Dedicated IPv6 addresses for multiple nginx vhosts using SSL?
When I last did a major upgrade of my hosting configuration a few years back, I also migrated to using dedicated IPv6 addresses for each of the (several dozen) websites I host.
When hosting multiple sites on the one server using SSL, the advice at the time was to use a single IPv4 address with SNI, but to configure separate IPv6 addresses for each site (using Linode's supplied /64 block of IPv6 addresses routed to each Linode).
So the nginx server block looked roughly like this:
server {
server_name foo.example.com;
listen 443 ssl http2;
listen [ipv6:address:goes:here]:443 ssl http2;
...
}
server {
server_name foo.example.com;
listen 80;
listen [ipv6:address:goes:here]:80;
return 301 https://foo.example.com$request_uri;
}
However, I'm moving to a new setup now and taking the opportunity to revisit my server configuration and note that the recommended configuration people are using doesn't bother with dedicated IPv6 addresses anymore for each host and simply uses a common configuration where both the IPv4 and IPv6 addresses are shared between sites (ie there is one IPv4 address and one IPv6 address assigned to the server and all websites hosted on that server use those same addresses).
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name foo.example.com;
...
}
Any thoughts on current best practices?
Any compelling reason to continue using dedicated IPv6 addresses for each website hosted on a server?
1 Reply
Since IPv6 addresses are more widely available than IPv4, you can definitely continue to use a separate IPv6 for each site. I don't know that there would be a significant benefit for individual IPv6s over one shared IPv6; this would depend on your configuration and how much traffic you expect over IPv6. If your sites are relatively small or managed with Wordpress and you use a virtual hosts file, keeping the sites under one IPv6 might take less effort.