≡ Menu

Lighttpd: Enable IPv6 Support

Lighttpd supports both IPv6 and IPv4 protocol out of box. You need to compile lighttpd with IPv6 support. The server.use-ipv6 option bind to the IPv6 socket. You need to bind to both IPv6 and IPv4 using the following syntax.

First, see compile-time features (find out if IPv6 is enabled or not), enter:
# lighttpd -V
Sample output:

Build-Date: Sep 30 2008 06:18:08

Event Handlers:

	+ select (generic)
	+ poll (Unix)
	+ rt-signals (Linux 2.4+)
	+ epoll (Linux 2.6)
	- /dev/poll (Solaris)
	- kqueue (FreeBSD)

Network handler:

	+ sendfile

Features:

	+ IPv6 support
	+ zlib support
	+ bzip2 support
	+ crypt support
	+ SSL Support
	+ PCRE support
	- mySQL support
	- LDAP support
	- memcached support
	- FAM support
	- LUA support
	- xml support
	- SQLite support
	- GDBM support

You must see + IPv6 support enabled. If not recompile lighttpd with IPv6 support. Once compiled open lighttpd.conf file:
# vi lighttpd.conf
To enable IPV6 and IPV4 together, enter:

server.use-ipv6 = "enable"
server.port = 80
$SERVER["socket"] == "0.0.0.0:80" { 
# add your stuff 
# 
}

Save and close the file. Restart lighttpd:
# service lighttpd restart

Above config is only useful if you want to use all available IPv4 and IPv6 address. Following configuration will bind IPv4 to 202.54.1.10 and IPv6 to address:
Open lighttpd.conf setup main server IP address as follows:

server.port = 80 
server.bind = "202.54.1.10"

Below that add IPv6 config as follows:

$SERVER["socket"] == "[2001:470:1f04:55a::2]:80" {
   # ...
   # your rest of config for ipv6 host
   # ...
}

Here is my sample config file with IPv4 and IPv6 dual stack enabled:

server.modules              = (
                               "mod_redirect",
                               "mod_alias",
                               "mod_rewrite",
                               "mod_expire",
                               "mod_access",
                               "mod_auth",
                               "mod_status",
                               "mod_fastcgi",
                               "mod_accesslog",
                               "mod_compress"
)
 
server.errorlog            = "/var/log/lighttpd/error.log"
accesslog.filename         = "/var/log/lighttpd/access.log"
index-file.names            = ( "index.php", "index.html", "index.htm", "default.htm" )
server.tag                 = "lighttpd"
 
# FastCGI php5 
fastcgi.map-extensions = ( ".html" => ".php" )
fastcgi.server    = ( ".php" =>
        ((
                "bin-path" => "/usr/bin/php-cgi",
                "socket" => "/tmp/php-cgi.socket",
                "max-procs" => 4,
                "idle-timeout" => 30,
                "bin-environment" => (
                        "PHP_FCGI_CHILDREN" => "10",
                        "PHP_FCGI_MAX_REQUESTS" => "20000"
                ),
                "bin-copy-environment" => (
                        "PATH", "SHELL", "USER"
                ),
                "broken-scriptfilename" => "enable"
        ))
)
 
include "mimetype.conf"
 
server.document-root = "/home/lighttpd/example.com/http" 
server.pid-file = "/var/run/lighttpd.pid" 
server.username = "lighttpd" 
server.groupname = "lighttpd" 
 
# Turn on IPv4 config
server.port = 80 
server.bind = "202.54.1.10" 
 
server.error-handler-404 = "/index.php?error=404"
 
### IPv6 Config ###
# Note only log file name changed
$SERVER["socket"] == "[2607:f0d0:1002:11::5]:80" {
	accesslog.filename         = "/var/log/lighttpd/ipv6.access.log"
	server.document-root = "/home/lighttpd/example.com/http" 
	server.error-handler-404 = "/index.php?error=404"
}
Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 4 comments… add one }
  • anonymous December 30, 2008, 12:24 am

    (network.c.300) can’t bind to port: 0.0.0.0 80 Address already in use
    failed!

  • simoncpu January 5, 2009, 10:02 am

    I seem to have problems enabling SSL if I use IPv6 and IPv4 at the same time… Dunno why…

  • Christophe Devine July 4, 2009, 6:50 pm

    Solution that works for me:

    $SERVER["socket"] == "[ipv6 address]:443" {
                      ssl.engine                  = "enable"
                      ssl.pemfile                 = "/etc/ssl/private/cert.pem"
                      ssl.ca-file                 = "/etc/ssl/certs/ca.pem"
    }
    $SERVER["socket"] == "ipv4 address:443" {
                      ssl.engine                  = "enable"
                      ssl.pemfile                 = "/etc/ssl/private/cert.pem"
                      ssl.ca-file                 = "/etc/ssl/certs/ca.pem"
    }
    $SERVER["socket"] == "localhost:443" {
                      ssl.engine                  = "enable"
                      ssl.pemfile                 = "/etc/ssl/private/cert.pem"
                      ssl.ca-file                 = "/etc/ssl/certs/ca.pem"
    }
    
  • Gabriel November 15, 2009, 12:04 pm

    Solution for both IPv4 and IPv6 + SSL:

    ### Enable IPV6 and IPV4 together
    server.use-ipv6                 = "enable"
    server.port                     = 80
    server.document-root            = "/usr/local/www"
    accesslog.filename              = "/var/log/lighttpd/access.log"
    server.errorlog                 = "/var/log/lighttpd/error.log"
    
    $SERVER["socket"]               == "[::]:443" {
            server.document-root    = "/usr/local/www"
            accesslog.filename      = "/var/log/lighttpd/access.log"
            server.errorlog         = "/var/log/lighttpd/error.log"
            ssl.engine              = "enable"
            ssl.pemfile             = "/usr/local/etc/openssl/certs/server/server.pem"
            ssl.ca-file             = "/usr/local/etc/openssl/certs/CA/cacert.pem"
    }

    output from sockstat -l (where the server is listening):

    www      lighttpd   29570 4  tcp46  *:80                  *:*
    www      lighttpd   29570 5  tcp46  *:443                 *:*

    G

Leave a Comment


   Tagged with: , , , , , , , , , , , ,