I’ve had IPv6 connectivity for over 5 years (first from IIJ, now from SixXS). However, it wasn’t until last night that I finally got my website on IPv6, when some final wrinkles in the web server configuration were ironed out.
Proper IPv6 support was added to Apache only in version 2. I’ve looked into migrating to it a few times in the past, but the unavailability of key modules (most persistently mod_perl) had kept me from it. A couple of months ago I needed to upgrade my development environment to Apache 2, and noticed I could get all the modules for it, too. Three weeks ago I pushed the new version to the production environment.
I converted the configuration for the new version and added the statements to listen on IPv6 addresses as well:
Listen 0.0.0.0:80 Listen [::]:80 Listen 0.0.0.0:443 Listen [::]:443
All looked good, until I browsed to the SSL-encrypted pages (i.e. HTTPS on port 443). Suddenly the error log started accumulating these errors every second:
[warn] (51)Network is unreachable: connect to listener on [::]:443
The only advice I could find with Google was that I shouldn’t use Listen 443 but instead the two lines I was already using. It was also odd that the errors were only about one of the two ports.
I commented out Listen [::]:443 to get rid of the errors, and moved on to more pressing matters for the time being.
Yesterday I thought I’d ask other NetBSD developers if they had ever seen the error. I figured some of them must be running both ports over both IPv4 and IPv6. That’s when Lubomir Sedlacik (salo) pointed me at www.netbsd.org.
After poking around in the config for a while, I found out that the only difference was the order of the Listen statements. Reordering them like this results in no errors:
Listen [::]:80 Listen 0.0.0.0:80 Listen [::]:443 Listen 0.0.0.0:443
Nothing in the documentation says anything about having to enter the statements in a specific order. Since there never where any errors logged about port 80, I guess there must be some unintentional side effects from the first two Listen statements affecting subsequent binding of identical port numbers for both address families. I wonder if this is also the case for other BSD’s where IPv4-mapped addresses over IPv6 are disabled by default.