Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Use Oracle Cloud Infrastructure to Publish a Webserver Accessible from the Internet with IPv6

Introduction

In this tutorial, we are going to explain how we can create a webserver (OCI instance) within Oracle Cloud Infrastructure (OCI) and we will make this webserver accessible from the internet. We are not only going to make this webserver accessible from a public IPv4 address, but will also make it accessible from the public IPv6 address with the DNS records (FQDN) fully configured.

Note: The domains that we have used in this tutorial were created and configured for testing purposes only.

Objectives

• Create a website using an OCI instance that is reachable through IPv6. We have also explained how to create and configure all the other prerequisites to make the website available eventually. As a bonus, we have also explained how the NGINX webserver is installed and how PHP is integrated. At last, we will provide a custom PHP website or script that can be used to verify IPv4 or IPv6 connectivity to your web server and if you are connecting with HTTP or HTTPS.

  • Task 1: Create a new VCN with IPv6 enabled.
  • Task 2: Create a new subnet with IPv6 enabled.
  • Task 3: Create a new instance with IPv6 enabled.
  • Task 4: Create a new internet gateway and configure routing.
  • Task 5: Open HTTP and HTTPS on the default security list.
  • Task 6: Install a webserver on this instance.
  • Task 7: Configure DNS records.
  • Task 8: Create a custom website with NGINX and PHP.
  • Task 9: Test the webserver from the internet.

Task 1: Create a New VCN with IPv6 Enabled

• Open the hamburger menu and click Virtual Cloud Networking.

  

  1. Make sure you select Virtual Cloud Networks in the menu.
  2. Select the compartment that you want to work in. If you have not set up the compartment, use the root compartment.
  3. Click Create VCN.

  

• In Create a Virtual Cloud Networks, enter the following information.

  1. Enter a VCN Name.
  2. Select the compartment again, if it is not already pre-populated.
  3. Select the IPv4 CIDR that you want to use inside this VCN. For this tutorial, we have used a /16 CIDR because IPv4 Subnets (typically, /24’s) will be carved out of this CIDR clock.
  4. Scroll down.

  

  1. For IPv6, we will assign an Oracle allocated prefix. Select Assign an Oracle allocated /56 prefix.
  2. Click Create VCN.

  

We have now created a new VCN with new IPv4 and IPv6 network spaces that we can use to carve IPv4 and IPv6 subnets.

Task 2: Create a New Subnet with IPv6 Enabled

• Click Create Subnet.

  

• In Subnet, enter the following information.

  1. Enter the Name of the subnet.
  2. Select the compartment that this subnet needs to be in, if it is not already pre-populated.
  3. For the Subnet Type, we will select Regional for now.
  4. Enter the IPv4 subnet that we will carve out of the CIDR block we have assigned in the VCN. Make sure the new /24 CIDR block falls within the /16 that was determined in the VCN.
  5. Scroll down.

  

  1. For IPv6, we will assign an Oracle allocated prefix. Select Assign an Oracle allocated /64 prefix.
  2. Select a new HEX decimal to complete the Oracle allocated prefix.
  3. Select the default route table for the VCN.
  4. Make the subnet public, so that we get public IP addresses as we need this to make webserver accessible from the internet.
  5. Scroll down.

  

  1. Select the default DHCP for the VCN.
  2. Select the default security list for the VCN.
  3. Click Create Subnet.

  

• Notice that the state of the newly created subnet is Provisioning.

  

  After a few minutes, the state of the new subnet will be Available.

  

Now the subnet is ready to use for IPv4 and IPv6 addresses.

Task 3: Create a New Instance with IPv6 Enabled

• Open the OCI Console.

  1. Click the hamburger menu in the top left corner.
  2. Click Instances from the pinned section.

  

• Click Create Instance.

• In Create compute instance, enter the following information.

  1. Enter the Name of the instance.
  2. Select the compartment where the instance needs to be in.
  3. Select in which Availability Domain you want to place this instance. For this tutorial, as the Northwest region of The Netherlands, we only have one availability domain.
  4. Scroll down.

  

  Keep everything default and scroll down.

  

  1. In Primary network, select Select existing virtual cloud network.
  2. Selected the VCN created in Task 1.
  3. For the subnet, select Select existing subnet.
  4. Select the subnet created in Task 2.
  5. Scroll down.

  

  1. Private IPv4 address: Select Automatically assign private IPv4 address.
  2. IPv6 address: Select Assign IPv6 addresses from subnet prefix that was configured during subnet creation in Task 2.
  3. IPv6 address assignment: Select Automatically assign private IPv6 address from prefix.
  4. Scroll down.

  

  1. In order to access and manage this Linux instance we need to work with SSH Keys. For this tutorial, we will let OCI generate a new SSH key pair.
  2. Download the private and public keys on the local computer so we can use these to access and manage this Linux instance after creation.

  

• Click Create to create the instance.

  

  1. During creation, the state of the instance will be PROVISIONING.
  2. Notice that there are no IP address details available yet.

  

  1. When the instance is fully created and ready, the state will be set to RUNNING.
  2. Notice that the IP address details are available now.

  

The next logical task will be to access the instance using SSH so we can start installing and configuring the webserver. When we try to connect to the webserver using public IPv4 address and the private key, we are not able to connect because the VCN created in Task 1 has no internet gateway and now we need to create that internet gateway first in the VCN and also configure routing.

Task 4: Create a New Internet Gateway and Configure Routing

To enable access to a new instance (webserver) from the internet, initially using SSH and eventually transitioning to HTTP, we must establish an internet gateway.

• Open the OCI Console.

  1. Go to Virtual Cloud Networks.
  2. Select the VCN created in Task 1.

  

• In the VCN details page, click Internet Gateways.

  

• Click Create Internet Gateway.

  

• In Create Internet Gateway, enter the following information.

  1. Enter the name.
  2. Select the compartment.
  3. Click Create Internet Gateway.

  

• Add a route rule.

  1. Notice that the internet gateway is Available.
  2. Click Route Tables.

  

  1. Notice that the Default Route Table has a 0 in the number of rules.
  2. Click Default Route Table.

  

  1. Protocol Version: Select IPv4.
  2. Target Type: Select Internet Gateway.
  3. Destination CIDR Block: For this tutorial, select 0.0.0.0/0 as we want all default IPv4 network traffic to go to the internet gateway.
  4. Select the Target Internet Gateway created above in this task.
  5. Click Add Route Rules.

  

  1. Notice that the new IPv4 default route rule has been created.
  2. To route IPv6 internet traffic, we also need to create a new IPv6 default internet rule. Click Add Route Rules again.

  

  1. Protocol Version: Select IPv6.
  2. Target Type: Select Internet Gateway.
  3. Destination CIDR Block: For this tutorial, select :/0 as we want all default IPv6 network traffic to go to the internet gateway.
  4. Select the Target Internet Gateway created above in this task.
  5. Click Add Route Rules.

  

• Notice that the new IPv6 default route rule has been created.

  

  1. We connect to the newly created instance through SSH using the private key.
  2. After the connection has been established successfully, run ip a command to verify IP addresses.
  3. Notice that the private IPv4 address is the same as provided for the instance details.

  

  1. We also test the connection using the macOS CLI terminal, run the ssh -i ssh-key-2024-02-05.key opc@xxx.xxx.xxx.48 command.
  2. After the connection has been established successfully, run the ip a command to verify IP addresses.
  3. Notice that the private IPv4 address is the same as provided for the instance details in the OCI Console.

  Note that the instance does not have the IPv6 address that was provided for the instance details in the OCI Console.

  

• This problem can be fixed by doing a reboot of the instance.

  1. Navigate to the instance.
  2. Click Reboot.

  

  1. Connect to the instance again through SSH using the private key.
  2. After the connection has been established successfully, run the ip a command to verify IP addresses.
  3. Notice that the private IPv4 address is the same as provided in the instance details.
  4. Notice that the private IPv6 address is the same as provided in the instance details.
  5. To test connectivity towards the internet we also do a ping to the IPv6 IP address of one of Google’s DNS servers.

  

  1. Do a quick test to see if we can connect to an instance using an IPv6 address. Run the ssh -i ssh-key-2024-02-05.key opc@2603:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx command to test.
  2. After the connection has been established successfully, run the ip a command to verify IP addresses.
  3. Notice that the private IPv4 address is the same as provided in the instance details.
  4. Notice that the private IPv6 address is the same as provided in the instance details.

  

Task 5: Open HTTP and HTTPS on the Default Security List

When a new VCN is created a default security list is applied to the subnets inside that VCN. By default, ICMP and SSH are permitted inbound (ingress). We need to add HTTP and HTTPS to that list to allow incoming traffic for the webserver.

• Click the hamburger menu, and select Virtual Cloud Networks.

  

• Click the VCN created in Task 1.

  

• Scroll down.

  

• Click Security Lists.

  

• Click Default Security List.

  

• Click Add Ingress Rules.

  

• Add new security rules for IPv4 network traffic.

  1. Source Type: Select CIDR.
  2. Source CIDR: Enter 0.0.0.0/0.
  3. IP Protocol: Select TCP.
  4. Source Port Range: Keep default (All).
  5. Destination Port Range: Select 80,443 (HTTP and HTTPS).
  6. Enter the Description.
  7. Click Add Ingress Rules.

  

• Review the IPv4 Security Rules to allow HTTP and HTTPS traffic inbound.

  

• To add new security rules for IPv6 network traffic, create new ingress rules. Click Add Ingress Rules again.

  1. Source Type: Select CIDR.
  2. Source CIDR: Enter ::/0.
  3. IP Protocol: Select TCP.
  4. Source Port Range: Keep default (All).
  5. Destination Port Range: Select 80,443 (HTTP and HTTPS).
  6. Enter the Description.
  7. Click Add Ingress Rules.

  

• Review the IPv6 Security Rules to allow HTTP and HTTPS traffic inbound.

  

The security rules are in place and IPv4 and IPv6 traffic is allowed on the VCN subnets, we will install the webserver application on the instance.

Task 6: Install a Webserver on Instance

Before we install the webserver application, quickly validate if the firewall ports are configured correctly. use the following website IPV6 Online Port Scanner. This website has an IPv6 port scanner, but you can also enter IPv4 addresses.

• Enter the IPv4 address with the details to perform the scan on TCP port 80. Notice that this state is CLOSED as the webserver application is not installed yet and the state is not FILTERED as we have added the rules to the default security list.

  

• For the IPv6 address, Enter the following details. The output is the same as IPv4 for the same reasons.

  

• On the webserver instance terminal console or SSH. Enter the following commands to update the DNF software package manager and to install DNF utils.

  [opc@ih-webserver-01 ~]$ sudo dnf update -y
  [opc@ih-webserver-01 ~]$ sudo dnf install dnf-utils -y
  

• Update the nginx.repo file to specify the details to download and install the NGINX webserver application.

  [opc@ih-webserver-01 ~]$ sudo nano /etc/yum.repos.d/nginx.repo
  

  Copy and paste the following content in the nginx.repo file.

  [nginx-stable]
  name=nginx stable repo
  baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
  gpgcheck=1
  enabled=1
  gpgkey=https://nginx.org/keys/nginx_signing.key
  module_hotfixes=true
  
  [nginx-mainline]
  name=nginx mainline repo
  baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
  gpgcheck=1
  enabled=0
  gpgkey=https://nginx.org/keys/nginx_signing.key
  module_hotfixes=true
  

  Verify the content of the nginx.repo file.

  [opc@ih-webserver-01 ~]$ sudo more /etc/yum.repos.d/nginx.repo
  [nginx-stable]
  name=nginx stable repo
  baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
  gpgcheck=1
  enabled=1
  gpgkey=https://nginx.org/keys/nginx_signing.key
  module_hotfixes=true
  
  [nginx-mainline]
  name=nginx mainline repo
  baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
  gpgcheck=1
  enabled=0
  gpgkey=https://nginx.org/keys/nginx_signing.key
  module_hotfixes=true
  [opc@ih-webserver-01 ~]$
  

• By default, the repository for stable Nginx packages is used. To use mainline Nginx packages, run the following command.

  [opc@ih-webserver-01 ~]$ sudo yum-config-manager --enable nginx-mainline
  

• Use the following command to install the NGINX webserver application.

  [opc@ih-webserver-01 ~]$ sudo dnf install nginx
  

• To start the NGINX webserver application, run the following command.

  [opc@ih-webserver-01 ~]$ sudo systemctl start nginx
  

• When the installation is complete, enable NGINX to start automatically upon system boot and start the webserver.

  [opc@ih-webserver-01 ~]$ sudo systemctl enable nginx
  Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
  

• Use the following command to verify the running status of the NGINX webserver application.

  [opc@ih-webserver-01 ~]$ systemctl status nginx
  ● nginx.service - nginx - high performance web server
    Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
    Active: active (running) since Tue 2024-02-06 08:58:43 GMT; 2min 47s ago
      Docs: http://nginx.org/en/docs/
  Main PID: 43323 (nginx)
      Tasks: 3 (limit: 99901)
    Memory: 2.8M
    CGroup: /system.slice/nginx.service
            ├─43323 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
            ├─43324 nginx: worker process
            └─43325 nginx: worker process
  
  Feb 06 08:58:43 ih-webserver-01 systemd[1]: Starting nginx - high performance web server...
  Feb 06 08:58:43 ih-webserver-01 systemd[1]: Started nginx - high performance web server.
  [opc@ih-webserver-01 ~]$
  

• Use the following command to verify the version of the NGINX webserver application.

  [opc@ih-webserver-01 ~]$ nginx -v
  nginx version: nginx/1.25.3
  [opc@ih-webserver-01 ~]$
  

• firewalld is a zone-based personal firewall that is installed on the Oracle Linux deployment on OCI. We already have a firewall configured through the default security list on the VCN subnets. We will disable the internal firewalld service. Run the following command.

  [opc@ih-webserver-01 nginx]$ sudo systemctl stop firewalld
  [opc@ih-webserver-01 nginx]$ sudo systemctl disable firewalld
  Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
  Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
  [opc@ih-webserver-01 nginx]$ sudo setenforce 0
  [opc@ih-webserver-01 nginx]$
  

• To verify if the webserver service is running, check if the listener is running. Run the following command. Notice that the three NGINX services are running all listening on IPv4 and port 80. What stands out here is that we are missing the IPv6 listener.

  [opc@ih-webserver-01 ~]$ sudo lsof -i -P -n | grep LISTEN
  systemd       1               root   71u  IPv4  19039      0t0  TCP *:111 (LISTEN)
  systemd       1               root   82u  IPv6  19041      0t0  TCP *:111 (LISTEN)
  rpcbind    1421                rpc    4u  IPv4  19039      0t0  TCP *:111 (LISTEN)
  rpcbind    1421                rpc    6u  IPv6  19041      0t0  TCP *:111 (LISTEN)
  osms-agen  2429               root    7u  IPv6  41713      0t0  TCP 127.0.0.1:32768 (LISTEN)
  osms-agen  2429               root   10u  IPv4  41722      0t0  TCP 127.0.0.1:9003 (LISTEN)
  pmcd       2469                pcp    0u  IPv4  35603      0t0  TCP 127.0.0.1:44321 (LISTEN)
  pmcd       2469                pcp    3u  IPv6  35604      0t0  TCP [::1]:44321 (LISTEN)
  pmlogger   3188                pcp    7u  IPv4  42005      0t0  TCP 127.0.0.1:4330 (LISTEN)
  pmlogger   3188                pcp    8u  IPv6  42006      0t0  TCP [::1]:4330 (LISTEN)
  sshd       6745               root    3u  IPv4  54797      0t0  TCP *:22 (LISTEN)
  sshd       6745               root    4u  IPv6  54799      0t0  TCP *:22 (LISTEN)
  nginx     43323               root    6u  IPv4  98324      0t0  TCP *:80 (LISTEN)
  nginx     43324              nginx    6u  IPv4  98324      0t0  TCP *:80 (LISTEN)
  nginx     43325              nginx    6u  IPv4  98324      0t0  TCP *:80 (LISTEN)
  

• Another quick check, we do a curl to the local webserver to see if we can see the default NGINX webserver is reachable using IPv4.

  [opc@ih-webserver-01 ~]$ curl http://localhost
  <!DOCTYPE html>
  <html>
  <head>
  <title>Welcome to nginx!</title>
  <style>
  html { color-scheme: light dark; }
  body { width: 35em; margin: 0 auto;
  font-family: Tahoma, Verdana, Arial, sans-serif; }
  </style>
  </head>
  <body>
  <h1>Welcome to nginx!</h1>
  <p>If you see this page, the nginx web server is successfully installed and
  working. Further configuration is required.</p>
  
  <p>For online documentation and support please refer to
  <a href="http://nginx.org/">nginx.org</a>.<br/>
  Commercial support is available at
  <a href="http://nginx.com/">nginx.com</a>.</p>
  
  <p><em>Thank you for using nginx.</em></p>
  </body>
  </html>
  [opc@ih-webserver-01 ~]$
  

• We will do the same test from the internet using the same IPv6 Online Port Scanner website and now the port is OPEN for IPv4.

  

• The final test will be to test the website or webserver is reachable using a remote browser using IPv4. The URL used is http://144.xxx.xxx.xxx.

  

• Even though we have installed the NGINX webserver application, we still get the following result for the IPv6 address.

  

  To fix this, we need to make sure that the webserver is configured to listen to IPv6 addresses as well. To do this, edit the default.conf nginx file.

  [opc@ih-webserver-01 conf.d]$ sudo nano /etc/nginx/conf.d/default.conf
  

  The server section of the configuration file looks like this.

  server {
      listen       80;
      server_name  localhost;
  
      #access_log  /var/log/nginx/host.access.log  main;
  
      location / {
          root   /usr/share/nginx/html;
          index  index.html index.htm;
      }
  

  Add the following line to the server section.

  **listen  [::]:80;**
  

  The server section will look like this.

  server {
      listen       80;
      **listen  [::]:80;**
      server_name  localhost;
  
      #access_log  /var/log/nginx/host.access.log  main;
  
      location / {
          root   /usr/share/nginx/html;
          index  index.html index.htm;
      }
  

  After the update, the default.conf file will look like.

  [opc@ih-webserver-01 conf.d]$ sudo more /etc/nginx/conf.d/default.conf
  server {
      listen       80;
      **listen  [::]:80;**
      server_name  localhost;
  
      #access_log  /var/log/nginx/host.access.log  main;
  
      location / {
          root   /usr/share/nginx/html;
          index  index.html index.htm;
      }
  
      #error_page  404              /404.html;
  
      # redirect server error pages to the static page /50x.html
      #
      error_page   500 502 503 504  /50x.html;
      location = /50x.html {
          root   /usr/share/nginx/html;
      }
  
      # proxy the PHP scripts to Apache listening on 127.0.0.1:80
      #
      #location ~ \.php$ {
      #    proxy_pass   http://127.0.0.1;
      #}
  
      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
      #
      #location ~ \.php$ {
      #    root           html;
      #    fastcgi_pass   127.0.0.1:9000;
      #    fastcgi_index  index.php;
      #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
      #    include        fastcgi_params;
      #}
  
      # deny access to .htaccess files, if Apache's document root
      # concurs with nginx's one
      #
      #location ~ /\.ht {
      #    deny  all;
      #}
  }
  
  [opc@ih-webserver-01 conf.d]$
  

• Use the following command to restart the NGINX webserver.

  [opc@ih-webserver-01 ~]$ sudo systemctl restart nginx
  

• Use the following command to verify the listeners again. Notice that NGINX is also listed on IPv6 next to IPv4 now.

  [opc@ih-webserver-01 conf.d]$ sudo lsof -i -P -n | grep LISTEN
  systemd       1               root   46u  IPv4  19039      0t0  TCP *:111 (LISTEN)
  systemd       1               root   48u  IPv6  19041      0t0  TCP *:111 (LISTEN)
  rpcbind    1421                rpc    4u  IPv4  19039      0t0  TCP *:111 (LISTEN)
  rpcbind    1421                rpc    6u  IPv6  19041      0t0  TCP *:111 (LISTEN)
  osms-agen  2429               root    7u  IPv6  41713      0t0  TCP 127.0.0.1:32768 (LISTEN)
  osms-agen  2429               root   10u  IPv4  41722      0t0  TCP 127.0.0.1:9003 (LISTEN)
  pmcd       2469                pcp    0u  IPv4  35603      0t0  TCP 127.0.0.1:44321 (LISTEN)
  pmcd       2469                pcp    3u  IPv6  35604      0t0  TCP [::1]:44321 (LISTEN)
  pmlogger   3188                pcp    7u  IPv4  42005      0t0  TCP 127.0.0.1:4330 (LISTEN)
  pmlogger   3188                pcp    8u  IPv6  42006      0t0  TCP [::1]:4330 (LISTEN)
  sshd       6745               root    3u  IPv4  54797      0t0  TCP *:22 (LISTEN)
  sshd       6745               root    4u  IPv6  54799      0t0  TCP *:22 (LISTEN)
  nginx     54944               root    6u  IPv4 219674      0t0  TCP *:80 (LISTEN)
  nginx     54944               root    7u  IPv6 219675      0t0  TCP *:80 (LISTEN)
  nginx     54945              nginx    6u  IPv4 219674      0t0  TCP *:80 (LISTEN)
  nginx     54945              nginx    7u  IPv6 219675      0t0  TCP *:80 (LISTEN)
  nginx     54946              nginx    6u  IPv4 219674      0t0  TCP *:80 (LISTEN)
  nginx     54946              nginx    7u  IPv6 219675      0t0  TCP *:80 (LISTEN)
  [opc@ih-webserver-01 conf.d]$
  

  We will do the same test from the internet using the same IPv6 Online Port Scanner website and now the port is OPEN for IPv6.

  

  Another quick check, we do a curl to the local webserver to see if we can see the default NGINX webserver is reachable using IPv6.

  [opc@ih-webserver-01 conf.d]$ curl -6 "http://[::1]:80"
  <!DOCTYPE html>
  <html>
  <head>
  <title>Welcome to nginx!</title>
  <style>
  html { color-scheme: light dark; }
  body { width: 35em; margin: 0 auto;
  font-family: Tahoma, Verdana, Arial, sans-serif; }
  </style>
  </head>
  <body>
  <h1>Welcome to nginx!</h1>
  <p>If you see this page, the nginx web server is successfully installed and
  working. Further configuration is required.</p>
  
  <p>For online documentation and support please refer to
  <a href="http://nginx.org/">nginx.org</a>.<br/>
  Commercial support is available at
  <a href="http://nginx.com/">nginx.com</a>.</p>
  
  <p><em>Thank you for using nginx.</em></p>
  </body>
  </html>
  [opc@ih-webserver-01 conf.d]$
  

• The final test is to test if the website or webserver is reachable using a remote browser using IPv6. The URL used is http://[2603:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]

  

  Note: When we use an IPv6 address in the browser, we need to place it between square brackets.

Task 7: Configure DNS records

Note: The domains that we have used in this tutorial were created and configured for testing purposes only.

Now, the website or webserver is reachable from the internet. We are going one step further by configuring an FQDN that can be remembered more easily than an IPv4 address or an IPv6 address. For this tutorial, we use the following subdomain as an example: oci.iwanhoogendoorn.nl for the new webserver.

• We will log in to the registrar’s domain administration panel for the domain iwanhoogendoorn.nl.

  1. Notice that we have selected the correct domain to configure.
  2. Select DNS Management.

  

• All the DNS records for the domain iwanhoogendoorn.nl are listed as shown in the following image.

  

  1. Add the oci subdomain to the domain for IPv4 and select the public IPv4 address of the instance.
  2. Click Add.
  3. Now let’s add the oci subdomain to the domain for IPv6 and select the IPv6 address of the instance.
  4. Click Add.

  

  1. In the DNS overview page, review the oci.iwanhoogendoorn.nl DNS record for IPv4.
  2. In the DNS overview page, review the oci.iwanhoogendoorn.nl DNS record for IPv6.

  

• Use nslookup command to test the oci.iwanhoogendoorn.nl is resolved to the correct IPv4 address.

  iwanhoogendoorn@Iwans-MacBook-Pro ~ % nslookup oci.iwanhoogendoorn.nl
  

  

• Use nslookup command to test the oci.iwanhoogendoorn.nl is resolved to the correct IPv6 address.

  iwanhoogendoorn@Iwans-MacBook-Pro ~ % nslookup -q=AAAA oci.iwanhoogendoorn.nl
  

  

Task 8: Create a Custom Website with NGINX and PHP

We will create a custom PHP website or script that provides a bit more information about the network and IP addresses with NGINX.

• Install PHP FastCGI Process Manager (PHP-FPM). PHP-FPM is an alternative FastCGI daemon for PHP that allows a website to handle high loads.

  sudo dnf install php-fpm
  

• Check the installed PHP version.

  [opc@ih-webserver-01 /]$ php -v
  PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS )
  Copyright (c) 1997-2018 The PHP Group
  Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
  [opc@ih-webserver-01 /]$
  

• To get NGINX to work with PHP and the other way around some configuration needs to be done. One configuration file on the PHP side and the NGNIX side.

  Depending on your Linux distribution, NGINX and PHP-FPM versions, the configuration file names and path names may be different and this makes the integration part of NGINX and PHP much harder.

  Important files and directories for PHP-FPM and NGINX.

  Description	Oracle Linux 8	Other installations/distributions
  NGINX web root path	/usr/share/nginx/html	/usr/share/nginx/www
  PHP FPM configuration file	/etc/php-fpm.d/www.conf	php-fpm.conf
  NGINX configuration file	/etc/nginx/conf.d/default.conf	nginx.conf
  PHP FPM socket file	/run/php-fpm/www.sock	php-fpm.sock, phpx.x-fpm.sock (x.x = version)
  FastCGI settings file	/etc/nginx/fastcgi_params	fastcgi.conf
  PHP configuration file	/etc/php.ini

To integrate NGINX with PHP, follow the steps:

1. Edit the PHP-FPM configuration file to integrate NGINX.

   Edit /etc/php-fpm.d/www.conf file.

   sudo nano /etc/php-fpm.d/www.conf
   

   • Contents of the /etc/php-fpm.d/www.conf file before changes.

     ; Unix user/group of processes
     ; Note: The user is mandatory. If the group is not set, the default user's group
     ;	will be used.
     ; RPM: apache user chosen to provide access to the same directories as httpd
     **user =** apache
     ; RPM: Keep a group allowed to write in log dir.
     **group =** apache
     

   • Contents of the /etc/php-fpm.d/www.conf file after changes.

     ; Unix user/group of processes
     ; Note: The user is mandatory. If the group is not set, the default user's group
     ;	will be used.
     ; RPM: apache user chosen to provide access to the same directories as httpd
     **user = nginx**
     ; RPM: Keep a group allowed to write in log dir.
     **group = nginx**
     

2. Edit the NGINX configuration file to integrate PHP-FPM.

   • Edit the /etc/nginx/conf.d/default.conf file.

     [opc@ih-webserver-01 html]$ sudo nano /etc/nginx/conf.d/default.conf
     

   • Add the following configuration.

     location / {
     **# where is the NGINX root www folder?**
         root   /usr/share/nginx/html;
     # what are the default index files to look for in the directory?
         index **index.php** index.html index.htm;
     }
     
     # tell NGINX what to do when it sees PHP-FPM giving a 404 HTTP status in the response
     **location = /404.php {
     # where is the NGINX root www folder?
       root   /usr/share/nginx/html;
     # not return error responses with relevant status codes
       fastcgi_intercept_errors off;
     # where is PHP-FPM listening? the socket
       fastcgi_pass unix:/var/run/php-fpm/www.sock;
     # everytime we're in this location, tell PHP-FPM the complete script filename to be executed
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     # and don't forget to tell PHP-FPM stuff like SERVER_NAME:
       include fastcgi_params;
     }**
     
     # tell NGINX what to do when it sees PHP-FPM a .php file
     **location ~ \.php$ {
     # where is the NGINX root www folder?
       root   /usr/share/nginx/html;
     # define custom error pages
       error_page 404 /404.php;
     # return error responses with relevant status codes
       fastcgi_intercept_errors on;
     # where is PHP-FPM listening? the socket
       fastcgi_pass unix:/var/run/php-fpm/www.sock;
     # everytime we're in this location, tell PHP-FPM the complete script filename to be executed
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     # and don't forget to tell PHP-FPM stuff like SERVER_NAME:
       include fastcgi_params;
     }**
     

3. Edit the php.ini configuration file.

   • Edit /etc/php.ini file.

     [opc@ih-webserver-01 /]$ sudo nano /etc/php.ini
     

   • Make sure the following line is present, changed or uncommented.

     cgi.fix_pathinfo = 0;
     

4. Restart the PHP-FPM and NGINX services.

   • Restart the PHP-FPM service.

     sudo systemctl start php-fpm
     

   • Restart the NGINX service.

     sudo systemctl restart nginx
     

5. Create a custom page for proper webpage to handle and test.

   • Create a custom 404.php page. This is required to properly handle the redirection to a custom 404 page if the page does not exist, and trying to be accessed.

     [opc@ih-webserver-01 html]$ sudo nano 404.php
     

     Code for the custom 404.php page.

     <?php
       header("HTTP/1.0 404 Not Found");
     ?>
     <html>
       <head>
         <title>404 Error - Page Not Found</title>
       </head>
       <body>404 Error - Page Not Found!</body>
     </html>
     

   • Create a custom info.php page.

     [opc@ih-webserver-01 html]$ sudo nano info.php
     

     Code for info.php page.

     <?php
     
     phpinfo();
     

   • Test the info.php website which provides the proof that PHP is working with NGNIX.

     

     When the website is installed and configured correctly the following webpage is displayed. This page will provide information about your local and remote IPv4 or IPv6 addresses depending on which IP version you use to connect. This page will also tell about the protocol you are using, HTTP or HTTPS.

     

Task 9: Test the Webserver from the Internet

Note: The domains that we have used in this tutorial were created and configured for testing purposes only.

Even though we have already tested the reachability of the website or webserver using multiple methods. We like to use the following website to perform the final test that will test the reachability and the DNS record configuration in one go. Is your site IPv6 ready?

1. Use the FQDN oci.iwanhoogendoorn.nl to test with.
2. Verify the IPv4 DNS records are configured correctly.
3. Verify the IPv6 DNS records are configured correctly.
4. Verify the website is reachable on IPv4.
5. Verify the website is reachable on IPv6.

Acknowledgments

• Author - Iwan Hoogendoorn (OCI Network Specialist)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Use Oracle Cloud Infrastructure to Publish a Webserver Accessible from the Internet with IPv6

F93495-01

February 2024

Copyright © 2024, Oracle and/or its affiliates.