Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nginx not responding to IPv4 when Listen directive updated to support IPv6 #36

Closed
jeffwidman opened this issue Jan 21, 2015 · 8 comments
Labels

Comments

@jeffwidman
Copy link

I just tried editing my server block from listen 80; to listen [::]:80; and after saving and then restarting nginx, I went from a working Xenforo site to a Nginx 404 page.

I just upgraded to Nginx 1.7.9 (I'm using the beta08). The server block is the default centminmod nginx vhost one:

    server {
    listen                  80;
    listen                  443 ssl;

    server_name             demodomain.com;

    # ngx_pagespeed & ngx_pagespeed handler

I reverted back to the old ip4 listen block, restarted nginx, and everything works properly.

My ISP (comcast) doesn't offer IP6 for my internet connection right now, so I can't check to see if the domain is responding correctly on IP6.

@jeffwidman jeffwidman changed the title Nginx not responding to IPv6 Nginx not responding to IPv4 when Listen block updated to support IPv6 Jan 21, 2015
@jeffwidman jeffwidman changed the title Nginx not responding to IPv4 when Listen block updated to support IPv6 Nginx not responding to IPv4 when Listen directive updated to support IPv6 Jan 21, 2015
@centminmod
Copy link
Owner

did you compile or recompile Nginx with IPv6 support - from http://centminmod.com/nginx.html

Nginx is source compiled. Prior to Nginx install, if you want Nginx to have IPv6 support configured (will add --with-ipv6), edit centmin.sh and set variable at top of file to yes, NGINX_IPV='y' before running menu option #1. If you don't use ipv6 (ask web host if unsure), then no need to edit NGINX_IPV variable.

for existing installs same edit NGINX_IPV='y' and run centmin.sh option 4 to recompile Nginx

use http://ip6.nl/ to check if your site is IPv6 ready i.e. for sslspdy.com test site of mine http://ip6.nl/#!sslspdy.com

of course ensure your have domain DNS AAAA record set too

@jeffwidman
Copy link
Author

Yes nginx -V shows --with-ipv6

I'm waiting to setup the DNS record until I know that Nginx is correctly configured to listen for inbound IPv6 DNS requests. I was planning to just test the server by using the IPv6 IP address, not the domain name, but even before I got that far I noticed that just adding this listen block is taking the site down... even though it shouldn't be affecting the IPv4 traffic at all...

@centminmod
Copy link
Owner

my ipv6 usage and experience is limited. This is what i have for sslspdy.com for SSL config

server {
listen 80;
listen [2604:180:1::fd2c:e402]:80 default_server ipv6only=on;
  server_name sslspdy.com www.sslspdy.com;
   return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl spdy;
  listen [2604:180:1::fd2c:e402]:443 default_server ssl spdy ipv6only=on;
  server_name sslspdy.com www.sslspdy.com;

@jeffwidman
Copy link
Author

Actually, it looks like this is the culprit: http://trac.nginx.org/nginx/ticket/345

Nginx now has a default of ipv6only=on, so listen [::]:80; is functionally the same as listen [::]:80; ipv6only=on

To enable listening on both ipv4 and ipv6, need to explicitly tell the listen block to also listen on ipv4 with listen [::]:80; ipv6only=off

More info: http://serverfault.com/questions/638367/do-you-need-separate-ipv4-and-ipv6-listen-directives-in-nginx

@jeffwidman
Copy link
Author

Hmm... just tested this, and service nginx restart fails whenever ipv6only=offis set. Regardless of anything else. Definitely a bug somewhere--not sure if the culprit is nginx or how centminmod manages nginx.

This works fine, although shouldn't be necessary to do it this way according to the two links I posted above:

server {
    listen                  80;
    listen                  [::]:80;

@kiksilog
Copy link

This is what I use in mine

server {
  listen [::]:80;
  listen   80;
  server_name xx.com www.xx.com;

to work for both ipv4 and ipv6

@centminmod
Copy link
Owner

@kiksilog thanks for chiming in :) pretty much what I use too from my sslspdy.com example above except i am tying to a specific individual ipv6 address :)

@jeffwidman
Copy link
Author

BTW, I was working on something else and found the issue. Nginx has a quirk where "ipv6only" variable can only be manually specified once per port across ALL domains. So most likely it's manually specified in another file thus can't be specified in my vhosts. More details here: https://codinginthetrenches.com/2013/12/14/nginx-ipv6only-setting-gotcha/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants