Linux: Configure IPv6 on Ubuntu & NGINX

Last update: 1/24/2020, 2:08:17 PM

Find the actual IPv6 address of your server

ip addr show or ip a

Look for the ens* entries. From the IPv4 address we can establish the external interface.

An IPv6 address contains 8 parts, e.g. 2a01:7c8:aac3:369:5054:ff:fe4e:6a9a

Verify if server is reacheable over IPv6: ping6 <number>.

Let NGINX listen to IPv4 & IPv6 addresses

listen 80 listen [::]:80

listen 443 listen [::]:443

Add AAAA DNS records

Add a bunch of security headers

See https://internet.nl/site

# Only allow modern TLS protocols
ssl_protocols TLSv1.2 TLSv1.3;

# Pick the right cyphers
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

# HSTS setting - see https://scotthelme.co.uk/setting-up-hsts-in-nginx/
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff" always;

# An oldie
add_header X-XSS-Protection "1;mode=block" always;

add_header Referrer-Policy "same-origin" always;
info@boplicity.nl © Boplicity Software, Est. 1997