Note:

Use Oracle Cloud Infrastructure to Publish a Webserver Accessible from the Internet with IPv6

Introduction

In this tutorial, we are going to explain how we can create a webserver (OCI instance) within Oracle Cloud Infrastructure (OCI) and we will make this webserver accessible from the internet. We are not only going to make this webserver accessible from a public IPv4 address, but will also make it accessible from the public IPv6 address with the DNS records (FQDN) fully configured.

image

Note: The domains that we have used in this tutorial were created and configured for testing purposes only.

image

Objectives

Task 1: Create a New VCN with IPv6 Enabled

We have now created a new VCN with new IPv4 and IPv6 network spaces that we can use to carve IPv4 and IPv6 subnets.

Task 2: Create a New Subnet with IPv6 Enabled

Now the subnet is ready to use for IPv4 and IPv6 addresses.

Task 3: Create a New Instance with IPv6 Enabled

image

The next logical task will be to access the instance using SSH so we can start installing and configuring the webserver. When we try to connect to the webserver using public IPv4 address and the private key, we are not able to connect because the VCN created in Task 1 has no internet gateway and now we need to create that internet gateway first in the VCN and also configure routing.

image

Task 4: Create a New Internet Gateway and Configure Routing

To enable access to a new instance (webserver) from the internet, initially using SSH and eventually transitioning to HTTP, we must establish an internet gateway.

Task 5: Open HTTP and HTTPS on the Default Security List

When a new VCN is created a default security list is applied to the subnets inside that VCN. By default, ICMP and SSH are permitted inbound (ingress). We need to add HTTP and HTTPS to that list to allow incoming traffic for the webserver.

The security rules are in place and IPv4 and IPv6 traffic is allowed on the VCN subnets, we will install the webserver application on the instance.

Task 6: Install a Webserver on Instance

Before we install the webserver application, quickly validate if the firewall ports are configured correctly. use the following website IPV6 Online Port Scanner. This website has an IPv6 port scanner, but you can also enter IPv4 addresses.

Task 7: Configure DNS records

Note: The domains that we have used in this tutorial were created and configured for testing purposes only.

Now, the website or webserver is reachable from the internet. We are going one step further by configuring an FQDN that can be remembered more easily than an IPv4 address or an IPv6 address. For this tutorial, we use the following subdomain as an example: oci.iwanhoogendoorn.nl for the new webserver.

Task 8: Create a Custom Website with NGINX and PHP

We will create a custom PHP website or script that provides a bit more information about the network and IP addresses with NGINX.

To integrate NGINX with PHP, follow the steps:

  1. Edit the PHP-FPM configuration file to integrate NGINX.

    Edit /etc/php-fpm.d/www.conf file.

    sudo nano /etc/php-fpm.d/www.conf
    
    • Contents of the /etc/php-fpm.d/www.conf file before changes.

      ; Unix user/group of processes
      ; Note: The user is mandatory. If the group is not set, the default user's group
      ;	will be used.
      ; RPM: apache user chosen to provide access to the same directories as httpd
      **user =** apache
      ; RPM: Keep a group allowed to write in log dir.
      **group =** apache
      
    • Contents of the /etc/php-fpm.d/www.conf file after changes.

      ; Unix user/group of processes
      ; Note: The user is mandatory. If the group is not set, the default user's group
      ;	will be used.
      ; RPM: apache user chosen to provide access to the same directories as httpd
      **user = nginx**
      ; RPM: Keep a group allowed to write in log dir.
      **group = nginx**
      
  2. Edit the NGINX configuration file to integrate PHP-FPM.

    • Edit the /etc/nginx/conf.d/default.conf file.

      [opc@ih-webserver-01 html]$ sudo nano /etc/nginx/conf.d/default.conf
      
    • Add the following configuration.

      location / {
      **# where is the NGINX root www folder?**
          root   /usr/share/nginx/html;
      # what are the default index files to look for in the directory?
          index **index.php** index.html index.htm;
      }
      
      # tell NGINX what to do when it sees PHP-FPM giving a 404 HTTP status in the response
      **location = /404.php {
      # where is the NGINX root www folder?
        root   /usr/share/nginx/html;
      # not return error responses with relevant status codes
        fastcgi_intercept_errors off;
      # where is PHP-FPM listening? the socket
        fastcgi_pass unix:/var/run/php-fpm/www.sock;
      # everytime we're in this location, tell PHP-FPM the complete script filename to be executed
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      # and don't forget to tell PHP-FPM stuff like SERVER_NAME:
        include fastcgi_params;
      }**
      
      # tell NGINX what to do when it sees PHP-FPM a .php file
      **location ~ \.php$ {
      # where is the NGINX root www folder?
        root   /usr/share/nginx/html;
      # define custom error pages
        error_page 404 /404.php;
      # return error responses with relevant status codes
        fastcgi_intercept_errors on;
      # where is PHP-FPM listening? the socket
        fastcgi_pass unix:/var/run/php-fpm/www.sock;
      # everytime we're in this location, tell PHP-FPM the complete script filename to be executed
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      # and don't forget to tell PHP-FPM stuff like SERVER_NAME:
        include fastcgi_params;
      }**
      
  3. Edit the php.ini configuration file.

    • Edit /etc/php.ini file.

      [opc@ih-webserver-01 /]$ sudo nano /etc/php.ini
      
    • Make sure the following line is present, changed or uncommented.

      cgi.fix_pathinfo = 0;
      
  4. Restart the PHP-FPM and NGINX services.

    • Restart the PHP-FPM service.

      sudo systemctl start php-fpm
      
    • Restart the NGINX service.

      sudo systemctl restart nginx
      
  5. Create a custom page for proper webpage to handle and test.

    • Create a custom 404.php page. This is required to properly handle the redirection to a custom 404 page if the page does not exist, and trying to be accessed.

      [opc@ih-webserver-01 html]$ sudo nano 404.php
      

      Code for the custom 404.php page.

      <?php
        header("HTTP/1.0 404 Not Found");
      ?>
      <html>
        <head>
          <title>404 Error - Page Not Found</title>
        </head>
        <body>404 Error - Page Not Found!</body>
      </html>
      
    • Create a custom info.php page.

      [opc@ih-webserver-01 html]$ sudo nano info.php
      

      Code for info.php page.

      <?php
      
      phpinfo();
      
    • Test the info.php website which provides the proof that PHP is working with NGNIX.

      image

      When the website is installed and configured correctly the following webpage is displayed. This page will provide information about your local and remote IPv4 or IPv6 addresses depending on which IP version you use to connect. This page will also tell about the protocol you are using, HTTP or HTTPS.

      image

Task 9: Test the Webserver from the Internet

Note: The domains that we have used in this tutorial were created and configured for testing purposes only.

Even though we have already tested the reachability of the website or webserver using multiple methods. We like to use the following website to perform the final test that will test the reachability and the DNS record configuration in one go. Is your site IPv6 ready?

  1. Use the FQDN oci.iwanhoogendoorn.nl to test with.
  2. Verify the IPv4 DNS records are configured correctly.
  3. Verify the IPv6 DNS records are configured correctly.
  4. Verify the website is reachable on IPv4.
  5. Verify the website is reachable on IPv6.

image

Acknowledgments

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.