IPv4 to IPv6 Proxy configuration
How to use the IPv4 to IPv6 Reverse Proxy for IPv6-only hosting
What is this?
Our IPv4 to IPv6 reverse proxies allow you to host a website on an IPv6-only server and make it accessible to all users, including those who only have an IPv4 connection.
Why is this needed?
IPv4 addresses are in short supply, which is why we offer cheaper, IPv6-only servers. Unfortunately, not all users have an IPv6-enabled connection yet, and so would not normally be able to view a site on an IPv6-only server.
What problem does this solve?
Our IPv4 to IPv6 reverse proxy will relay traffic for common services, such as HTTP and HTTPS, from a shared IPv4 address to your server's IPv6 address, making your website accessible to users on an IPv4-only connection.
Important information to remember
To use this service, the domains that you wish to host websites on must be known to our control panel. If the domain is not registered through us, you can add it as a "third party domain".
Our proxies will also relay IPv6 traffic, which can simplify configuration, as you can direct all traffic to your site by the same route.
HTTPS and other secure services
Our proxy uses Server Name Indication (SNI) to pass HTTPS and certain other secure protocols through to your server without decrypting the traffic. This means that we don't need access to your certificate.
Configuring a reverse proxy
Head to IPv4 to IPv6 Reverse Proxy section, under Servers, in the control panel.
Enter the hostname, and select the domain you wish to use. So if you wish to host www.example.com, set the hostname to www and select example.com from the list of domains.
If you wish to host a website on the bare domain name (e.g. https//example.com) you should enter a hostnae of @.
Enter the IPv6 address of your server in the Endpoint address field and then press the Add button.
You should leave the location set to the default of 'ALL' which will use all available proxies.
Next, you need to update the DNS records for your domain to direct traffic to our proxy servers.
The best way to use the proxies is to set up a CNAME or ANAME record, pointing to proxy.mythic-beasts.com.
Generally if you are setting up a record for a hostname within your domain (e.g. www.example.com) you can, and should, use a CNAME. If you are setting up a record for a bare domain (e.g. example.com) you won't be able to use a CNAME record, and you should use an ANAME psuedo-record instead.
For almost every hostname, you can use CNAME records instead which require less configuration. However, if you already have a hostname configured (for example sub.domain.tld as MX, and sub.domain.tld as AAAA), you must use the AAAA and A records.
If the DNS for your domain is not managed by Mythic Beasts, and you are unable to use either a CNAME or ANAME record, then you can use A and AAAA records using the details below.
Example
As an example, to create a working proxy for www.mydomain.tld you would need to put the following parts into the Reverse Proxy, and Manage DNS pages;
..in the IPv4 to IPv6 Reverse Proxy section
Hostname Domain Data centre Endpoint address -------- ------ ----------- --------------- www mydomain.tld ALL 2001:db8:0::1
..in the Manage DNS section
Hostname Type Data -------- ---- ---- www CNAME proxy.mythic-beasts.com. @ ANAME proxy.mythic-beasts.com.
Done!
Please note that our reverse proxies only update their configuration once every five minutes, and there may also be delays before DNS changes are fully active.
Advanced users
PROXY protocol
One disadvantage of using the proxy service, is that all requests will appear to come from our proxy server, rather than from the end user. This will mean that the end user's IP address will not be visible in your server logs, and will prevent IP-based access controls. To a large extent this can be addressed by using PROXY protocol, a protocol which adds an additional header to all requests that includes the actual client IP address. In order to use this, you will need to configure your server software to handle PROXY protocol. At time of wriiting, nginx has native support for PROXY protocol, and Apache has support in the form of an optional module.
If you enable PROXY protocol, you should take steps (e.g. a firewall) to only accept HTTP/HTTPS requests from our proxy servers, as otherwise it is trivial for third parties to spoof their IP address.
Multiple backends
The service does allow the use of more than one endpoint address and will round robin between them accordingly. There is no guarantee that a client will be directed back to the same endpoint on subsequent requests.
Proxy location
You may direct traffic to a specific proxy server. If you have services in different data centres, you can use this to control the path that traffic takes. Details of the individual proxy servers are included below.
Wildcard hostnames
Wildcard addresses are also supported:
Hostname Domain Data centre Endpoint address -------- ------ ----------- --------------- myhostname mydomain ALL 2001:db8:0::1 * mydomain ALL 2001:db8:0::1 @ mydomain ALL 2001:db8:0::1
Proxy details
All proxies
| Type | Value |
|---|---|
| CNAME / ANAME | proxy.mythic-beasts.com |
| A |
46.235.225.189 93.93.129.174 |
| AAAA |
2a00:1098::82:1000:3b:1:1 2a00:1098::80:1000:3b:1:1 |
London Harbour Exchange (HEX)
| Type | Value |
|---|---|
| CNAME / ANAME | hex.proxy.mythic-beasts.com |
| A |
46.235.225.189 |
| AAAA |
2a00:1098::82:1000:3b:1:1 |
London Sovereign House (SOV)
| Type | Value |
|---|---|
| CNAME / ANAME | sov.proxy.mythic-beasts.com |
| A |
93.93.129.174 |
| AAAA |
2a00:1098::80:1000:3b:1:1 |