +---------------------+ | Dedicated Server |====>| Virtual Server | ===> Headers and HTML passed | | | With IPv6 running | | With IPv4 Only | | Nginx reverse proxy | | running Apache | +---------------------+ | or Nginx | +-------------------+ |
After everything is complete, add the IPV6 as AAAA record on DNS with very low TTL like 5 minutes. Test your website for IPV6 by browsing with online free IPV6 proxy browser here :
1 | http://www.ipv6proxy.net |
How I Will Know My IPV6?
Run this command :
1 | /sbin/ifconfig eth0 | awk '/inet6/{print $3}' |
You’ll get output like this :
1 2 | fe80::250:56ff:fe95:ff3/64 2a00:6d40:40:506e::1/64 |
The second one set, i.e. 2a00:6d40:40:506e::1/64 likely to be your set of IPV6 IP. The First part is :
1 | 2a00:6d40:40:506e::1 |
That is your one IPV6 address. You can do cURL with it on server :
1 | curl -I -k https://[2a00:6d40:40:506e::1] |
You’ll receive 301 header :
1 2 3 4 5 6 7 | curl -I -k https://[2a00:6d40:40:506e::1] HTTP/1.1 301 Moved Permanently Server: nginx/1.10.0 (Ubuntu) Date: Sat, 03 Jun 2017 08:45:28 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive .... |
That is correct. As your server does not have IPV6, there will be 301 from IP but after adding to DNS as AAAA record, you’ll get normal website. Of course, your DNS and CDN must support IPV6 too, else scripts, images will not load from CDN.
Full Nginx IPV6 Reverse Proxy With SSL Configuration On GitHub
We have the full Nginx IPV6 Reverse Proxy with SSL configuration on GitHub to easily use it.
Tagged With nginx ipv6 , can nginx reverse proxy to extrenal ip address , ip proxy ssl , proxy forward ipv6 localhost traffic to ipv4 nginx , reverse proxy nginx ipv6 , nginx proxypass ipv6 localhost , nginx remote_addr ipv6 , x-forwarded-for nginx ipv6 , nginx https ipv6 deaktivieren , how to make a one to one connection in ipv6 using nginx?