Linode Forum

[pannix]

Just like I finally felt ready to move my first site from shared-hosting to self-hosting, Linode changes the game by adding IPv6 into the mix. Not funny :wink:

What does this mean for a LEMP (ubuntu)? :?

Enabling it for your linode seems simple enough.
I found how to add an entry for IPv6 in the /etc/hosts
The firewall ufw seems to support IPv6 by default. I have opened 3 ports (22,80,443) and when I execute the command ufw status they are listed twice ("ALLOW Anywhere" and "Allow Anywhere (v6)")
Nginx is installed with IPv6 support. Do I have to do anything else but uncommenting "listen [::]:80 default ipv6only=on;" for the virtual hosts? I am not to sure about the ipv6only, should I remove that?
I have configured php5-fpm to use unix sockets instead of tcp, so no changes here?
What changes do I have to make in the Linode DNS manager? What changes do I have to make with my registrar?
What about Fail2Ban?
What about Logwatch (and postfix)?
What about MySQL and phpmyadmin?
Munin?
SSH?
awstats?
Anything I overlooked? Or should I do nothing?

Thanks.

[hoopycat]

Cherry-picking the parts I know about:

pannix wrote: Nginx is installed with IPv6 support. Do I have to do anything else but uncommenting "listen [::]:80 default ipv6only=on;" for the virtual hosts? I am not to sure about the ipv6only, should I remove that?

I'm not using ipv6only, but I do explicitly list each IP I want to listen on. I have:

Code: listen 192.0.2.1:80;
listen [2001:db8::123]:80;


I can verify this with netstat -ntl:

Code: $ netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
tcp        0      0 192.0.2.1:80            0.0.0.0:*               LISTEN     
tcp6       0      0 2001:db8::123:80        :::*                    LISTEN     


Quote: I have configured php5-fpm to use unix sockets instead of tcp, so no changes here?

If your applications care about IPs, they will have to deal with IPv6 addresses showing up in HTTP_REMOTE_ADDR, etc.

Quote: What changes do I have to make in the Linode DNS manager?

For each A record you have, add a second AAAA record with the IPv6 IP. (No square brackets or anything, just the IP.

Quote: What changes do I have to make with my registrar?

Nothin'! The changes have already been made (assuming you're using ns(1..5).linode.com for your nameservers). Drilling down on a Linode-hosted domain:

Code: ;; Received 490 bytes from 2001:500:2d::d#53(d.root-servers.net) in 39 ms
;; Received 291 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 96 ms
;; Received 307 bytes from 2600:3c01::a#53(ns2.linode.com) in 97 ms


Quote: What about Fail2Ban?
What about Logwatch (and postfix)?
What about MySQL and phpmyadmin?

fail2ban and logwatch might choke a bit, but I use neither. postfix is happy with IPv6. MySQL doesn't need to know about IPv6, phpmyadmin doesn't care enough.

Quote: Munin?

If you're using the ip_ plugin (the one with the magic iptables rules), it won't work with IPv6 addresses. I have forked and modified it to work. I suspect the real ip_ plugin ought to be fixed by now, though, since it was 90% of the way there...

Quote: SSH?

Happy as a clam.

Quote: awstats?

Probably OK. Most log parsers learned long ago to not think too hard about what web servers stick in the remote address field. I think the worst that can happen is it won't recognize an IPv6 address as a network address (big-endian, resolve to group by top-level domain) and will instead try to treat it as a hostname (little-endian, resolve to group by network block). That would be a bug, if it's the case.

tl;dr: try it and see

[glg]

pannix wrote:
[*]awstats?

doesn't care, but if you're using the geoip databases, those lookups won't work, because the databases they use don't have ipv6 in them yet