Lighttpd supports both IPv6 and IPv4 protocol out of box. You need to compile lighttpd with IPv6 support. The server.use-ipv6 option bind to the IPv6 socket. You need to bind to both IPv6 and IPv4 using the following syntax.
First, see compile-time features (find out if IPv6 is enabled or not), enter:
# lighttpd -V
Sample output:
Build-Date: Sep 30 2008 06:18:08 Event Handlers: + select (generic) + poll (Unix) + rt-signals (Linux 2.4+) + epoll (Linux 2.6) - /dev/poll (Solaris) - kqueue (FreeBSD) Network handler: + sendfile Features: + IPv6 support + zlib support + bzip2 support + crypt support + SSL Support + PCRE support - mySQL support - LDAP support - memcached support - FAM support - LUA support - xml support - SQLite support - GDBM support
You must see + IPv6 support enabled. If not recompile lighttpd with IPv6 support. Once compiled open lighttpd.conf file:
# vi lighttpd.conf
To enable IPV6 and IPV4 together, enter:
server.use-ipv6 = "enable" server.port = 80 $SERVER["socket"] == "0.0.0.0:80" { # add your stuff # } |
Save and close the file. Restart lighttpd:
# service lighttpd restart
Above config is only useful if you want to use all available IPv4 and IPv6 address. Following configuration will bind IPv4 to 202.54.1.10 and IPv6 to address:
Open lighttpd.conf setup main server IP address as follows:
server.port = 80 server.bind = "202.54.1.10" |
Below that add IPv6 config as follows:
$SERVER["socket"] == "[2001:470:1f04:55a::2]:80" { # ... # your rest of config for ipv6 host # ... } |
Here is my sample config file with IPv4 and IPv6 dual stack enabled:
server.modules = ( "mod_redirect", "mod_alias", "mod_rewrite", "mod_expire", "mod_access", "mod_auth", "mod_status", "mod_fastcgi", "mod_accesslog", "mod_compress" ) server.errorlog = "/var/log/lighttpd/error.log" accesslog.filename = "/var/log/lighttpd/access.log" index-file.names = ( "index.php", "index.html", "index.htm", "default.htm" ) server.tag = "lighttpd" # FastCGI php5 fastcgi.map-extensions = ( ".html" => ".php" ) fastcgi.server = ( ".php" => (( "bin-path" => "/usr/bin/php-cgi", "socket" => "/tmp/php-cgi.socket", "max-procs" => 4, "idle-timeout" => 30, "bin-environment" => ( "PHP_FCGI_CHILDREN" => "10", "PHP_FCGI_MAX_REQUESTS" => "20000" ), "bin-copy-environment" => ( "PATH", "SHELL", "USER" ), "broken-scriptfilename" => "enable" )) ) include "mimetype.conf" server.document-root = "/home/lighttpd/example.com/http" server.pid-file = "/var/run/lighttpd.pid" server.username = "lighttpd" server.groupname = "lighttpd" # Turn on IPv4 config server.port = 80 server.bind = "202.54.1.10" server.error-handler-404 = "/index.php?error=404" ### IPv6 Config ### # Note only log file name changed $SERVER["socket"] == "[2607:f0d0:1002:11::5]:80" { accesslog.filename = "/var/log/lighttpd/ipv6.access.log" server.document-root = "/home/lighttpd/example.com/http" server.error-handler-404 = "/index.php?error=404" } |
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 4 comments... add one ↓
40 Linux Server Hardening Security Tips [2019 edition]
Linux 25 PHP Security Best Practices For Sys Admins
30 Best Sources For Linux / *BSD / Unix Documentation On the Web
Top 25 Nginx Web Server Best Security Practices
Getting Yesterdays or Tomorrows Day With Bash Shell Date Command
21 Examples To Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
30 Linux System Monitoring Tools Every SysAdmin Should Know
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
(network.c.300) can’t bind to port: 0.0.0.0 80 Address already in use
failed!
I seem to have problems enabling SSL if I use IPv6 and IPv4 at the same time… Dunno why…
Solution that works for me:
$SERVER["socket"] == "[ipv6 address]:443" { ssl.engine = "enable" ssl.pemfile = "/etc/ssl/private/cert.pem" ssl.ca-file = "/etc/ssl/certs/ca.pem" } $SERVER["socket"] == "ipv4 address:443" { ssl.engine = "enable" ssl.pemfile = "/etc/ssl/private/cert.pem" ssl.ca-file = "/etc/ssl/certs/ca.pem" } $SERVER["socket"] == "localhost:443" { ssl.engine = "enable" ssl.pemfile = "/etc/ssl/private/cert.pem" ssl.ca-file = "/etc/ssl/certs/ca.pem" }Solution for both IPv4 and IPv6 + SSL:
### Enable IPV6 and IPV4 together server.use-ipv6 = "enable" server.port = 80 server.document-root = "/usr/local/www" accesslog.filename = "/var/log/lighttpd/access.log" server.errorlog = "/var/log/lighttpd/error.log" $SERVER["socket"] == "[::]:443" { server.document-root = "/usr/local/www" accesslog.filename = "/var/log/lighttpd/access.log" server.errorlog = "/var/log/lighttpd/error.log" ssl.engine = "enable" ssl.pemfile = "/usr/local/etc/openssl/certs/server/server.pem" ssl.ca-file = "/usr/local/etc/openssl/certs/CA/cacert.pem" }output from sockstat -l (where the server is listening):
G