Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Listen issue #86

Closed
thiagotalma opened this issue Nov 19, 2015 · 3 comments
Closed

Listen issue #86

thiagotalma opened this issue Nov 19, 2015 · 3 comments

Comments

@thiagotalma
Copy link
Contributor

Though it works the solution to use only one line in listen it is not the best solution.

It would be nice if the listen was set by default as follows:

server {
    listen 80;
    listen [::]:80 ipv6only=on;
}

Reference: https://chrisjean.com/fix-nginx-emerg-bind-to-80-failed-98-address-already-in-use/

A problem with using only one line is that the clients IPs are always converted to IPv6 (::ffff:192.168.0.2) and the systems that control access by IPv4 end up malfunctioning.
@drybjed
Copy link
Member

drybjed commented Nov 19, 2015

First of all, I have an idea how to support both styles of configuration in the role and I'll try to implement it shortly to finish this issue once and for all.

But. I decided to design DebOps with both IPv4 and IPv6 enabled and present in mind. In 2015 there's no reason not to support IPv6 stack. If an application has a problem with interpreting IPv4-mapped IPv6 addresses, it needs to be fixed. For example, with Python there are modules which can be used to manipulate the IP addresses.

@thiagotalma
Copy link
Contributor Author

The way I suggested both technologies work seamlessly.

The difference is that is honored the legacy of IPv4.

IPv6 is treated as IPv6
IPv4 is treated as IPv4

What is "wrong" is to force the IPv4 be treated as IPv6.

drybjed added a commit to drybjed/ansible-nginx that referenced this issue Nov 19, 2015
@drybjed
Add an option to disable ipv6only=off management
19b6813 
Fixes debops#86
@drybjed drybjed mentioned this issue Nov 19, 2015
Merged
@drybjed
Copy link
Member

drybjed commented Nov 19, 2015

I suppose that the real issue here is that nginx supports operation both as independent ports, as well as in "dual-stack" mode. Both styles of operation are valid, however they are mutually exclusive. I prefer the dual stack, so the debops.nginx role had support for it from the start. Now it will be possible to disable that, so I hope this will solve the issue.

As for which mode is enabled by default... I guess it's just personal taste. To set the separate ports instead of dual-stack, all you need to do now is set in group_vars/all/nginx.yml something like:

nginx_manage_ipv6only: False
nginx_listen_port: [ '80', '[::]:80' ]
nginx_listen_ssl_port: [ '443', '[::]:443' ]

This will make sure that all nginx servers will use separate listen ports for IPv4 and IPv6.

@pniederlag pniederlag mentioned this issue May 23, 2016
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thiagotalma @drybjed