[Koha] Koha and IPV6

Michael Kuhn mik at adminkuhn.ch
Fri Apr 28 23:32:40 NZST 2023 

Hi Chris

On 20 February you wrote:

 > If you want to run it via IPV6 you will just need to set up Apache (or
 > Nginx or whatever you have in front of plack) to support IPV6 (and the
 > networking itself of course) and then it should work fine.
 > There should be no tricks needed

Thanks for your answer!

Meanwhile we have set up the Apache HTTP Server to support IPV6. Just 
for anyone who may need this information in the future I describe what 
we actually have done. I'm not exactly sure if everything is really 
necessary but however it seems to work for us.

Here our instance is called "subdomain" ; IPV6 address is given as 
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx ; IPV4 address is given as 
xxx.xxx.xxx.xxx ; we are using a X.509 certifivate from Let's Encrypt.


1. Don't deactivate IPV6 in file "/etc/sysctl.conf".

  # cat /proc/sys/net/ipv6/conf/all/disable_ipv6
  1


2. In file "/etc/hosts" we included our IPV4 address as well as our IPV6 
address.

  xxx.xxx.xxx.xxx subdomain.domain.xx
  xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx subdomain.domain.xx


3. The configuration of the Apache HTTP Server in file 
"/etc/apache2/sites-available/subdomain.conf" looks as follows.


# Koha instance opac Apache config.

# redirect http to https
<VirtualHost [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:80 
xxx.xxx.xxx.xxx:80>
    ServerName subdomain.domain.xx
    ServerAlias subdomain.domain.xx
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:8080 
xxx.xxx.xxx.xxx:8080>
    ServerName subdomain.domain.xx
    ServerAlias subdomain.domain.xx
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}:8443/$1 [R,L]
</VirtualHost>

# OPAC
<VirtualHost [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:443 
xxx.xxx.xxx.xxx:443>
   SSLEngine on
   SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
   SSLCompression off
   SSLHonorCipherOrder on
   SSLCipherSuite 
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-SA-
   SSLCertificateKeyFile 
/etc/letsencrypt/live/subdomain.domain.xx/privkey.pem
   SSLCertificateFile 
/etc/letsencrypt/live/subdomain.domain.xx/cert.pem
   SSLCertificateChainFile 
/etc/letsencrypt/live/subdomain.domain.xx/chain.pem

   <IfVersion >= 2.4>
    Define instance "subdomain"
   </IfVersion>
    Include /etc/koha/apache-shared.conf
#  Include /etc/koha/apache-shared-disable.conf
#  Include /etc/koha/apache-shared-opac-plack.conf
    Include /etc/koha/apache-shared-opac.conf

    ServerName subdomain.domain.xx
    SetEnv KOHA_CONF "/etc/koha/sites/subdomain/koha-conf.xml"
    AssignUserID subdomain-koha subdomain-koha

    ErrorLog    /var/log/koha/subdomain/opac-error.log
#  TransferLog /var/log/koha/subdomain/opac-access.log
</VirtualHost>

# Intranet
<VirtualHost [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]:8443 
xxx.xxx.xxx.xxx:8443>
   SSLEngine on
   SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
   SSLCompression off
   SSLHonorCipherOrder on
   SSLCipherSuite 
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES
   SSLCertificateKeyFile 
/etc/letsencrypt/live/subdomain.domain.xx/privkey.pem
   SSLCertificateFile 
/etc/letsencrypt/live/subdomain.domain.xx/cert.pem
   SSLCertificateChainFile 
/etc/letsencrypt/live/subdomain.domain.xx/chain.pem

   <IfVersion >= 2.4>
    Define instance "subdomain"
   </IfVersion>
    Include /etc/koha/apache-shared.conf
#  Include /etc/koha/apache-shared-disable.conf
#  Include /etc/koha/apache-shared-intranet-plack.conf
    Include /etc/koha/apache-shared-intranet.conf

    ServerName subdomain.domain.xx
    SetEnv KOHA_CONF "/etc/koha/sites/subdomain/koha-conf.xml"
    AssignUserID subdomain-koha subdomain-koha

    ErrorLog    /var/log/koha/subdomain/intranet-error.log
#  TransferLog /var/log/koha/subdomain/intranet-access.log
</VirtualHost>


Best wishes: Michael
-- 
Geschäftsführer · Diplombibliothekar BBS, Informatiker eidg. Fachausweis
Admin Kuhn GmbH · Pappelstrasse 20 · 4123 Allschwil · Schweiz
T 0041 (0)61 261 55 61 · E mik at adminkuhn.ch · W www.adminkuhn.ch



Am 20.02.23 um 21:39 schrieb Chris Cormack:
> Kia ora Michael
> 
> 
> Chris
> 
> On 21/02/23 09:36, Michael Kuhn wrote:
>> Hi
>>
>> Our library can access the the future virtual machine running Koha 
>> only via IPV6. I coulnd't find the terms IPV4 or IPV6 neither in 
>> https://wiki.koha-community.org/wiki/System_requirements_and_recommendations nor in the current Koha manual. Thus my question (since until now I have implemented only Koha-installations with IPV4):
>>
>> Is Koha able to run just with IPV6 addresses, also when using Let's 
>> Encrypt?
>>
>> Are there maybe some caveats?
>>
>> Best wishes: Michael
> _______________________________________________
> 
> Koha mailing list  http://koha-community.org
> Koha at lists.katipo.co.nz
> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha

More information about the Koha mailing list