IPv6 support

[tambry]

The Hackage website lacks IPv6 support.

Since it uses Fastly, fixing this is a matter of changing the CNAME from j.global-ssl.fastly.net to dualstack.j.shared.global.fastly.net (see Fastly's IPv6 documentation). This would additionally enable HTTP/2 (for HTTPS).

A similar change was made to Haskell Wiki a while ago.

[hvr]

IIRC we tried to enable this but ran into issues w/ the CDN... maybe it's worth sorting this out once and for all...

cc @gbaz

[tambry]

FYI, Hackage works fine over IPv6 for me, when I force hackage.haskell.org in my hosts file to the IPv6 address I get from dualstack.j.shared.global.fastly.net.

[gbaz]

The problem with hackage and was specific to newer versions of curl for upload (which claim support for http2 but have issues) in conjunction with HTTP/2. In particular users ran into this bug: https://github.com/curl/curl/issues/1618

So ipv6 is fine, but we'd want to not enable HTTP/2.

(which i guess is dualstack.j.ssl.global.fastly.net instead of .shared.global)

[tambry]

dualstack.j.ssl.global.fastly.net would indeed work, if you want IPv6, but not HTTP/2.

[dpwiz]

The curl issue and its follow-ups appear to be closed by now. Maybe it's time to try again?

[phadej]

The fix seem to be in curl-7.60.0, my machine has

curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3

I really don't want update system wide libcurl, or my base system. Can we force cabal to use curl with --http1.1 (if curl is old?). I guess we can, but someone have to write a patch.

[tambry]

@phadej Why not use dualstack.j.ssl.global.fastly.net (supports IPv6, but not HTTP/2) instead until newer curl versions propagate?

[gbaz]

We definitely need to wait a ridiculous amount of time for the curl fix to propagate. However, its not clear to me what advantage we get from serving ipv6 any time soon anyway?

[tambry]

@gbaz Many IPv6-capable networks are really IPv6-only with a translation service like NAT64 for stuff that doesn't support IPv6 yet. Enabling native IPv6 would decrease latency and reduce the likelihood of connection failures caused by NAT64. And in many cases routing for IPv6 is better than for IPv4, also reducing latency.
Of course, enabling IPv6 would also allow access from completely IPv6-only connections. This would for example allow one to use Hackage on a cheap VPS, which has only IPv6 connectivity.

And all this by just changing the CNAME record.

[hvr]

@tambry if this is for the sake of cabal clients, would a DNS entry hackage-ipv6.haskell.org which points to a IPv6 enabled target help?

[tambry]

@hvr I presume that would work, but I don't understand why not apply the DNS change to hackage.haskell.org for the IPv6 non-HTTP/2 endpoint (dualstack.j.ssl.global.fastly.net)?

[welterde]

Is there any progress on this issue in the past year? Wouldn't using the mentioned alternative fastly endpoint avoid the curl issue?

It would be quite helpful to be able to access hackage from ipv6-only networks without having to resort to NAT64..

[dpwiz]

Any news?

IPv4s aren't getting any cheaper and I would like to have Hackage accessible from v6-only hosts.

[drlkf]

Gentle reminder as it's been a while since last message. Also, if help is needed I can contribute, just let me know what I need to investigate.