Ipv6 for the content provider

Antonio Querubin tony at lava.net
Wed Jan 26 22:56:01 UTC 2011


On Wed, 26 Jan 2011, Owen DeLong wrote:

>>  Listen a.b.c.d:80         ->  Listen 80
>>  <Virtualhost a.b.c.d:80>  ->  <Virtualhost *:80>
>>
> That only works if you have only one address on the machine and.

Actually it works fine on machines with multiple IP addresses for both 
FreeBSD and CentOS.  And IPv6 enabled servers can easily have multiple 
IPv6 addresses.

> If you have addresses that aren't intended for name-based-site-A but
> do terminate SSL connections to sites B, C, and D, then you probably
> don't want to use * for site A.

Generally, I've found this doesn't really matter too much since the view 
from the outside world to the server will be funneled via DNS records. 
Site A can still be referenced by a * in the Apache config since the A and 
AAAA records will probably reference only the name-based IP addresses for 
the server while sites B, C, and D DNS records reference site-specific 
addresses also residing on the same server.  The bottom line is that the 
Apache config can be kept simple and free of hard-coded addresses except 
where absolutely necessary.

>> Use hard-coded IP addresses only where required for stuff like SSL-enabled webhosts.
>>
> Depends on the complexity of your environment. In a more complex configuration
> you can actually save yourself a lot of trouble and confusion later by using a
> construct like this:
>
> Listen 192.159.10.7:80
> Listen [2620:0:930::dead:beef:cafe]:80
> Listen [2620:0:930::400:7]:80
> <VirtualHost 192.159.10.7:80 [2620:0:930::400:7]:80 [2620:0:930::dead:beef:cafe]
> :80>
> 	ServerName www.delong.com

I'd do that only for the SSL-enabled sites.  Otherwise the generic 
name-based Apache config should work fine for just about everything else.

Antonio Querubin
e-mail/xmpp:  tony at lava.net




More information about the NANOG mailing list