Welcome to Centmin Mod Community
Become a Member

Nginx SSL Stapling Resolver IPv6

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Matt, May 29, 2014.

  1. Matt

    Matt Moderator Staff Member

    661
    307
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +416
    Local Time:
    6:33 PM
    1.7.1
    MariaDB 10
    Anyone else using IPv6 for the SSL Stapling Resolver?

    Code:
            ssl_stapling on;
            ssl_stapling_verify on;
            ssl_trusted_certificate /PATH/ssl-trusted.crt;
            resolver [2001:4860:4860::8888] [2001:4860:4860::8844] valid=10m;
            resolver_timeout 10s;
    
    Hoping the IPv6 routes are carrying a bit less traffic than the v4 routes.
     
  2. Matt

    Matt Moderator Staff Member

    661
    307
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +416
    Local Time:
    6:33 PM
    1.7.1
    MariaDB 10
    Getting pure IPv6 on the network path, so no v6 to v4 conversion being done
    Code:
    [root@host conf.d]# traceroute6 2001:4860:4860::8888
    traceroute to 2001:4860:4860::8888 (2001:4860:4860::8888), 30 hops max, 80 byte packets
    1  rbx-2-6k.fr.eu (2001:41d0:1:8bff:ff:ff:ff:fd)  0.931 ms * *
    2  rbx-g2-a9.fr.eu (2001:41d0::6b1)  1.118 ms  1.111 ms  1.200 ms
    3  gsw-g1-a9.fr.eu (2001:41d0::b82)  5.102 ms gsw-g1-a9.fr.eu (2001:41d0::16a)  4.720 ms gsw-g1-a9.fr.eu (2001:41d0::b82)  4.701 ms
    4  * * *
    5  google.as15169.fr.eu (2001:41d0::832)  4.533 ms  4.547 ms  4.536 ms
    6  2001:4860::1:0:9f2 (2001:4860::1:0:9f2)  4.789 ms  9.563 ms 2001:4860::1:0:4a3a (2001:4860::1:0:4a3a)  5.077 ms
    7  2001:4860::8:0:5e19 (2001:4860::8:0:5e19)  4.882 ms  4.863 ms 2001:4860::8:0:5e18 (2001:4860::8:0:5e18)  4.820 ms
    8  2001:4860::8:0:6e84 (2001:4860::8:0:6e84)  9.840 ms 2001:4860::8:0:507c (2001:4860::8:0:507c)  9.088 ms  9.101 ms
    9  2001:4860::2:0:87b (2001:4860::2:0:87b)  9.432 ms  9.420 ms  9.648 ms
    10  google-public-dns-a.google.com (2001:4860:4860::8888)  9.358 ms  9.334 ms  9.339 ms
    [root@host conf.d]# traceroute6 2001:4860:4860::8844
    traceroute to 2001:4860:4860::8844 (2001:4860:4860::8844), 30 hops max, 80 byte packets
    1  rbx-2-6k.fr.eu (2001:41d0:1:8bff:ff:ff:ff:fd)  0.403 ms * *
    2  rbx-g2-a9.fr.eu (2001:41d0::6b1)  0.969 ms  1.051 ms  1.094 ms
    3  gsw-g1-a9.fr.eu (2001:41d0::b82)  4.876 ms  5.060 ms gsw-g1-a9.fr.eu (2001:41d0::16a)  4.532 ms
    4  * * *
    5  google.as15169.fr.eu (2001:41d0::832)  4.552 ms  4.540 ms  4.519 ms
    6  2001:4860::1:0:4a3a (2001:4860::1:0:4a3a)  5.040 ms 2001:4860::1:0:9f2 (2001:4860::1:0:9f2)  19.582 ms 2001:4860::1:0:4a3a (2001:4860::1:0:4a3a)  6.097 ms
    7  2001:4860::8:0:5e18 (2001:4860::8:0:5e18)  5.185 ms 2001:4860::8:0:5e19 (2001:4860::8:0:5e19)  4.902 ms  4.917 ms
    8  2001:4860::8:0:6e84 (2001:4860::8:0:6e84)  9.949 ms 2001:4860::8:0:507c (2001:4860::8:0:507c)  21.876 ms  9.045 ms
    9  2001:4860::2:0:87b (2001:4860::2:0:87b)  9.702 ms  9.719 ms  9.425 ms
    10  google-public-dns-b.google.com (2001:4860:4860::8844)  9.267 ms  9.561 ms  9.599 ms
     
  3. eva2000

    eva2000 Administrator Staff Member

    27,770
    6,336
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,339
    Local Time:
    3:33 AM
    Nginx 1.13.x
    MariaDB 5.5
    not using ipv6 myself
     
  4. BamaStangGuy

    BamaStangGuy Active Member

    462
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:33 PM
    I wonder when DigitalOcean will offer it?
     
  5. Matt

    Matt Moderator Staff Member

    661
    307
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +416
    Local Time:
    6:33 PM
    1.7.1
    MariaDB 10
    Would be good if they did, as that is another this Linode now has on with the price plans being similar again.
     
  6. Null

    Null New Member

    4
    1
    3
    May 26, 2014
    Leicestershire, UK
    Ratings:
    +1
    Local Time:
    6:33 PM
    1.7.1
    10.0.10
    It's worth noting that Linode have offered IPv6 for over 3 years now ;).
     
  7. Matt

    Matt Moderator Staff Member

    661
    307
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +416
    Local Time:
    6:33 PM
    1.7.1
    MariaDB 10
    I know, but was referring it to another plus for Linode, because the plan pricing is now on part with DO, but it's another feature you can't get with DO. (y)
     
  8. BamaStangGuy

    BamaStangGuy Active Member

    462
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:33 PM
    And then DigitalOcean showed up and showed every one that marketing ploy wasn't worth it.