IPv6 Certification Program Topics > General Discussion

Software configs

<< < (3/3)

DOMBlogger:
Note on the Apache config - since IPv6 addresses are readily available, I'm doing virtual hosts a wee bit differently.
Example domain.net.conf in my /etc/httpd/conf.d directory:


--- Code: ---NameVirtualHost [2600:3c00::xx:yyyy]:80

<VirtualHost nnn.nnn.nnn.nnn:80>
ServerName www.domain.tld
DocumentRoot "/srv/domains/domain.tld/www"
ErrorLog logs/www.domain.tld.error_log
CustomLog logs/www.domain.tld.access_log combined
</VirtualHost>

<VirtualHost [2600:3c00::xx:yyyy]:80>
ServerName www.domain.tld
DocumentRoot "/srv/domains/domain.tld/www"
ErrorLog logs/www.domain.tld.error_log
CustomLog logs/www.domain.tld.access_log combined
</VirtualHost>

<VirtualHost nnn.nnn.nnn.nnn:80>
ServerName domain.tld
RewriteEngine On
RewriteRule ^(.*)$ http://www.domain.tld$1 [R]
</VirtualHost>

<VirtualHost [2600:3c00::xx:yyyy]:80>
ServerName domain.tld
RewriteEngine On
RewriteRule ^(.*)$ http://www.domain.tld$1 [R]
</VirtualHost>

<Directory "/srv/domains/domain.tld/www">
  Options FollowSymLinks
  AllowOverride All
</Directory>

<Directory "/srv/domains/domain.tld/www/junk">
  Options FollowSymLinks Indexes
  AllowOverride All
</Directory>

--- End code ---

I probably could (and should) combine the top two into 1 and bottom two into 1.

IPv4 address is used for several domains.
IPv6 is used only for the specific domain.tld and www.domain.tld - which is why the domain specific conf file is where the NameVirtualHost for the IPv6 goes (and is actually only needed for the mod_rewrite when the non www domain is requested)

Using a unique IP for each domain.tld in IPv6 lets me use that same unique IPv6 for each domain on port 443.

I know most if not every browser that supports IPv6 also supports NSI but since NSI isn't really needed for IPv6 - I don't want to rely on the NSI support being there, so if I ever want/need to add an SSL host to that domain, it's good to already have a unique IPv6 for it.

IPv4 users - well, they might get an SSL cert mis-match, as I do not wish to be greedy with IPv4 address.

Only potential issue I see is I may need to issue kernel directive to increase number of IPv6 addresses (I think default max is 16 on RHEL/CentOS 6, I'll have to check. Increasing it isn't hard though)

gaomizhe001:

--- Quote from: DOMBlogger on September 15, 2011, 07:54:35 AM ---Note on the Apache config - since IPv6 addresses are readily available, I'm doing virtual hosts a wee bit differently.
Example domain.net.conf in my /etc/httpd/conf.d directory:


--- Code: ---NameVirtualHost [2600:3c00::xx:yyyy]:80

<VirtualHost nnn.nnn.nnn.nnn:80>
ServerName www.domain.tld
DocumentRoot "/srv/domains/domain.tld/www"
ErrorLog logs/www.domain.tld.error_log
CustomLog logs/www.domain.tld.access_log combined
</VirtualHost>

<VirtualHost [2600:3c00::xx:yyyy]:80>
ServerName www.domain.tld
DocumentRoot "/srv/domains/domain.tld/www"
ErrorLog logs/www.domain.tld.error_log
CustomLog logs/www.domain.tld.access_log combined
</VirtualHost>

<VirtualHost nnn.nnn.nnn.nnn:80>
ServerName domain.tld
RewriteEngine On
RewriteRule ^(.*)$ http://www.domain.tld$1 [R]
</VirtualHost>

<VirtualHost [2600:3c00::xx:yyyy]:80>
ServerName domain.tld
RewriteEngine On
RewriteRule ^(.*)$ http://www.domain.tld$1 [R]
</VirtualHost>

<Directory "/srv/domains/domain.tld/www">
  Options FollowSymLinks
  AllowOverride All
</Directory>

<Directory "/srv/domains/domain.tld/www/junk">
  Options FollowSymLinks Indexes
  AllowOverride All
</Directory>

--- End code ---

I probably could (and should) combine the top two into 1 and bottom two into 1.

IPv4 address is used for several domains.
IPv6 is used only for the specific domain.tld and www.domain.tld - which is why the domain specific conf file is where the NameVirtualHost for the IPv6 goes (and is actually only needed for the mod_rewrite when the non www domain is requested)

Using a unique IP for each domain.tld in IPv6 lets me use that same unique IPv6 for each domain on port 443.

I know most if not every browser that supports IPv6 also supports NSI but since NSI isn't really needed for IPv6 - I don't want to rely on the NSI support being there, so if I ever want/need to add an SSL host to that domain, it's good to already have a unique IPv6 for it.

IPv4 users - well, they might get an SSL cert mis-match, as I do not wish to be greedy with IPv4 address.

Only potential issue I see is I may need to issue kernel directive to increase number of IPv6 addresses (I think default max is 16 on RHEL/CentOS 6, I'll have to check. Increasing it isn't hard though)

--- End quote ---

Navigation

[0] Message Index

[*] Previous page

Go to full version