Use Hurricane Electric Free IPv6 Tunnel Broker to enable IPv6 support on Alibaba Cloud servers.
A few days ago, my new version of the iOS App was rejected because it couldn’t be used in an IPv6-only environment. However, Alibaba Cloud’s ECS does not support IPv6 and only provides IPv4 IPs. Fortunately, Hurricane Electric (hereinafter referred to as HE) offers a free IPv6 tunnel which is basically sufficient.
Let’s talk about the basic environment of ECS:
- Operating System: Ubuntu
- Front-end Server: Nginx
There are mainly four steps to enable IPv6:
- Register and create an IPv6 tunnel
- Configure ECS to support IPv6
- Configure Nginx to listen to IPv6 ports
- Configure DNS to support IPv6 resolution
Step 1: Register and create an IPv6 tunnel
- Register at https://www.tunnelbroker.net/ (email verification required)
- Click on Create Regular Tunnel
- Fill in the ECS’s IPv4 address at
IPv4 Endpoint (Your side)
- Choose
Hong Kong, HK
fromAvailable Tunnel Servers
(if you are targeting overseas users, you can choose a region closer to your target audience) - After clicking
Create Tunnel
, the tunnel is created
Step 2: Configure ECS to support IPv6
- Edit
/etc/sysctl.conf
and change the following three settings to0
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
- Add the following content at the bottom of
/etc/network/interfaces
(Note: Replace the uppercasebelow with the Server IPv6 Address
you got from HE, excluding the last::1/64
, e.g.,2001:470:100:100
)
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address <IPV6>::2
netmask 64
remote <HE's Server IPv4 Address>
local <Alibaba Cloud's IPv4 Address>
endpoint any
ttl 255
gateway <IPv6>::1
up ip -6 route add 2000::/3 via ::<HE's Server IPv4 Address> dev he-ipv6
up ip -6 addr add <IPv6>::1:1/128 dev he-ipv6
up ip -6 addr add <IPv6>::2:1/128 dev he-ipv6
down ip -6 route flush dev he-ipv6
- Restart the server
- Execute
ifup he-ipv6
to confirm that IPv6 has been enabled
Step 3: Configure Nginx to listen to IPv6 ports
server {
listen 80; // Listen to IPv4 port 80
listen [::]:80; // Listen to IPv6 port 80
}
server {
listen 443 ssl http2; // Listen to IPv4 port 443
listen [::]:443 ssl http2; // Listen to IPv6 port 443
}
Step 4: Configure DNS to support IPv6 resolution
This step is the easiest; just add an AAAA
record for the corresponding domain name, and fill in the Client IPv6 Address
from HE, removing the last /64
, e.g., 2001:470:100:100::2
.