NGINX ipv6

Hello,

I'm trying to enable ipv6 on nginx but when i change my listen directive and reboot the linode I can no longer access my website.

Here is my conf file

server {

    listen [::]:80;
    server_name www.shadowytree.com shadowytree.com;
    #access_log /srv/www/shadowytree.com/logs/access.log;
    error_log /srv/www/shadowytree.com/logs/error.log;

    #index index.html index.htm;

    location / {
        root /srv/www/shadowytree.com/public_html;
        index index.html index.htm index.php;
    }   

    location /nginx_status {
        stub_status on;
        access_log off;
        #uncomment and add an ip address if you want to block access to status page
        #allow SOME.IP.ADD.RESS; 
        #deny all; 
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/shadowytree.com/public_html$fastcgi_script_name;
    }

}

server {

    listen [::]:443 ssl;
    ssl_certificate /srv/ssl/shadowytree.com.crt;
    ssl_certificate_key /srv/ssl/shadowytree.com.key;

    server_name www.shadowytree.com shadowytree.com;
    #access_log /srv/www/shadowytree.com/logs/access.log;
    error_log /srv/www/shadowytree.com/logs/error.log;

    keepalive_timeout 70;

    location / {
        root /srv/www/shadowytree.com/public_html;
        index index.html index.htm index.php;
    }   

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/shadowytree.com/public_html$fastcgi_script_name;
    }

}

If I removed the [::] parts everything works again. nginx is configured with ipv6 when I check it with nginx -V.

What am I missing?

12 Replies

You run it on IPv6 only. Are you sure you are capable of running IPv6? What about making it so it both accept IPv4 and IPv6?

Do you have an IPv6 address brought up on your Linode? Looking at the DNS for shadowytree.com, there are no AAAA records, so you probably forgot to bring up an IPv6 address. (Now, in theory, this shouldn't be an issue, but who knows?) Also, re-add the [::] bits to your config, start nginx, and paste the output of 'netstat -tnap'

@lakridserne:

You run it on IPv6 only. Are you sure you are capable of running IPv6? What about making it so it both accept IPv4 and IPv6?
That's not an issue; the Linux kernel by default binds sockets in such a way that IPv6 sockets listening on the any address ([::]) will also receive IPv4 traffic, with the source set to an IPv4-mapped IPv6 address.

This is what I get from tnap

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1811/php5-cgi

tcp 0 0 0.0.0.0:58313 0.0.0.0:* LISTEN 1527/rpc.statd

tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2158/mysqld

tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1515/portmap

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1819/sshd

tcp 0 52 72.14.186.145:22 99.232.114.108:55272 ESTABLISHED 2344/0

tcp6 0 0 :::22 :::* LISTEN 1819/sshd

I have a ipv6 address set in dns manager and it is 2600:3c00::f03c:91ff:fedf:81a6

I created a recored with my domain name there too.

Seems nginx didn't start; you should look at /srv/www/shadowytree.com/logs/error.log and /var/log/nginx/error_log to see what went wrong (and paste them so we all can see)

var/log/nginx/error_log

2012/01/31 13:11:58 [emerg] 2278#0: bind() to 0.0.0.0:80 failed (98: Address already in use)

2012/01/31 13:11:58 [emerg] 2278#0: bind() to 0.0.0.0:80 failed (98: Address already in use)

2012/01/31 13:11:58 [emerg] 2278#0: bind() to 0.0.0.0:80 failed (98: Address already in use)

2012/01/31 13:11:58 [emerg] 2278#0: bind() to 0.0.0.0:80 failed (98: Address already in use)

2012/01/31 13:11:58 [emerg] 2278#0: bind() to 0.0.0.0:80 failed (98: Address already in use)

2012/01/31 13:11:58 [emerg] 2278#0: still could not bind()

Nothing in shadowytree.com/logs/error.log

Looks like too many things are trying to start nginx at the same time. Try '/etc/init.d/nginx start' and take a look at your error log

The following conf file seems to work.

server {

    listen   80; ## listen for ipv4; this line is default and implied
    listen   [::]:80 default ipv6only=on; ## listen for ipv6
    server_name www.shadowytree.com shadowytree.com;
    #access_log /srv/www/shadowytree.com/logs/access.log;
    error_log /srv/www/shadowytree.com/logs/error.log;

    #index index.html index.htm;

    location / {
        root /srv/www/shadowytree.com/public_html;
        index index.html index.htm index.php;
    }   

    location /nginx_status {
        stub_status on;
        access_log off;
        #uncomment and add an ip address if you want to block access to status page
        #allow SOME.IP.ADD.RESS; 
        #deny all; 
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/shadowytree.com/public_html$fastcgi_script_name;
    }

}

server {

    listen 443 ssl;
    listen [::]:443 default ipv6only=on;
    ssl_certificate /srv/ssl/shadowytree.com.crt;
    ssl_certificate_key /srv/ssl/shadowytree.com.key;

    server_name www.shadowytree.com shadowytree.com;
    #access_log /srv/www/shadowytree.com/logs/access.log;
    error_log /srv/www/shadowytree.com/logs/error.log;

    keepalive_timeout 70;

    location / {
        root /srv/www/shadowytree.com/public_html;
        index index.html index.htm index.php;
    }   

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/shadowytree.com/public_html$fastcgi_script_name;
    }

}

Will try and see nginx start and see what error message I get.

@dwfreed:

@lakridserne:

You run it on IPv6 only. Are you sure you are capable of running IPv6? What about making it so it both accept IPv4 and IPv6?
That's not an issue; the Linux kernel by default binds sockets in such a way that IPv6 sockets listening on the any address ([::]) will also receive IPv4 traffic, with the source set to an IPv4-mapped IPv6 address.

Oh I wasn't aware of that.

@Finglor:

Hello,

I'm trying to enable ipv6 on nginx but when i change my listen directive and reboot the linode I can no longer access my website.

Here is my conf file

server {

    listen [::]:80;
    server_name www.shadowytree.com shadowytree.com;
    #access_log /srv/www/shadowytree.com/logs/access.log;
    error_log /srv/www/shadowytree.com/logs/error.log;

    #index index.html index.htm;

    location / {
        root /srv/www/shadowytree.com/public_html;
        index index.html index.htm index.php;
    }   

    location /nginx_status {
        stub_status on;
        access_log off;
        #uncomment and add an ip address if you want to block access to status page
        #allow SOME.IP.ADD.RESS; 
        #deny all; 
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/shadowytree.com/public_html$fastcgi_script_name;
    }

}

server {

    listen [::]:443 ssl;
    ssl_certificate /srv/ssl/shadowytree.com.crt;
    ssl_certificate_key /srv/ssl/shadowytree.com.key;

    server_name www.shadowytree.com shadowytree.com;
    #access_log /srv/www/shadowytree.com/logs/access.log;
    error_log /srv/www/shadowytree.com/logs/error.log;

    keepalive_timeout 70;

    location / {
        root /srv/www/shadowytree.com/public_html;
        index index.html index.htm index.php;
    }   

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/shadowytree.com/public_html$fastcgi_script_name;
    }

}

If I removed the [::] parts everything works again. nginx is configured with ipv6 when I check it with nginx -V.

What am I missing?

I know this seems dumb, but were you listening on 80/443 before the migration?

I know this seems dumb, but why are you putting the spam in the quote, instead of in your sig?

I thought it would be less intrusive… DOH!

Hey, at least my English is nothing shy of perfect. :)

Do you want me to change it?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct