IPv6 support

[tambry]

The qBittorrent website is inaccessible over IPv6 (albeit boasting that qBittorrent itself is IPv6 compliant).

[Balls0fSteel]

Uhm it was available all until the recent maintenance, I guess something went haywire during the maintenance. Will take a look.

(Biggest problem is that the simplest IPV6 to IPV4 website went down, and the country has no mobile IPv6 whatsoever. So testing is a bit hard.)

[tambry]

You could test IPv6 accessibility with this. I re-checked and there actually is an AAAA record with an IPv6 address, but connecting to it simply times out. Maybe a firewall issue?

Might also be worth noting, that the website's DNS servers are inaccessible over IPv6, along with the mail server.

[Balls0fSteel]

Thank you for the site, I have arranged a temporary VM to debug this. The config is identical, ports are running, all seems fine. I will fix it in no time actually, just did not have much since the maintenance, sorry about that.

(It will be fixed by tomorrow.)

[Balls0fSteel]

Fixed it. Sorry for the trouble.

[tambry]

The main site is now indeed fixed, thank you!

Some of the navigation buttons on the top bar point to subdomains, which unfortunately don't have IPv6 addresses, so those won't work on IPv6-only.
The problematic subdomains are:

• bugs.qbittorrent.org
• git.qbittorrent.org
• wiki.qbittorrent.org
• forum.qbittorrent.org

I'd recommend that you also take a look at the DNS and mail servers, which too are missing IPv6 (you can check them with this website).

[Chocobo1]

The main site is now indeed fixed, thank you!

Then I'll close this issue then.

The problematic subdomains are:

AFAIK those subdomains are forwarded by registrar servers and obviously they don't support IPv6 & https... I was thinking that maybe we can change to manage them directly (on our server) since Let's Encrypt enabled wildcard certs (recently), this could be a long term goal.

[Balls0fSteel]

@tambry :

bugs: That's qBittorrent git: Same thing IIRC Wiki: Yepp Forum: It's a tough choice. I have moved it under an even-more-secure hosting, because SMF has been lagging kinda behind. So instead of waiting for the devs to fortify their software, the hosting now provides hardware firewall, paid protection software and all that sort of thing. I mean, trust me, I always did 110% to secure everyone, but there is only so much you can do on a vanilla Linux (without paying a fortune). So, this way it's under a host that is GPDR compliant, pays for extra security, etc. It's the perfect mix.

(Except we lose IPv6, but I think that's a good trade-off.)

[tambry]

@Balls0fSteel The forum itself does support IPv6, just the redirect doesn't.

It seems to me that fixing this would be a matter of pointing those subdomains to the current qbittorrent.org server and adding something like this for each of them in the Apache config:

<VirtualHost *:443>
    ServerName forum.qbittorrent.org
    RedirectPermanent / https://qbforums.shiki.hu
</VirtualHost>

[Balls0fSteel]

Hehe, if you hack the provider and give us root to their servers, we will change it right away! 😀

But seriously, ipv6 adoption is worse than 10 years ago. If companies will ever start the switch, we will adapt immediately.

(The provider only gives ipv6 to dedibox and vps. But as I said that's fine for the time being. Top security > ipv6.)

[tambry]

Sorry, seems I misunderstood. I thought you had root access to the server on which qbittorrent.org is hosted.

[Balls0fSteel]

Well, anyone can check the hosts where our sites are hosted, so I guess it's no secret.

• The qBittorrent.org + Builds are hosted on OUR server because it gives us more speed, capacity, and bandwidth (a heck lot more.)
• The Forums are hosted elsewhere, in a very secure hosting, to add additional security layers to the basic stack.

So again, I only moved off Forums to keep everyone safe, even if that meant losing ipv6.

[tambry]

In that case I think it's still fixable and we're simply misunderstanding each other.

The forums are accessible over IPv6:

[root@li1651-62 ~]# ping6 qbforums.shiki.hu
PING qbforums.shiki.hu(2400:cb00:2048:1::681c:63a (2400:cb00:2048:1::681c:63a)) 56 data bytes
64 bytes from 2400:cb00:2048:1::681c:63a (2400:cb00:2048:1::681c:63a): icmp_seq=1 ttl=61 time=0.616 ms
64 bytes from 2400:cb00:2048:1::681c:63a (2400:cb00:2048:1::681c:63a): icmp_seq=2 ttl=61 time=0.685 ms
64 bytes from 2400:cb00:2048:1::681c:63a (2400:cb00:2048:1::681c:63a): icmp_seq=3 ttl=61 time=0.697 ms
64 bytes from 2400:cb00:2048:1::681c:63a (2400:cb00:2048:1::681c:63a): icmp_seq=4 ttl=61 time=0.870 ms
64 bytes from 2400:cb00:2048:1::681c:63a (2400:cb00:2048:1::681c:63a): icmp_seq=5 ttl=61 time=0.704 ms

The "Forum" button on www.qbittorrent.org links to forum.qbittorrent.org, which is a simple redirect:

[root@li1651-62 ~]# curl forum.qbittorrent.org -v
* Rebuilt URL to: forum.qbittorrent.org/
*   Trying 162.255.119.253...
* TCP_NODELAY set
* Connected to forum.qbittorrent.org (162.255.119.253) port 80 (#0)
> GET / HTTP/1.1
> Host: forum.qbittorrent.org
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Tue, 24 Apr 2018 09:08:43 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 60
< Connection: keep-alive
< Location: https://qbforums.shiki.hu
< X-Served-By: Namecheap URL Forward
<
<a href='https://qbforums.shiki.hu'>Moved Permanently</a>.

But the redirect doesn't work over IPv6:

[root@li1651-62 ~]# curl forum.qbittorrent.org -6
curl: (6) Could not resolve host: forum.qbittorrent.org

But you control the qbittorrent.org domain.

Suggested fix:

1. Point the forum.qbittorrent.org subdomain to the current qBittorrent dedicated server
2. Redirect requests to the subdomain to the actual forum URL (can be done using a virtual host in Apache config)

This would also allow adding HTTPS and HTTP/2 to the redirect subdomain.

[Balls0fSteel]

Ah, that IPv6 is only provided by Cloudflare, the forum itself lacks ipv6. (The other sites have native ipv6 support.)