Contributed bymerdelyon from the ipv6-will-save-the-world dept.
Recently, Marc Balmer (mbalmer@) committed an update to OpenBSD's Apache implementation to enable IPv6:
IPv6 has a performance advantage over IPv4. It can help to decrease the page load time from 25ms to 300ms. An interesting report by SUCURI shows 16% of the top 1000 sites in the world support IPv6 and 7% of the top 1 million sites. If not already, it would be good to enable on your site.
There is no one line equivalent to support IPv6, so a small script is required. This is not a production web server, but can easily be used to illustrate how to create a small web sever with virtual paths, which could be expanded to a full RESTful interface (Representational state transfer) or a CGI interface (Common Gateway Interface). It can also be configured to do SSL/HTTPS and IPv6. Minihttpd was written for a couple reasons. One, as an experiment to see just how slow an old-fashioned forking web server would be with today's operating systems. The answer is, surprisingly, not that slow - on FreeBSD 3.2, minihttpd benchmarks at about 90% the speed of Apache. Configure iptables to Allow Access to the Web Server Via IPv6 The default Ip6tables configuration does not allow inbound access to the HTTP (80) and HTTPS (443) ports used by the web server. This modification allows that access, while keeping other ports on the server in their default protected state.
Details about integrating IPv6 into httpd(8) from Marc below.
Marc explains how the IPv6 integration came about and what its impact was:
The IPv6 support for httpd originally comes from KAME. Todd Fries (todd@) had it lying around and provided me with it. I brushed it up a bit and installed in on several machines to make sure it works correctly.
IPv6 support for httpd changed the module ABI [Application Binary Interface], since IPv6 addresses take up more space in memory that IPv4 addresses. This meant that I had to check all modules that we have in base (KAME fixed some of them) and also in ports. I converted all modules to the new ABI and I hope that I did not forget one...
Also the webalizer port that we had did not support logfiles with IPv6 addresses in it, so we switched that to an extended version that supports IPv6 addresses.
He goes on to explain the impact of this update on IPv4 support and what users can expect:
IPv6 programs usually are programmed in an address family independent way, which means they will use IPv6 or IPv4 addresses. Often IPv6 is preferred over IPv4. Many programs have -4 and -6 command line switches to restrict them to the use of IPv4 or IPv6 addresses only.
With httpd we did it slightly different: The default behaviour is to use the IPv4 address family only. There is a command line switch to use IPv6 by default for ambiguous directives like 'BindAddress *', but by default httpd should just behave like it did before. We wanted to avoid the situation where httpd listens on IPv6 addresses after an update without the sysadmin being aware of it. That was also the main issue with all this: Introducing support for IPv6 without breaking IPv4.
So an IPv4 user can just go on as usual, an IPv6 user can use IPv6 addresses in the httpd.conf file where usually IPv4 addresses have been used.
A README.IPv6 has been created with more information.
A handful of standard modules included in base were updated: mod_proxy, mod_ssl, mod_access, mod_unique_id and mod_usertrack. In addition to the webalizer port, mod_perl, mod_security and mod_scgi were updated to handle the changes in httpd.
Thank you to all of the developers that worked to bring IPv6 to OpenBSD's httpd. And thank you, Marc, for sharing the details.
Apache Server Configuration File
Apache has a great number of directives which you can set and manipulate in order to set your server’s behavior.
Every server administrator will often update some of the directives, it all depends on their particular needs. Every person working with the Apache server is likely to encounter these directives.
Apache HTTP Server is configured by placing directives in plain text configuration files, the main configuration file is usually called httpd.conf. The Apache HTTP Server configuration file is /etc/httpd/conf/httpd.conf. The httpd.conf file is well-commented and mostly self-explanatory.
Changes to the main configuration files are only taken by Apache only if started/restarted.It stores information on various functions of the server, which can be edited by removing or adding a number sign “#” at the beginning of the line, thus setting values for each directive.
Apache configuration files contain one directive per line. The backslash “” may be used as the last character on a line to indicate that the directive continues onto the next line. There must be no other characters or white space between the backslash and the end of the line.
Directives in the configuration files are case-insensitive, but arguments of directives are case sensitive. Lines that begin with the hash character “#” are considered comments, and are ignored.
Basic Paths of httpd.conf file in Unix/Linux system.
/var/www/conf/httpd.conf
/usr/local/apache/conf/httpd.conf
/etc/httpd/conf/httpd.conf
httpd.conf on windows
D:xamppapacheconfhttpd.conf
Let’s discuss some most basic directives of Apache Server:
ServerName
The ServerName directive is used to set the host name of the server, this is how the server identifies itself. It uses this name when responding to HTTP requests.
You can set this directive either in the server’s configuration or virtual hosts. The location of your configuration files depend on both the Apache version and Linux distribution.
If the ServerName directive is not specified, the server tries to obtain it by performing a reverse DNS look-up on its IP address. You should always set a ServerName for the server explicitly; it is the only value you need to set to get your server running after installation.
You will have to use the IP address of your machine if you don’t yet have a registered domain name. Otherwise, you would need to add the domain name and IP address to the server’s hosts file- the same as you do with your PC’s hosts file. By doing this, the server checks its hosts file before consulting with the DNS server.
Assuming our domain name is www.examplesite.com and our server’s IP address is 117.220.48.20, you need to add the following line to the server’s hosts file (/etc/hosts):
After editing the hosts file, you need to restart (or stop and start) Apache.
Listen
The Listen directive tells Apache what IP addresses and/or ports it should listen to for incoming requests. If nothing is specified, Apache listens to all addresses and ports on the machine. The default configuration sets the server to listen to port 80, the default port for HTTP communication.
If you only specify an IP address, the server will respond to requests coming to all ports of that address (also called an interface). If only a port number is specified, then Apache responds to requests on the specified port arriving at all interfaces on the machine. If an address and port combination is supplied, then Apache only responds to those specific interface/port combinations.
Centos Httpd Ipv6 Only
If your server installation has separate configuration files, you should be able to find or set this directive in the ports.conf file.
You can find this file in the same location as your Apache configuration files (mine is /etc/apache2/ports.conf, but that might be different for other Apache versions and/or Linux distributions).
Let’s assume our example site is at IP address 117.220.48.20. To set Apache to listen to ports 80 and 443, the respective default ports for HTTP and HTTPS, you need to enter the following directives in your ports.conf file:
Alternatively, if you want Apache to listen to ports 80 and 443 on all interfaces regardless of the IP address, you can enter the following:
Web User and Group
On Unix operating systems, it’s a good idea to configure Apache to run under a specific user and group instead of root. Doing so makes the server more secure and less vulnerable to attacks. Ideally, the user and group you set should not be able to login to the server (ie: have no login credentials) and no login shell; they will just be used for handling web client requests. Set the Apache user’s home directory to the web server’s document directory, usually located at /var/www or /usr/local/apache2/htdocs.
The example above uses anyUserName as our web user and group; just use a name not reserved for other processes. -d /var/www sets the home directory of the new account to /var/www, and -s /bin/false ensures the new account has no shell access. Next, you need to modify your config file to use the new Apache user and group. If yours says:
Then you need to find where these variables are defined and change their values. Usually, the above directive is preceded by a comment letting you know exactly where to set the new values. Otherwise, you will just insert the new user and group name in place of the old. So your final config lines could look like this:
ServerRoot
Apache’s important files, like the server’s configuration, error, and log files are kept at the top of the directory tree. This location is the ServerRoot, and you can set a different value in Apache’s main config file. Depending on your installation, the default can be something like /usr/local/apache2 or /etc/apache2. Any Apache directives using a relative path will, by default, append to the root path specified in ServerRoot.
When you first install your server, the configuration and log files are placed in the ServerRoot. You can change its value to a new directory, but make sure to copy the configuration files to the new location. Also, make sure you do not to add a trailing slash to the path when you modify the value.
ErrorLog
When an error occurs, Apache logs the error to a log file. The location of the error log is determined by the value specified using the ErrorLog directive. This file is critical because you will refer to it in order to debug errors, solve server configuration problems, and optimize the server.
If the server hosts multiple sites and you want to have separate error logs for each site, you can specify a different file and location for each site in the virtual hosts file.
If you don’t, then all sites’ errors are logged in the default error log, typically located at /usr/local/apache2/logs/error_log or /var/log/apache2/error.log (once again, depending on your installation).
Please note that the above log paths are absolute.
This is a relative path. Therefore, the actual error log location is $ServerRoot/logs/error_log.
The LogLevel directive controls the level of the messages logged in the error logs. By default, it is set to warn, meaning that all messages with the value of warning and higher (as in more critical) will be logged. You can change the value of this directive to adjust the logging level to your preference.
DocumentRoot
The DocumentRoot directive sets the location of the server’s public files, like htdocs. This is the default Apache web server document directory, and its contents are readily and publicly available to clients connecting through the web. It contains the static and dynamic content to be served once the server receives an HTTP request for them. Since files and sub-directories under htdocs are available for the public, it is very important to handle permissions correctly in order to minimize the ability to compromise the server’s safety and security.
Depending on your installation, the default DocumentRoot location could be something like /var/www or /usr/local/apache2/htdocs.
If you are hosting multiple websites on the same server, you need to set a different DocumentRoot for each site. This can be done within the respective VirtualHost directive that corresponds to each site. Let’s say you have three websites on the same server (eg: www.examplesite1.com, www.examplesite2.com, www.examplesite3.com), your virtual hosts file might look something like the following:
To set a separate error log for each of these domains, which is really a good idea, then your virtual hosts will like this:
PidFile
The ServerName directive is used to set the host name of the server; this is how the server identifies itself.
The Apache service first starts as root in order to bind to the privileged port 80 for HTTP (or 443 if using SSL) because port numbers less than 1024 are only reserved to the root user. After the initial execution, children processes spawn to handle client requests which are owned by the Apache user specified in the configuration file. For this reason, you will find one root process and multiple processes belonging to the web user; this root process is the first one initiated when Apache starts. It has a process ID, and this ID is stored in the Pid file on the server. You can control the location of the Pid file by using the PidFile directive in the configuration file.
If you open the file specified in the PidFile directive, you will find a number that corresponds to the parent process ID. You can stop the Apache server by killing the process using its ID number. However, kill the process only as a last resort.
File Inclusion
It is possible to separate server configuration and settings into multiple files; in fact, some Apache installations actually do so. These multiple files can then be included in the original server config file. This approach is ideal in order to keep your config file light and clear, but it also forces you to look inside multiple files residing in different locations to completely understand how Apache is configured. In any case, below is the syntax for including external config files. Whether or not you want to use file inclusion is up to you:
As you can see from the examples above, you can include a specific file by name, a directory (and thus all files therein), or multiple files by using wildcards.
Start, Stop, and Restart Apache
Every time you edit one of Apache’s configuration files, you need to restart (or stop and start) the service so that Apache can load the new configuration.
Otherwise, your changes will just remain on file for the next restart or server start. If your changes cause syntax errors in the configuration files, restarting will show you error messages concerning those mistakes. Additionally, the
Apache web server will not start until you fix those errors.
To stop the Apache server, type in the following command in the console:
To start the Apache server, type in the following command:
To restart the Apache server, type in the following command:
Http Ipv6
Naturally, you must be logged in with a privileged user in order to execute these commands. You could, however, still run the above commands by adding sudo before each line. This basically tells the system that you are executing the command as a super user (hence the naming, sudo), in which case the system asks you to enter a password before it executes your command. If you don’t know that password, ask your server admin. Preceding the above commands with sudo:
If you have XAMPP, then you will get a User Interface to updating these directive as well as the start and stop the Apache service on a single click.
In the day to day of PHP programming I am sure you usually need to update these Apache directive, in the same way These above information will be helpful to you.
Let me know, if you need any help related to above, I’ll be glad to help you always.
Httpd Disable Ipv6
Post you comment with your suggestion or queries. Thanks!