IPv4 to IPv6 Proxy configuration

How to use the IPv4 to IPv6 Reverse Proxy for IPv6-only hosting

User ID:
Customer:
login

What is this?

Our IPv4 to IPv6 reverse proxies allow you to host a website on an IPv6-only server and make it accessible to all users, including those who only have an IPv4 connection.

Why is this needed?

IPv4 addresses are in short supply, which is why we offer cheaper, IPv6-only servers. Unfortunately, not all users have an IPv6-enabled connection yet, and so would not normally be able to view a site on an IPv6-only server.

What problem does this solve?

Our IPv4 to IPv6 reverse proxy will relay traffic for common services, such as HTTP and HTTPS, from a shared IPv4 address to your server's IPv6 address, making your website accessible to users on an IPv4-only connection.

Important information to remember

To use this service, the domains that you wish to host websites on must be known to our control panel. If the domain is not registered through us, you can add it as a "third party domain".

Our proxies will also relay IPv6 traffic, which can simplify configuration, as you can direct all traffic to your site by the same route.

HTTPS and other secure services

Our proxy uses Server Name Indication (SNI) to pass HTTPS and certain other secure protocols through to your server without decrypting the traffic. This means that we don't need access to your certificate.

Configuring a reverse proxy

Head to IPv4 to IPv6 Reverse Proxy section, under Servers, in the control panel.

Enter the hostname, and select the domain you wish to use. So if you wish to host www.example.com, set the hostname to www and select example.com from the list of domains.

If you wish to host a website on the bare domain name (e.g. https//example.com) you should enter a hostnae of @.

Enter the IPv6 address of your server in the Endpoint address field and then press the Add button.

You should leave the location set to the default of 'ALL' which will use all available proxies.

Next, you need to update the DNS records for your domain to direct traffic to our proxy servers. The best way to use the proxies is to set up a CNAME or ANAME record, pointing to proxy.mythic-beasts.com.

Generally if you are setting up a record for a hostname within your domain (e.g. www.example.com) you can, and should, use a CNAME. If you are setting up a record for a bare domain (e.g. example.com) you won't be able to use a CNAME record, and you should use an ANAME psuedo-record instead.

For almost every hostname, you can use CNAME records instead which require less configuration. However, if you already have a hostname configured (for example sub.domain.tld as MX, and sub.domain.tld as AAAA), you must use the AAAA and A records.

If the DNS for your domain is not managed by Mythic Beasts, and you are unable to use either a CNAME or ANAME record, then you can use A and AAAA records using the details below.

Example

As an example, to create a working proxy for www.mydomain.tld you would need to put the following parts into the Reverse Proxy, and Manage DNS pages;

..in the IPv4 to IPv6 Reverse Proxy section
Hostname  Domain        Data centre  Endpoint address
--------  ------        -----------  ---------------
www       mydomain.tld  ALL          2001:db8:0::1
..in the Manage DNS section
Hostname  Type   Data
--------  ----   ----
www       CNAME  proxy.mythic-beasts.com.
@         ANAME  proxy.mythic-beasts.com.

Done!

Please note that our reverse proxies only update their configuration once every five minutes, and there may also be delays before DNS changes are fully active.

Advanced users

PROXY protocol

One disadvantage of using the proxy service, is that all requests will appear to come from our proxy server, rather than from the end user. This will mean that the end user's IP address will not be visible in your server logs, and will prevent IP-based access controls. To a large extent this can be addressed by using PROXY protocol, a protocol which adds an additional header to all requests that includes the actual client IP address. In order to use this, you will need to configure your server software to handle PROXY protocol. At time of wriiting, nginx has native support for PROXY protocol, and Apache has support in the form of an optional module.

If you enable PROXY protocol, you should take steps (e.g. a firewall) to only accept HTTP/HTTPS requests from our proxy servers, as otherwise it is trivial for third parties to spoof their IP address.

Multiple backends

The service does allow the use of more than one endpoint address and will round robin between them accordingly. There is no guarantee that a client will be directed back to the same endpoint on subsequent requests.

Proxy location

You may direct traffic to a specific proxy server. If you have services in different data centres, you can use this to control the path that traffic takes. Details of the individual proxy servers are included below.

Wildcard hostnames

Wildcard addresses are also supported:

Hostname     Domain    Data centre  Endpoint address
--------     ------    -----------  ---------------
myhostname   mydomain  ALL          2001:db8:0::1
*            mydomain  ALL          2001:db8:0::1
@            mydomain  ALL          2001:db8:0::1

Proxy details

All proxies

Type Value
CNAME / ANAME proxy.mythic-beasts.com
A 46.235.225.189
93.93.129.174
AAAA 2a00:1098::82:1000:3b:1:1
2a00:1098::80:1000:3b:1:1

London Harbour Exchange (HEX)

Type Value
CNAME / ANAME hex.proxy.mythic-beasts.com
A 46.235.225.189
AAAA 2a00:1098::82:1000:3b:1:1

London Sovereign House (SOV)

Type Value
CNAME / ANAME sov.proxy.mythic-beasts.com
A 93.93.129.174
AAAA 2a00:1098::80:1000:3b:1:1