Posts Tagged ‘administration’

I hope you brought your sweat band … Today’s Boot Camp workout is going to be pretty intense. We’re focusing on our permissions muscles. Permissions in a UNIX environment cause a lot of customer issues … While everyone understands the value of secure systems and limited access, any time an “access denied” message pops up, the most common knee-jerk reaction is to enable full access to one’s files (chmod 777, as I’ll explain later). This is a BAD IDEA. Open permissions are a hacker’s dream come true. An open permission setting might have been a temporary measure, but more often than not, the permissions are left in place, and the files remain vulnerable.

To better understand how to use permissions, let’s take a step back and get a quick refresher on key components.

You’ll need to remember the three permission types:

r w x: r = read; w = write; x = execute

And the three types of access they can be applied to:

u g o: u = user; g = group; o = other

Permissions are usually displayed in one of two ways – either with letters (rwxrwxrwx) or numbers (777). When the permissions are declared with letters, you should look at it as three sets of three characters. The first set applies to the user, the second applies to the group, and the third applies to other (everyone else). If a file is readable only by the user and cannot be written to or executed by anyone, its permission level would be r--------. If it could be read by anyone but could only be writeable by the user and the group, its permission level would be rw-rw-r--.

The numeric form of chmod uses bits to represent permission levels. Read access is marked by 4 bits, write is 2, and execute is 1. When you want a file to have read and write access, you just add the permission bits: 4 + 2 = 6. When you want a file to have read, write and execute access, you’ll have 4 + 2 + 1, or 7. You’d then apply that numerical permission to a file in the same order as above: user, group, other. If we used the example from the last sentence in the previous paragraph, a file that could be read by anyone, but could only be writeable by the user and the group, would have a numeric permission level of 664 (user: 6, group: 6, other: 4).

Now the “chmod 777” I referenced above should make a little more sense: All users are given all permissions (4 + 2 + 1 = 7).

Applying Permissions

Understanding these components, applying permissions is pretty straightforward with the use of the chmod command. If you want a user (u) to write and execute a file (wx) but not read it (r), you’d use something like this:

In the above terminal image, I added the -v parameter to make it “verbose,” so it displays the related output or results of the command. The permissions set by the command are shown by the number 0300 and the series (-wx------). Nobody but the user can write or execute this file, and as of now, the user can’t even read the file. If you were curious about the leading 0 in “0300,” it simply means that you’re viewing an octal output, so for our purposes, it can be ignored entirely.

In that command, we’re removing the read permission from the user (hence the minus sign between u and r), and we’re giving the user write and execute permissions with the plus sign between u and wx. Want to alter the group or other permissions as well? It works exactly the same way: g+,g-,o+,o- … Getting the idea? chmod permissions can be set with the letter-based commands (u+r,u-w) or with their numeric equivalents (eg. 400 or 644), whichever floats your boat.

A Quick Numeric chmod Reference

chmod 777 | Gives specified file read, write and execute permissions (rwx) to ALL users
chmod 666 | Allows for read and write privileges (rw) to ALL users
chmod 555 | Gives read and execute permissions (rx) to ALL users
chmod 444 | Gives read permissions (r) to ALL users
chmod 333 | Gives write and execute permissions (wx) to ALL users
chmod 222 | Gives write privileges (w) to ALL users
chmod 111 | Gives execute privileges (x) to ALL users
chmod 000 | Last but not least, gives permissions to NO ONE (Careful!)

Get a List of File Permissions

To see what your current file permissions are in a given directory, execute the ls –l command. This returns a list of the current directory including the permissions, the group it’s in, the size and the last date the file was modified. The output of ls –l looks like this:

On the left side of that image, you’ll see the permissions in the rwx format. When the permission begins with the “d” character, it means that object is a directory. When the permission starts with a dash (-), it is a file.

Practice Deciphering Permissions

Let’s look at a few examples and work backward to apply what we’ve learned:

• Example 1: -rw-------
• Example 2: drwxr-x---
• Example 3: -rwxr-xr-x

In Example 1, the file is not a directory, the user that owns this particular object has read and write permissions, and when the group and other fields are filled with dashes, we know that their permissions are set to 0, so they have no access. In this case, only the user who owns this object can do anything with it. We’ll cover “ownership” in a future blog, but if you’re antsy to learn right now, you can turn to the all-knowing Google.

In Example 2, the permissions are set on a directory. The user has read, write and execute permissions, the group has read and execute permissions, and anything/anyone besides user or group is restricted from access.

For Example 3, put yourself to the test. What access is represented by “-rwxr-xr-x“? The answer is included at the bottom of this post.

Wrapping It Up

How was that for a crash course in Unix environment permissions? Of course there’s more to it, but this will at least make you think about what kind of access you’re granting to your files. Armed with this knowledge, you can create the most secure server environment.

Here are a few useful links you may want to peruse at your own convenience to learn more:

Linuxforums.org
Zzee.com
Comptechdoc.org
Permissions Calculator

Did I miss anything? Did I make a blatantly ridiculous mistake? Did I use “their” when I should have used “they’re”??!!… Let me know about it. Leave a comment if you’ve got anything to add, suggest, subtract, quantize, theorize, ponderize, etc. Think your useful links are better than my useful links? Throw those at me too, and we’ll toss ‘em up here.

Are you still feeling the burn from your Sysadmin Boot Camp workout? Don’t forget to keep getting reps in bash, logs, SSH, passwords and user management!

- Ryan

Now that you’re an expert when it comes to bash, logs, SSH, and passwords, you’re probably foaming at the mouth to learn some new skills. While I can’t equip you with the “nunchuck skills” or “bowhunting skills” Napoleon Dynamite reveres, I can help you learn some more important — though admittedly less exotic — user management skills in UNIX.

Root User

The root user — also known as the “super user” — has absolute control over everything on the server. Nothing is held back, nothing is restricted, and anything can be done. Only the server administrator should have this kind of access to the server, and you can see why. The root user is effectively the server’s master, and the server accordingly will acquiesce to its commands.

Broad root access should be avoided for the sake of security. If a program or service needs extensive abilities that are generally reserved for the root user, it’s best to grant those abilities on a narrow, as-needed basis.

Creating New Users

Because the Sysadmin Boot Camp series is geared toward server administration from a command-line point of view, that’s where we’ll be playing today. Tasks like user creation can be performed fairly easily in a control panel environment, but it’s always a good idea to know the down-and-dirty methods as a backup.

The useradd command is used for adding users from shell. Let’s start with an example and dissect the pieces:

useradd -c "admin" -d /home/username -g users\ -G admin,helpdesk -s\ /bin/bash userid

-c "admin" – This command adds a comment to the user we’re creating. The comment in this case is “admin,” which may be used to differentiate the user a little more clearly for better user organization.
-d /home/username – This block sets the user’s home directory. The most common approach is to replace username with the username designated at the end of the command.
-g users\ – Here, we’re setting the primary group for the user we’re creating, which will be users.
-G admin,helpdesk – This block specifies other user groups the new user may be a part of.
-s\ /bin/bash userid – This command is in two parts. It says that the new user will use /bin/bash for its shell and that userid will be the new user’s username.

Changing Passwords

Root is the only user that can change other users’ passwords. The command to do this is:

passwd userid

If you are a user and want to change your own password, you would simply issue the passwd command by itself. When you execute the command, you will be prompted for a new entry. This command can also be executed by the root user to change the root password.

Deleting Users

The command for removing users is userdel, and if we were to execute the command, it might look like this:

userdel -r username

The –r designation is your choice. If you choose to include it, the command will remove the home directory of the specified user.

Where User Information is Stored

The /etc/passwd file contains all user information. If you want to look through the file one page at a time — the way you’d use /p in Windows — you can use the more command:

more /etc/passwd

Keep in mind that most of your important configuration files are going to be located in the /etc folder, commonly spoken with an “et-see” pronunciation for short. Each line in the passwd file has information on a single user. Arguments are segmented with colons, as seen in the example below:

username:password:12345:12345::/home/username:/bin/bash

Argument 1 – username – the user’s username
Argument 2 – password – the user’s password
Argument 3 – 12345 – the user’s numeric ID
Argument 4 – 12345 – the user group’s numeric ID
Argument 5 – "" – where either a comment or the user’s full name would go
Argument 6 – /home/username – the user’s home directory
Argument 7 – /bin/bash – the user’s default console shell

Now that you’ve gotten a crash course on user management, we’ll start going deeper into group management, more detailed permissions management and the way shadow file relates to the passwd usage discussed above.

-Ryan

It’s been a while since our last UNIX Sysadmin Boot Camp … Are you still with me? Have you kept up with your sysadmin exercises? Are you starting to get comfortable with SSH, bash and your logs? Good. Now I have an important message for you:

Your password isn’t good enough.

Yeah, that’s a pretty general statement, but it’s shocking how many people are perfectly fine with a six- or eight-character password made up of lowercase letters. Your approach to server passwords should be twofold: Stick with it and Be organized.

Remembering a 21-character password like ^@#*!sgsDAtg5t#ghb%!^ may seem daunting, but you really don’t have to remember it. For a server, secure passwords are just as vital as any other form of security. You need to get in the habit of documenting every username and password you use and what they apply to. For the sake of everything holy, keep that information in a safe place. Folding it up and shoving it in your socks is not advised (See: blisters).

Want to make your approach to password security even better? Change your passwords every few months, and make sure you and at least one other trusted colleague or friend knows where to find them. You’re dealing with sensitive material, but you can never guarantee that you will be available to respond to a server-based emergency. In these cases, your friends and co-workers end up scrambling through bookshelves and computer files to find any trace of useful information.

Having been one of the abovementioned co-workers in this situation, I can attest that it is nearly impossible to convince customer service that you are indeed a representative of the company having no verification information or passwords to provide.

Coming soon: Now you’ve got some of the basics, what about the not-so-basics? I’ll start drafting some slightly more advanced tips for the slightly more advanced administrator. If you have any topics you’d like us to cover, don’t hesitate to let us know in a comment below.

-Ryan

Shortly after we began implementing the SoftLayer Mobile application for the iPhone and Android, Apple released the iPad. With our development resources limited, we focused on adding the functionality our customers required to the iPhone application with only a few small features added to support the new device.

As we became more familiar with the iPad, we started seeing a few key areas where SoftLayer Mobile could benefit from the large format iPad user interface. We’ve been able to incorporate a phenomenal feature set in the SoftLayer Mobile application, and as our desired feature set has become more and more complete, we’ve gotten a bit of breathing room from our iPhone releases. We used that breathing room to re-visit the iPad and what it could mean for the SoftLayer Mobile customer experience on a tablet. The result of that investigation is the SoftLayer Mobile HD application:

As you might expect, SoftLayer Mobile HD shares quite a bit of functionality with its iPhone sibling. The application offers a window into your SoftLayer environment so that you can browse, create and edit support tickets; discover information about computing resources and bandwidth; and keep up-to-date on the latest notifications from our data centers. The iPad application also helps you keep track of financial information by allowing you to browse your account and its invoices. All this functionality benefits from the intuitive interface of the iPad. You have more room to browse, more room to edit, and fewer screens to navigate as you manage and explore your virtual SoftLayer data center.

Best of all: The application is only in its first release, and already shows great promise! We have plenty of room to grow and tons of ideas about the next features and functions we want to add. If you’re iPad-equipped, get the SoftLayer Mobile HD application in the iTunes App Store. When you’re navigating through the interface, take note of anything you’d like to see us change or add, and let us know!

-Scott

As SLayers, our goal is always to bring creativity in every aspect of work we do at SoftLayer. It was not too long ago when the Interface Development team was presented with a new and exciting challenge: To develop a Windows Phone 7 Series app. Like me, many questioned whether we should tap into the market of Windows Phone OS … What was the scope of this OS? What is the future of Windows Phone OS smartphones? The business relationship that NOKIA and Microsoft signed to produce smartphones with Windows Phone 7 OS will provide consumers with a new interface and unique features, so smartphone users are paying attention … And we are too.

The SoftLayer Mobile world had already made huge strides with iPhone and Android based apps, so our work was cut out for us as we entered the Windows Phone 7 world. We put together a small, energetic and skilled group of SLayers who wanted to make SoftLayer proud, and I am proud to be a member of that team!

Our focus was to design and develop an application that would not only provide the portal functionality on mobile phone but also incorporate the awesome features of Windows Phone 7. Keeping all that in consideration, the choice of using an enterprise quality framework was essential. After a lot of research, we put our finger on the Microsoft’s Patterns and Practices-backed Prism Framework for Windows Phone 7. The Prism Framework is a well-known and recognized name among Silverlight and Windows Presentation Framework developers, and since Windows Phone 7 is built upon the Silverlight and XNA Framework, our choice was clearly justified.

After selecting the framework, we wanted to make the whole asynchronous experience smooth while talking to SoftLayer’s mobile API. That’ where we met the cool kid on the block: Reactive Extensions for .NET (also known as Rx). The Rx is a library used to compose asynchronous and event-based programs. The learning curve was pretty intense for the team, but we operate under the mantra of CBNO (Challenging-But-Not-Overwhelming), so it was learning we knew would bear fruits.

The team’s plan was to create an app that had the most frequently used features from the portal. The features to be showcased in the first release were to be basic but at the same time essential. The features we pinpointed were ticket management, hardware management, bandwidth and account management. Bringing these features to the phone posed a challenge, though … How do we add a little more spice to what cold be a rather plain and basic app?

Windows Phone 7 controls came to our rescue and we utilized the Pivot and Panorama controls to design the Ticket Lists and Ticket Details. The pivot control works like a tabbed-style control that is viewable by sliding left or right. This lets us put the ticket-based-categories in a single view so users don’t have to navigate back-and-forth to see different types of tickets. It also provides context-menu style navigation by holding onto the ticket item, giving an option to view or edit ticket with one tap. Here is a screen shot of pivot control in use to view tickets by categories and device list:

Another achievement was made by using the panorama control. The control works like a long page with different relevant sections of similar content. This control was used to show a snap shot of a ticket, and the view displays basic ticket details, updates, attachments and any hardware attached to a ticket. This makes editing a ticket as easy as a tap! This is a screenshot of panorama control in use to view ticket detail:

The device list view will help people see the dedicated and virtual devices in a pivot control giving a visual distinction. The list can be searched by tapping on the filter icon at the application bar. The filtering is search-as-you-type style and can be turned off by tapping the icon again. This screenshot shows the device list with a filtering option:

To perform further hardware operations like pinging, rebooting and power cycling the server, you can use the hardware detail view as well. The bandwidth view may not be as flashy, but it’s a very useful representation of a server’s bandwidth information. Charting is not available with this release but will be available in the upcoming releases.

If you own a Windows Phone 7 device, go ahead and download “SoftLayer Mobile” and send us the feedback on what features you would like to see next and most importantly whether you love this app or not. We have and will always strive for excellence, and we know there’s always room to improve!

-Imran

This is a guest blog from Troy Davis of Papertrail, a SoftLayer Tech Marketplace Partner that helps customers detect, resolve and avoid infrastructure problems using log messages.

Receive DB Slow Query Logs in Your Inbox

Want to wake up to important database and syslog messages with your bagel and coffee? Here’s how. It’s free and takes about 5 minutes.

Most of us run a database somewhere on our SoftLayer servers. Whether it’s MySQL, PostgreSQL, SQL Server, or another relational or NoSQL sibling, a responsive data store is critical to happy users. That’s why databases send slow queries to a log file. It’s much better than no logging at all, but as an engineer, I’d wanted more. I wanted to:

• View all my query logs in one place, without SSHing to each server for tail and grep. My workload shouldn’t scale linearly as I add systems
• Share log visibility with employees who don’t have server access or command-line knowledge (and email links to specific log messages to my developers and DBAs)
• Receive log messages in my inbox – or send them to my team or monitoring service – when I know they need attention
• Examine logs for related HTTP requests, daemon output, API invocations, and other parts of our stack — I can troubleshoot faster with start-to-finish logs on a single screen.

That’s where Papertrail was born. We built Papertrail to make log aggregation and log management effortless and usable. It’s the hosted log management service that we wanted as developers, systems engineers and tech entrepreneurs.

We know the hesitation you might have when approaching this kind of service, so our goal was to enable users to have Papertrail deliver those SQL slow query logs – or any other logs – to your inbox every morning for free:

Read the rest of Papertrail’s Guest Blog! »

This is a guest blog from Dave Jilk of Standing Cloud, a SoftLayer Tech Marketplace Partner specializing in automating cloud application deployment and streamlining management.

Standing Cloud’s Application Layer for the SoftLayer Cloud

When we first came across the SoftLayer Cloud, we were impressed by the breadth of what it allowed the user to do through a web browser. Beyond the basic infrastructure capabilities of provisioning servers and storage (that you can find from other providers), the SoftLayer console and API allow full access to the networking, security, and server console capabilities of the system. It’s as though you can take over the mind of a network administrator and have him or her do your bidding.

Read the rest of Dave’s Guest Blog! »

I know you expected to see a video interview with Paul Ford the next time a 3 Bars | 3 Questions episode rolled across your desk, but I snuck past him for a chance in the spotlight this week. Kevin and I jumped on a quick video chat to talk about the Sales Engineering team, and because of our recent release of SoftLayer Managed Hosting, two of the three questions ended up being about that news:

You should be seeing a blog from Nathan in the next half hour or so with more detail about how we approached managed hosting, so you’ll have all the background you need to springboard into that post after you watch this video.

If you’ve heard everything you need to hear about managed hosting and want to start the process of adding it to servers on your account, visit http://www.softlayer.com/solutions/managed-hosting/ or chat with a sales rep, and they can help you get squared away. If you’re not sure whether it’s a good fit, ask for a sales engineer to consult … They’re a great group with a pretty awesome manager.

Paul, sorry for stealing your spot in the 3 Bars | 3 Questions rotation! I’m handing the baton back over to you to talk about TechWildcatters and the Technology Partners Marketplace in the next episode.

-Tam

Since SoftLayer’s merger with The Planet in November, we have been working tirelessly to combine our legacy Orbit and SoftLayer customer portals, and we’ve got some great news: We’re ready to move all of our billing information and functionality onto the SoftLayer platform! The changes are designed to make managing your account quicker and easier. While change isn’t always welcome, when you see some of the new features and functionality in the SoftLayer billing portal, we’re sure you’ll be as excited as we are.

Once your Orbit account’s billing information is migrated to the SoftLayer portal, you will receive an email confirmation. As soon as you’re ready to start exploring the new system, you can log in at http://manage.softlayer.com with your master username and password. We recommend you use the master username to log in because some users may have access restrictions in the portal, and you need to be logged into a user that has accounting access. Once you are logged in, click on the “Administrative” tab near the top-left of your page. From the drop-down menu, you will choose “Accounting” to bring you to the billing-related section on your account.

Wait … Instead of just guiding you through the process via text, how about we walk you through a quick tour of the billing portal as a bit of show-and-tell?

In the Accounting section, you can retrieve invoices, check pricing and even see your next monthly invoice. As a legacy Orbit customer, you’ll also be happy to hear that when your billing information is moved to the new portal, PayPal is available as a payment method! Among other changes, you’ll also note that we have a One-Time Payment option to enable some flexibility in how your account is paid in a given month.

In the new system, you’ll also notice that order reconciliation is made much simpler. You can easily view invoices by type, date or status. You can even view invoices within a specified date range and save invoices in interactive PDF or Excel formats. Updates to your user and payment information are much more accessible, too.

Our interactive invoices make it much simpler to review your equipment and the costs on your account. The interactive PDF will give you a summary of all charges broken down by type and then by server. If you click on any one of your servers, you are instantly taken to the full pricing detail of that server by component. If you have any items not listed under a server on your invoice you can use our Associate Billing Orphans section to attach unassociated items to a server.

With these invoices, you can track your costs and equipment clearly to make sure the right gear is getting charged the right amount. You can even use our Show Next Invoice feature to project costs for the following month!

We hope you’ll be amazed at all the features you now have at your fingertips! Please give us your feedback so we can be sure all questions are answered!

-Nikki

As Kevin mentioned on Friday, we are less than 45 days from “doomsday.” The IANA only has about 3% of the resources required to sustain our current way of life. 6.8 billion people with only 4.3 billion addresses in existence. It’s the 2012 saga in 2011: The exhaustion of the Internet’s available IP version 4 (IPv4) addresses. What are we going to do?!

Luckily, a lot of people have been hard at work to mitigate the impending Internet crisis. IP version 6 (IPv6) is on the horizon and is already supported by most modern internet enabled devices. If you’re like me, the fact that we went from IPv4 to IPv6 might make you wonder, “What happened to IPv5?”

The powers that be didn’t decide to rid the number system of the number five because of its mixture of curves and right angles, and it wasn’t because they only wanted to use round numbers. IP version 5 (IPv5) was a work in progress and part of a family of experimental protocols by the name of ST (Internet Stream Protocol). ST and later ST-II were connection-oriented protocols that were intended to support the efficient delivery of data streams to applications that required guaranteed data throughput.

An ST packet looks very similar to its IPv4 sibling, and both use the first 8 bits to identify a version number. IPv4 uses those 8 bits to identify IPv4 packets, and ST used the same 8 bits to identify IPv5 packets. Since “version 5″ was spoken for, the next iteration in IP advancement became version 6.

If you’ve been around the SoftLayer blog for a while, you already know a fair bit about IPv6, but you’re probably wondering, “What’s next?” How do you actually start using IPv6 yourself?

1. Get a Block of IPv6 Addresses

Lucky for you, the SoftLayer platform is IPv6 ready, and we’re already issuing and routing IPv6 traffic. Obtaining a block of public IPs from us is as easy as logging into the portal, pulling up the hardware page of a server and ordering a /64 block of IPv6 IPs for $4/mo per subnet ($10 if you want a portable subnet)!

For those of you that have ordered IPs from us in the past, IPv4 addresses are usually $0.50-$1.00 each. To get a /64 of public static IPv6 addresses, it’s a whopping $0.00 for the entire range. So just how many IPs is in a /64? 256? Try again. 512? Keep going. 1 Million? You’re still cold. Let’s try 18.4 quintillion. For those that understand scientific notation better, that is 1.84 x 10¹⁹. If you just want to see the number written in long form, it’s 18,446,744,073,709,551,616 IP addresses. That allocation should probably tide you over for a little while.

2. Make Sure Your Server is IPv6 Ready

Most current server operating systems are ready to take the IPv6 leap. This includes Windows 2003 SP1 and most Linux OSes with 2.6.x Linux kernels. We’ll focus on Windows and RedHat/CentOS here.

To ready your Windows 2003 server for IPv6, do this:

1. In Control Panel, double-click Network Connections.
2. Right-click any local area connection, and then click Properties.
3. Click Install.
4. In the “Select Network Component Type” dialog box, click Protocol, then Add.
5. In the “Select Network Protocol” dialog box, click Microsoft TCP/IP version 6, then OK.
6. Click Close to save changes to your network connection.

Once IPv6 is installed, IIS will automatically support IPv6 on your web server. If a website was running when you installed the IPv6 stack, you must restart the IIS service before the site begins to listen for IPv6 requests. Sites that you create after you enable IPv6 automatically listen for IPv6. Windows 2008 server should have IPv6 enabled by default.

When your Windows server is ready for IPv6, you will add IPv6 addresses to the server just as you’d add IPv4 addresses … The only difference is you will edit the properties to the Internet Protocol Version 6 (TCP/IPv6) network protocol.

To ready your RedHat/CentOS servers, do this:

1. Using your favorite editor, edit /etc/sysconfig/network and enable NETWORKING_IPV6 by changing the “no” to a “yes.”

   Example:

   NETWORKING=yes
HOSTNAME=ipv6test.yourdomain.com
GATEWAY=10.13.40.1
NETWORKING_IPV6=yes
2. Next edit /etc/sysconfig/network-scripts/ifcfg-eth1 to add IPv6 parameters.

   Add the following to end of the file:

   IPV6INIT=yes
IPV6ADDR=YOURIPV6ADDRESS
IPV6_DEFAULTGW=YOURGATEWAY

   Example:

   IPV6INIT=yes
IPV6ADDR=2607:f0d0:2001:0000:0000:0000:0000:0010/64
IPV6_DEFAULTGW=2607:f0d0:2001:0000:0000:0000:0000:0001
3. Once you have successfully added your assigned IP addresses, you must restart networking with this command:
   [root@ipv6test /]# service network restart

Once you have completed these steps on your respective OS, you should be able to communicate over the IPv6 stack. To test, you can ping ipv6.google.com and see if it works.

3. Bind Your New IPv6 Address to Apache/IIS

Now that you have more IPv6 addresses for your server(s) than what’s available to the entire world in IPv4 space, you must bind them to IIS or Apache. This is done the similarly to the way you bind IPv4 addresses.

In IIS, all IPs that have been added to the system will now be available for use in the website properties. Within Apache, you will add a few directives to ensure your web servers is listening on the IPv6 stack … which brings us to a very important point when it comes to discussing IPv6. Due to the fact that it’s full of colons (:), you can’t just write out the IP as you would a 32-bit address.

IPv6 addresses must be specified in square brackets or the optional port number could not be determined. To enable Apache to listen to both stacks on separate sockets you will need to add a new “Listen” directive:

And for your Virtual Hosts, the will look like this:

4. Add Addresses to DNS

The final step in getting up and running is to add your new IPv6 addresses to your DNS server. If you’re using a IPv6 enabled DNS server, you will simply insert an ‘AAAA’ resource record (aka quad-A record) for your host.

5. Test Your Server’s IPv6 Accessibility

While your DNS is propagating, you can still test your webserver to see if it responds to the IP you assigned by using square brackets in your browser: http://[2101:db8::a00:200f:fda7:00ea]

This test, of course, will only work if your computer is on a IPv6 network. If you are limited to IPv4, you will need sign up with a tunnel broker or switch to an ISP that offers IPv6 connectivity.

After about 24 hours, your server and new host should be ready to serve websites on the IPv6 stack.

Good luck!

-Harold