Use Ant Media with IPv6

Recently I wrote that AntMedia does not support IPv6, see also Ant Media Server mit Apache Reverse Proxy.

This problem is now fixed. Many thanks at this point for the quick help from the Ant Media team, who contacted me personally!

The reason for the behavior were two things:

  1. The systemd unit for Ant Media,  /etc/systemd/system/antmedia.service,  contains the option -Djava.net.preferIPv4stack=true for starting the server which means that Ant Media Server will prefer IPv4 even if IPv6 is available.
  2. The configuration /usr/local/antmedia/conf/red5.properties contains the following entry which defines the IP addresses from which it is allowed to connect to the dashboard: server.allowed_dashboard_CIDR=0.0.0.0/0. However this forbids clients using IPv6.

The fix is relatively simple and will probably also be included in one of the next updates from Ant Media:

In the file /etc/systemd/system/antmedia.service remove the option -Djava.net.preferIPv4stack=true.

In the file /usr/local/antmedia/conf/red5.properties add the following entry (or update the existing entry accordingly) to allow connections to the dashboard using IPv4 and IPv6 likewise:

# Default value is open everyone
server.allowed_dashboard_CIDR=::/0,0.0.0.0/0

After that restart the server as following:

systemctl daemon-reload
systemctl restart antmedia

After these changes you can now use the reverse proxy in Apache without the option ProxyAddHeaders off and AntMedia will now see the real IP address of the client and not just 127.0.0.1:

RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:5080/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:5080/$1 [P,L]
ProxyPass / http://localhost:5080/
ProxyPassReverse / http://localhost:5080/

Update 2022-09-11

When using the reverse proxy it seems, the change in the systemd unit is not required. In my case it is enough to add ::/0,0.0.0.0/0 as allowed IP addresses to the server configuration. That makes sense as the proxy is connecting via IPv4 and just passing the IP address as header to the server.

Leave a public comment

Your email address will not be published. This is not a contact form! If you want to send me a personal message, use my e-mail address in the imprint.

You can use the following HTML tags in the comment:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>