Serving Requests on IPv6 with Nginx. ๐Ÿณ

Serving Requests on IPv6 with Nginx. ๐Ÿณ

  • bubblin
  • 2 minutes
  • October 10, 2018

ipv6 ready logo @bubblin

A few days ago one of our readers reached out on our support channel to tell us that Bubblin wouldnโ€™t work for them. The site wouldnโ€™t simply load on their browser.

After a little back and forth we picked up that our nginx web server lacked IPv6 support. We werenโ€™t listening to the requests made over the IPv6 network. If you donโ€™t know already IPv6 stands for Internet Protocol Version 6 and it is intended to replace the older IPv4 network. IPv4 is what our web has been running on for the past three decades.

Recently Google came out with the adoption metrics of IPv6 around the world and as of October 2018 over twenty five percent of the Internet is on the new protocol. From the graph it appears that these numbers will rise quickly and over half of the web is expected to soon be served over IPv6 in the coming few years.

A more important piece of data here is that a significant percentage of those on IPv6are exclusively so. Therefore, those folks cannot view your website unless your web server isnโ€™t configured to listen for requests on the new protocol. (Confirmatory update from the IPv6 community.)

ipv6 metrics

Anyway, enough said. On this post we will take up configuring nginx for IPv6 for Bubblin.

Set the Quad-A record first.

The first step is to add an AAAA Record on the DNS Manager. I needed a public IP on IPv6 to do so, so I requested Linode our hosting provider to give me one. And they promptly did.

I went ahead and added an AAAA record with a public IPv6 on our remote access panel or DNS manager, like so:

ipv6 metrics

See those ugly looking records with IPv6 option (bottom three rows) shown above?

Changes to DNS take some time to percolate so I saved the settings and logged out of the DNS manager. Now we can focus on configuring nginx for IPv6 next.

Configuring Nginx for IPv6

Now Bubblin is delivered on a strict https protocol so we are effectively redirecting all our traffic from http โ†’ https permanently. I recommend using (and donating to) Letsencrypt with Certbot to secure an industry-grade SSL certificate for Bubblin.

Given below is an excerpt from our nginx.conf.erb on production:


#  $ sudo vi ~/.etc/nginx/sites-available/bubblin_production
#  add listen [::]:80 ipv6only=on; for requests via insecure protocol (http).

server {
    listen 80;
    listen [::]:80 ipv6only=on;
    server_name <%= fetch(:nginx_server_name) %> www.<%= fetch(:nginx_server_name) %>;
    rewrite ^(.*) https://$host$1$request_uri permanent;
}

#  add listen [::]:443 to listen for requests over IPv6 on https.
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name www.<%= fetch(:nginx_server_name) %>;

  # Other SSL related stuff here.

  rewrite ^ https://$host$1$request_uri permanent;

}

# add listen [::]:443 ssl http2; on the final server block.

server {

  // Plenty of nginx config here.

  listen 443 ssl http2; # managed by Certbot
  listen [::]:443 ssl http2;

  # Add HSTS header with preloads
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

}

Thatโ€™s it. Youโ€™re all set for listening on IPv6 now.

Notice the listen [::]:80 ipv6only=on; directive in the server block and the HSTS directive placed at the bottom. That does the trick for nginx.

To test your config:

$ sudo nginx -t

// if test is successful then:

$ sudo nginx -s reload

I noticed that our DNS had percolated by the time our nginx config was prepared (though sometimes it can take up to a day) so it was time to test the site availability on IPv6. Using curl:

$ curl https://bubblin.io -6

Done.


Hi, Iโ€™m Marvin Danig, CEO and Cofounder of Bubblin.

Follow me on Twitter or Github perhaps?

P.S.: Reading books helps to groom our attention span.ย 

About the author

Marvin Danig

I write code with my bare hands. ๐Ÿ’ช๐Ÿป Yammer about Bubblin all day.

https://bubblin.io/marvin