Setting up your server for IPv6 (nginx). 🐳


Few weeks ago one of our readers reached out that our site wouldn’t load for them. We traced the issue back to how our site’s internals had been set up—ala the DNS, web-server (we use nginx) and Linode.

We were not listening for requests over the IPv6 network.

Raul Ta∎∎∎∎ <∎∎∎∎∎∎∎∎∎@gmail.com>
Sep 15, 2018, 12:19 PM to contact

Hello.

I recently happened upon the Bubblin blog while I had only IPv6 enabled. Unfortunately it lacks IPv6 support and thus failed to load.
Is this something that could be fixed?

Thanks in advance,
Raul

Google came out with stats on IPv6 adoption lately (October 2018) and the numbers are rising steadily. Twenty five percent of the web is using IPv6 and from the graph it appears that over half will be onboard in just a few years.

ipv6 adoption @bubblin

It is therefore important to adapt and be ready for the change-over and that is exactly what we did for Bubblin.

Here’s how:

AAAA Record.

The first step is to add an AAAA Record on your DNS Manager. You’ll need a public IP on IPv6 so you might have to request it from your hosting provider. We’re on Linode so we went ahead and added it from our Remote Access panel.

AAAA record linode

Changes to DNS take some time to percolate so the next step we’re going to focus on is configuring nginx for IPv6.

Nginx over IPv6

Bubblin is delivered over strict https protocol so we’re permanently redirecting all traffic on http → https. Given below is an excerpt from our nginx.conf.erb on production:




#  $ sudo vi ~/.etc/nginx/sites-available/bubblin_production
#  add listen [::]:80 ipv6only=on; for requests via insecure protocol (http).

server {
    listen 80;
    listen [::]:80 ipv6only=on; 
    server_name <%= fetch(:nginx_server_name) %> www.<%= fetch(:nginx_server_name) %>;
    rewrite ^(.*) https://$host$1$request_uri permanent;
}

#  add listen [::]:443 to listen for requests over IPv6 on https.
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;  
  server_name www.<%= fetch(:nginx_server_name) %>;

  # Other SSL related stuff here.
  
  rewrite ^ https://$host$1$request_uri permanent; 

}

# add listen [::]:443 ssl http2; on the final server block.

server {
  
  // Plenty of nginx config here.

  listen 443 ssl http2; # managed by Certbot
  listen [::]:443 ssl http2;

  # Add HSTS header with preloads
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

}

Hit save and test your nginx configuration with:

$ sudo nginx -t

# If the test is ok, then: 

$ sudo nginx -s reload

Now to test if your website is available on IPv6, from your local:

$ curl https://bubblin.io -6

The page from your site should load correctly.

That’s all for now folks. Keep reading more books, improve your attention span on web. ❤️


Follow me on Twitter or on Github.

P.S.: Did you know that Bubblin Superbooks is a blissful new way to read and share books on web.