Since I just created another post with my first question where I need help, I would like to contribute to the forum on a topic where I know the solution. I am a fan of short and specific steps that can be of help to anyone, not just admin experts. So here it is, all in one place:
EE is not setup to enable IPv6. The workaround is a few modifications that need to be done for every website you install with EE. It’s really easy, but also very annoying so I wish this will be taken care of in the next EE release, maybe with an –IPv6 switch.
Motivation: In my case it was not only a desire to support IPv6, but I actually had problems connecting to my website without IPv6 enabled on the website. My phone connected fine, but my home PC did not. My ATT U-Verse ISP is IPv6 enabled so I am not sure if that created problems when trying to connect to my website server that might have been partially IPv6 enabled. I had to configure IPv6 in all the required places to be able to access the website. Assuming the website name is mysite.com, here are the steps and files that need to be modified. The new lines are commented with #Add this line.
/etc/nginx/conf.d/force-ssl-mysite.com.conf
server {
listen 80;
listen [::]:80; #add this line
server_name www.mysite.com mysite.com;
return 301 https://mysite.com$request_uri;
}
/var/www/mysite.com/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2; #Add this line
ssl on;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
Note the ssl_ciphers… line at the end of the file does not relate to IPv6, but it’s the solution for certain web browser complaining about weak ciphers with error message: ERR_SPDY_INADEQUATE_TRANSPORT_ SECURITY
Those are the two files you need to update for every site you install (on the same server) .
To enable IPv6 for the admin tools access, you also need to update: /etc/nginx/sites-enabled/22222
server {
listen 22222 default_server ssl http2;
listen [::]:22222 default_server ssl http2; #Add this line
ssl_ciphers AESGCM:HIGH:!aNULL:!MD5;
--
Again, the ssl_ciphers line is not related to IPv6, but needed to address the newly introduced ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY problem with certain web browsers.
After the changes we need to check for syntax errors and restart Nginx: sudo nginx -t sudo service nginx restart //Restart nginx
Now we can test to see that the additional ports listening with IPv6:
sudo lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 22776 root 12u IPv4 190830 0t0 TCP *:http (LISTEN)
nginx 22776 root 13u IPv6 190831 0t0 TCP *:http (LISTEN)
nginx 22777 www-data 12u IPv4 190830 0t0 TCP *:http (LISTEN)
nginx 22777 www-data 13u IPv6 190831 0t0 TCP *:http (LISTEN)
To check the other ports also:
sudo lsof -i :443
sudo lsof -i :22222
The last thing worth mentioning is that besides these Nginx mods, IPv6 should be enabled for the host itself in /etc/hosts. For the example below the hostname is “myhost” and the site name” mysite.com” is used in the Fully Qualified Domain Name (FQDN) myhost.mysite.com. The hostname used here should be the same as defined in /etc/hostname. Note that the FDQN site name can be different than the domain website name(s) being hosted, but I use the same hostname as one of the website domain names.
/etc/hosts
127.0.0.1 localhost
127.0.1.1 ubuntu.members.linode.com Ubuntu //Default for Linode
[IPv4 address here] myhost.mysite.com myhost
[IPv6 address here] myhost.mysite.com myhost
Don’t forget to add AAAA DNS records with the IPv6 address for the domain name server and/or Cloudflare.
Finally, it’s good to check that the SSLs and IPv6 work for the website are working from the outside: https://www.ssllabs.com/ssltest/
Again, these are very easy workarounds. It should incorporate this into next release of EE. This way we don’t have to manually go in and update the files every time. A command switch such as -IPv6 would be great.