[Solved] IPv6 and IPv4 with HTTP and HTTPS on each.
Added by thommcgrath almost 7 years ago
I'm having trouble understanding the "right" configuration to use for this scenario.
Currently, my config uses
server.port = 80
server.bind = "ipv4_address"
$SERVER["socket"] == "ipv4_address:443" {
ssl.engine = "enable"
}
To enable both HTTP and HTTPS on my address. How can I enable ipv6 without duplicating most of my config? Would it be something like
server.port = 80
server.bind = "ipv4_address"
$SERVER["socket"] == "ipv4_address:443" {
ssl.engine = "enable"
}
$SERVER["socket"] == "ipv6_address:80" {
}
$SERVER["socket"] == "ipv6_address:443" {
ssl.engine = "enable"
}
$SERVER["scheme"] == "https" {
# Common HTTPS config here
}
CentOS 6 i386 with Lighttpd 1.4.38 Edit: I didn't realize I was so far behind. Now up to 1.4.45.
Replies (4)
RE: IPv6 and IPv4 with HTTP and HTTPS on each. - Added by gstrauss almost 7 years ago
Sorry. Your above suggestion will not work for ssl.* directives, but might still be useful for other directives, such as setenv.*
For the moment, you need to duplicate the configs. One alternative if to put the common config into a separate file and to include the file in each $SERVER["socket"] where you wish to enable SSL. Another alternative is to write a script (in your favorite scripting language) which has the script repeat the SSL config each place you want it. Yet another is to reduce some duplication using config variables (see https://redmine.lighttpd.net/boards/2/topics/6541).
In the upcoming lighttpd 1.4.46, you will be able to inherit the exact ssl.* config from the global scope, if the global scope (the top level) is also configured to enable SSL, but not to modify that ssl.* config if you want it to be inherited.
Of course, if you have stable IP addresses, you might configure $SERVER["socket"] == ":443" and put your ssl config in a single place. If there are specific IPs which you do not want to serve HTTPS, but do not mind if the server listens there, then you can configure your firewall to reject access on those IPs.
I realize that these suggestions are less than ideal, but there are current limitations in the lighttpd config. Still, hopefully one or more of these suggestions will work well enough for you.
RE: IPv6 and IPv4 with HTTP and HTTPS on each. - Added by thommcgrath almost 7 years ago
That absolutely works for me. I didn't realize :port was an option, the docs make it sound like I need to use 0.0.0.0 or [::] if I want to omit the IP address.
RE: [Solved] IPv6 and IPv4 with HTTP and HTTPS on each. - Added by gstrauss almost 7 years ago
Yes. For clarity "[::]:443" is highly recommended over ":443" and relying on server.use-ipv6.
And you will need to specify wildcard addresses for both IPv4 and IPv6 if you want to listen on both IPv4 and IPv6
RE: [Solved] IPv6 and IPv4 with HTTP and HTTPS on each. - Added by thommcgrath almost 7 years ago
sigh
I'll use includes then.