en – Page 17 – blog.alteholz.eu

12 January 2014

Configure services – Apache (3.3)

Much to my consternation I noticed that my last post appeared almost six months ago. I hope I can increase again my posting frequency this year.

The last topic has been DNS resolving and this article shall be about IPv6 configuration in apache.

First we need to check whether our apache already listens to requests comming from IPv6. The default configuration on Debian in /etc/apache2/ports.conf says something like


     NameVirtualHost *:80
     Listen 80

This means: listen on port 80 of all addresses on this machine, including IPv6 ones. So in principle we are already done.

In case we want to restrict some interfaces to IPv4 or IPv6 access, we need to replace the general listen-directive with more restrictive ones, so for example:


     listen 1.2.3.4:80
     listen [1:2::4:5:6:7]:80

In the whole apache configuration IPv6 addresses need to be put in square brackets.

The same is also valid for virtual host configuration:

In this case any request, either via IPv4 or IPv6, will be handled by our apache:


     <virtualhost *:80>
       ServerName example.com
       ServerAlias all.example.com
       DocumentRoot /www/example.com/public_html
       ErrorLog /www/example.com/logs/error_log
       Customlog /www/example.com/logs/combined_log combined
    </virtualhost>

In this case, the vhost is available only on a specific IPv6 address:


    <virtualhost [1:2::4:5:6:7]:80>
       ServerName example.com
       ServerAlias ipv6.example.com
       DocumentRoot /www/example.com/public_html
       ErrorLog /www/example.com/logs/error_log
       Customlog /www/example.com/logs/combined_log combined
    </virtualhost>

In this case, the vhost is available only on a specific IPv4 address:


    <virtualhost 1.2.3.4:80>
       ServerName example.com
       ServerAlias ipv4.example.com
       DocumentRoot /www/example.com/public_html
       ErrorLog /www/example.com/logs/error_log
       Customlog /www/example.com/logs/combined_log combined
    </virtualhost>

In this case, the vhost is available on specific IPv4 and IPv6 adresses:


    <virtualhost 1.2.3.4:80, [1:2::4:5:6:7]:80>
       ServerName example.com
       ServerAlias special.example.com
       DocumentRoot /www/example.com/public_html
       ErrorLog /www/example.com/logs/error_log
       Customlog /www/example.com/logs/combined_log combined
    </virtualhost>

So there is really no magic in IPv6 and it is easy to use.

28 August 2013

Configure services – bind (3.1)

After preparing everything, we can start to configure different services now. The first one shall be bind9. There are lots of information out there about configuring bind9 for IPv4, so I assume that there is a bind already running.

A newly installed bind (remember I am mainly writing about Debian systems) has the following option configured in /etc/bind/named.conf.options

options { listen-on-v6 { any; }; };

Thus this daemon listens on all IPv6 interfaces to answer queries.

In the next step we just need to configure AAAA-records for every IPv6-address that we want to distribute. They look like A-records:
dummyhea.ipv6.alteholz.net. IN A 78.47.192.125 dummyhea.ipv6.alteholz.net. IN AAAA 2a01:4f8:d12:1b03::dead:2

Voila, we are done:

~$ dig dummyhea.ipv6.alteholz.net AAAA


; <> DiG 9.8.4-rpz2+rl005.12-P1 <> dummyhea.ipv6.alteholz.net AAAA

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25822

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 5
;; QUESTION SECTION:

;dummyhea.ipv6.alteholz.net.    IN      AAAA

;; ANSWER SECTION: dummyhea.ipv6.alteholz.net. 5706 IN AAAA 2a01:4f8:d12:1b03::dead:2

~$ ping6 -c5 dummyhea.ipv6.alteholz.net PING dummyhea.ipv6.alteholz.net(2a01:4f8:d12:1b03::dead:2) 56 data bytes 64 bytes from 2a01:4f8:d12:1b03::dead:2: icmp_seq=1 ttl=49 time=66.8 ms 64 bytes from 2a01:4f8:d12:1b03::dead:2: icmp_seq=2 ttl=49 time=67.1 ms 64 bytes from 2a01:4f8:d12:1b03::dead:2: icmp_seq=3 ttl=49 time=66.8 ms 64 bytes from 2a01:4f8:d12:1b03::dead:2: icmp_seq=4 ttl=49 time=71.6 ms 64 bytes from 2a01:4f8:d12:1b03::dead:2: icmp_seq=5 ttl=49 time=66.3 ms

--- dummyhea.ipv6.alteholz.net ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 66.378/67.782/71.678/1.969 ms

This was pretty easy.

9 August 2013

Check IPv6 availability for external server at ispOne (1.23)

New vServer from ispOne do get 10 IPv6 addresses. For old vServers you need to pay a fee (9.90 EUR) to move the vServer from the old host to a new one with IPv6 connectivity. As I don’t want to spend that money now, I skip tests with this server.

6 August 2013

Check IPv6 availability for external server at Server4You (1.22)

Unfortunately it is not possible to get an IPv6 address for servers at Server4You.

4 August 2013

Check IPv6 availability for external server at Strato (1.21)

Every dedicated server at Strato can get an /56-IPv6-Subnet. Just activate IPv6 support on the control panel of that server and you will be informed about your subnet and the primary address of your server.
# configure address /sbin/ip addr add <main ip address> dev eth3 # set default route /sbin/ip route add default via fe80::1 dev eth3

In case everything was configured correctly you can test it with:
# ping6 -c5 ipv6.google.com PING ipv6.google.com(ham02s11-in-x13.1e100.net) 56 data bytes 64 bytes from ham02s11-in-x13.1e100.net: icmp_seq=1 ttl=56 time=6.79 ms 64 bytes from ham02s11-in-x13.1e100.net: icmp_seq=2 ttl=56 time=7.24 ms 64 bytes from ham02s11-in-x13.1e100.net: icmp_seq=3 ttl=56 time=7.28 ms 64 bytes from ham02s11-in-x13.1e100.net: icmp_seq=4 ttl=56 time=7.28 ms 64 bytes from ham02s11-in-x13.1e100.net: icmp_seq=5 ttl=56 time=7.28 ms

--- ipv6.google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 6.793/7.177/7.287/0.213 ms

If you want to keep that settings permanently, put all command it /etc/rc.local

So there seems to be no problem with stand alone servers at Strato.

3 August 20134 August 2013

Check IPv6 availability for external server at Hetzner (1.20)

Every server at Hetzner will get a native /64-IPv6-Subnet routed to that server. Besides virtual servers, an additional /48 subnet might be requested. Reverse DNS entries can be configured with the Hetzner robot. On this webpage you can also see the assigned subnet and the default gateway for your server. So configuring IPv6 is pretty easy:
# configure address /sbin/ifconfig eth0 inet6 add <ip address from subnet> # activate ipv6 routing /sbin/route -A inet6 # set default route /sbin/route -A inet6 add ::/0 gw <Hetzner gateway>

In case everything was configured correctly you can test it with:
# ping6 -c5 ipv6.google.com PING ipv6.google.com(fa-in-x69.1e100.net) 56 data bytes 64 bytes from fa-in-x69.1e100.net: icmp_seq=1 ttl=56 time=8.40 ms 64 bytes from fa-in-x69.1e100.net: icmp_seq=2 ttl=56 time=8.64 ms 64 bytes from fa-in-x69.1e100.net: icmp_seq=3 ttl=56 time=7.97 ms 64 bytes from fa-in-x69.1e100.net: icmp_seq=4 ttl=56 time=7.94 ms 64 bytes from fa-in-x69.1e100.net: icmp_seq=5 ttl=56 time=8.36 ms

--- ipv6.google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 7.948/8.267/8.640/0.266 ms

If you want to keep that settings permanently, put all commands in /etc/rc.local

So there seems to be no problem with stand alone servers at Hetzner.

29 July 201329 July 2013

BOM: bug squashing and new versions during last three months

As announced in my previous DTPOM article the month of May should be a bug squashing month. As everything worked well, I used last three months to decrease the bug count in Debian packages. Unfortunately I don’t remeber everything, so this list might be incomplete:

Due to the help of T, who pointed me to a patch which was sent to the fpdns-user emaillist, bug 680077 disappeared.
All meep-* packages had a problem with include files installed in the wrong directory. So development of own programs was a bit difficult. This resulted in
- 711765,
- 711766,
- 711767.
- 711768
All bugs have been closed in Sid, but the release team doesn’t want to put it to stable!?
Package setserial had some open bugs. Most of them resulted from a strange concept of initializing the serial port and could be closed with just some explanations:
- 314219,
- 314963,
- 410099,
- 522622,
- 618630
With the next upload of greylistd to experimental two bugs could be closed:
- 523695,
- 687469
Two uploads of package uucp closed a few ‘simple’ and one RC bug:
- 358861,
- 453957,
- 598904,
- 602629,
- 699118

Further I created packages for some new software versions:

all packages of the mgltools got a new version (1.5.7~rc1~cvs.20130519-1)
autodocktools, mgltools-bhtree, mgltools-cadd, mgltools-dejavu, mgltools-geomutils, mgltools-gle, mgltools-mglutil, mgltools-molkit, mgltools-networkeditor, mgltools-opengltk, mgltools-pmv, mgltools-pyautodock, mgltools-pybabel, mgltools-pyglf, mgltools-scenario2, mgltools-sff, mgltools-support, mgltools-symserv, mgltools-utpackages, mgltools-viewerframework, mgltools-vision, mgltools-visionlibraries, mgltools-volume, mgltools-webservices
autodocksuite is now available in version 4.2.5.1-3
saint is now available in version 2.3.4+dfsg-2
I uploaded version 1.5.3-1 of python-cogent, but meanwhile even version 1.5.3-2 is available
gcal got an update to version 3.6.3-2
epigrass got an update to version 2.2.2-2, unfortunately in that version it depends on python-sqlsoup, which is still in the NEW-queue. Thus this package got an RC bug …

From my point of view 17 closed bugs and 29 updated packages within three months are a pretty good result.

The next month will be characterized by solving all problems with epigrass (and of course python-sqlsoup), mgltools-cadd (there must be a better version hidden somewhere in the sources that needs to be activated somehow) and mgltools-sff (why doesn’t it migrate to testing?). Further the TODO-list of the Debian Med UDD needs to become smaller.

28 July 2013

Second tunnel/subnet from SixXS (1.3, 1.4, 1.5)

After having configured everything the first time, the second tunnel/subnet is again just a matter of patience.

27 July 2013

Subnet one from SixXS (1.3)

After patiently waiting for SixXS credits, you can apply for a new subnet that is routed to your tunnel.
Again this is done on the SixXS website and you need to add a short explanation about how you want to use the subnet.

As last time, you will get an email that everything is configured.

20 July 2013

IPv6 local endpoint for first tunnel (1.2)

Now we can start to configure our local part of the tunnel. I want to keep each service as much as possible seperated from the underlying hardware. So I will use a virtual machine to handle my part of the tunnel. Thus I can easily control all traffic through the tunnel and get a dedicated firewall for free.
There are lots of information available in the net, so I don’t explain how to create a new Xen guest domain. The new instance is a Debian Wheezy system
with just 128MB RAM and 4GB disk space.

Afterwards you just need to install the Debian package \it aiccu, enter SixXS-Userid and Password and choose the default tunnel you want to use. In case of problems please have a look in the SixXS FAQ. Most likely your firewall has to be configured accordingly. More aiccu configuration can be done via /etc/aiccu.conf

After starting aiccu, the tunnel will be active and hopefully never terminate.