Being IPv6 world launch day[1], I thought I would share some quick
config file lines that seemed to have taken an inordinate amount of
time to arrive at. I'm on debian 6, which is important because from
searching one can see that behavior moderately platform dependent, and
documentation is in some cases flat wrong.
Anyway for xinetd this is what I now have for /etc/xinetd.d/www
service www
{
flags = IPv4
socket_type = stream
wait = no
user = root
server = /usr/local/bin/althttpd
server_args = -logfile althttpd.log
-root /var/repositories -user www-data
}
service www
{
bind = 2600:3c02::f03c:91ff:fedf:a5ba
flags = IPv6
socket_type = stream
wait = no
user = root
server = /usr/local/bin/althttpd
server_args = -logfile althttpd.log
-root /var/repositories -user www-data
}
So yes it takes 2 entries. The magic logic is that ipv4 bind-all
0.0.0.0 "sometimes" conflicts with the ipv6 bind-all, causing bind() to
fail with address already in use (even though that is not exactly the
case) - unless one or both of the listings explicitly specifies a bind
address. In the above example, the ipv4 socket is bind-all and the ipv6
socket is bound the "global" ipv6 address.
Now for stunnel:
[https]
accept = atlanta1.stoverenterprises.com:443
TIMEOUTclose = 0
exec = /usr/local/bin/althttpd
execargs = /usr/local/bin/althttpd -logfile althttpd.log
-root /var/repositories -user www-data -https 1
[httpsv4]
accept = 66.228.62.210:443
TIMEOUTclose = 0
exec = /usr/local/bin/althttpd
execargs = /usr/local/bin/althttpd -logfile althttpd.log
-root /var/repositories -user www-data -https 1
Again two entries required. The [section names] have nothing to do with
entries in /etc/services like xinetd, and are just labels. They must be
unique though. Similar kong fu as above, exept for extra fun stunnel
wont parse ipv6 address. It will however resolve names in /etc/hosts.
Now I still can't say why, but if you put the ipv6 entry first - then
at least on this platform you get a socket bound just to that ipv6
address for the host name. Then just put the ipv4 next, and don't use
the bind-all address.
The stunnel docs are more vague since the ipv6 example it shows is for
a port forward, not a exec handler.
So in conclusion, for those you on linode and other hosting providers &
ISPs with ipv6 - add those AAAA DNS records and tweak those config
files!
[1]http://www.google.com/url?sa=t&rct=j&q=ipv6%20launch%20day&source=web&cd=1&ved=0CF4QFjAA&url=http%3A%2F%2Fwww.worldipv6launch.org%2F&ei=56XPT-fkFerb0QHMo-GQCA&usg=AFQjCNHpsDXQ-_c7lT6obm2BA8QMYdbocQ&cad=rja
--
www.thomasstover.com
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
