Hi, I run control-panel software that is currently not supporting IPv6 (yet).
The host itself is a debian 11, and it does allow IPv6 traffic, it offers web and mail services.
Currently all kinds of mess-ups arise when I try and use LetsEncrypt for mail and web on this machine, because when it listens to the IPv6 address, the control panel does not work on some certs, because it expects an IPv4 address cert, while LetsEncrypt hands them out randomly for IPv6 addresses.
Also, I would rather just allow the mail and web services to be available over ip6 as well, not just over ip4.
So, someone told me to use haproxy for that. I’ve worked with haproxy long ago, for load-balancing traffic to high-availability nginx web traffic etc. but this was handled on separate hardware.
Anyway, for my particular use-case, haproxy only needs to be on the same machine/hardware the web and mail services are running on, and it only needs to catch/handle ALL IPv6 requests from outside, and route them to and from the local ip4 services.
I’m assuming I can just proxy TCP for port 25, 80, 110, 143, 443, 465, 587, 993, 995 ?
Is there a way to still have the IPv4 logging see the source IPv6 addresses in logs?
Any issues that may arise when enabling IPv6 for the eth interface, while having the services run only ip4 on the same machine?
(Note that currently I have switched off IPv6 for the entire server, because it messed up the certs… I’m assuming to have to switch IPv6 support off for the mail/web software config to achieve the above, so they don’t listen to IP6 ifaces)