Discover Centmin Mod today
Register Now

Upgrade Nginx Insight Guide Adding Additional IP Addresses

Discussion in 'Centmin Mod Insights' started by eva2000, May 30, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Adding additional IPs to a server involves 2 main tasks
    1. Adding and registering additional IPs to system network configuration
    2. Configuring Nginx to use those additional IPs

    Additional IPs System Configuration



    For CentOS to add additional IP address, you need to first be assigned additional IP addresses by your web host or order the additional IPs. For instance, OVH calls additional IPs failover IPs.

    OVH has a guide for adding and registering the additional IPs for CentOS and other Linux distributions to the system outlined at Network IP Aliasing | OVH Docs.

    There's a previous discussion for this with tips at https://community.centminmod.com/threads/how-to-add-a-ipv4-failover-range-to-centos-7.8691/ including scripting the format for each
    /etc/sysconfig/network-scripts/ifcfg-eth0:X file you need to create.


    Example for CentOS 6 & 7



    Example IP range 192.168.2.2 to 192.168.2.10 in SSH or shell script define IPLIST variable listing all additional IP addresses in single space separated list and define i variable with starting value of 0. Then a for ip in $IPLIST loop incrementing i variable by 1 for each IP listed in IPLIST
    Code (Text):
    IPLIST="192.168.2.2 192.168.2.3 192.168.2.4 192.168.2.5 192.168.2.6 192.168.2.7 192.168.2.8 192.168.2.9 192.168.2.10"
    i=0
    for ip in $IPLIST; do
      i=$(($i+1))
    echo -e "\n/etc/sysconfig/network-scripts/ifcfg-eth0:${i}"; echo "
    DEVICE="eth0:$i"
    BOOTPROTO=static
    IPADDR="$ip"
    NETMASK="255.255.255.255"
    BROADCAST="xxx.xxx.xxx.xxx"
    ONBOOT=yes";
    echo -e "\nifup eth0:${i}";
    done
    

    Gives following display only output
    Code (Text):
    /etc/sysconfig/network-scripts/ifcfg-eth0:2
    
    DEVICE=eth0:2
    BOOTPROTO=static
    IPADDR=192.168.2.2
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:2
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:3
    
    DEVICE=eth0:3
    BOOTPROTO=static
    IPADDR=192.168.2.3
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:3
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:4
    
    DEVICE=eth0:4
    BOOTPROTO=static
    IPADDR=192.168.2.4
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:4
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:5
    
    DEVICE=eth0:5
    BOOTPROTO=static
    IPADDR=192.168.2.5
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:5
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:6
    
    DEVICE=eth0:6
    BOOTPROTO=static
    IPADDR=192.168.2.6
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:6
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:7
    
    DEVICE=eth0:7
    BOOTPROTO=static
    IPADDR=192.168.2.7
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:7
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:8
    
    DEVICE=eth0:8
    BOOTPROTO=static
    IPADDR=192.168.2.8
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:8
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:9
    
    DEVICE=eth0:9
    BOOTPROTO=static
    IPADDR=192.168.2.9
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:9
    
    /etc/sysconfig/network-scripts/ifcfg-eth0:10
    
    DEVICE=eth0:10
    BOOTPROTO=static
    IPADDR=192.168.2.10
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    
    ifup eth0:10

    Where the first entry /etc/sysconfig/network-scripts/ifcfg-eth0:2 would contain
    Code (Text):
    DEVICE=eth0:2
    BOOTPROTO=static
    IPADDR=192.168.2.2
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    

    and command to start up the interface for initial first time for eth0:2 would be
    Code (Text):
    ifup eth0:2
    


    Example for CentOS 7 Only



    For CentOS 7 there's a 2nd method for adding additional IPs to your system https://www.unixmen.com/linux-basic...esses-single-network-interface-card-centos-7/. Instead of separate /etc/sysconfig/network-scripts/ifcfg-eth0:X files where X increments, you add additional IPs within the same /etc/sysconfig/network-scripts/ifcfg-eth0 existing file defined by variable IPADDRx where x increments from 1 to number of IP addresses you want to add. Your file might not be named eth0 as it depends on your CentOS 7 network device naming scheme which you can find out via command below to check which network device belongs to your existing public IP address for your server:
    Code (Text):
    ifconfig
    

    So if you existing /etc/sysconfig/network-scripts/ifcfg-eth0 file contain
    Code (Text):
    DEVICE=eth0
    BOOTPROTO=static
    IPADDR=192.168.2.1
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    

    adding additional example IPs above would add these additional entries
    Code (Text):
    IPADDR1=192.168.2.2
    IPADDR2=192.168.2.3
    IPADDR3=192.168.2.4
    IPADDR4=192.168.2.5
    IPADDR5=192.168.2.6
    IPADDR6=192.168.2.7
    IPADDR7=192.168.2.8
    IPADDR8=192.168.2.9
    IPADDR9=192.168.2.10
    

    so /etc/sysconfig/network-scripts/ifcfg-eth0 file with additional IPs would contain
    Code (Text):
    DEVICE=eth0
    BOOTPROTO=static
    IPADDR0=192.168.2.1
    IPADDR1=192.168.2.2
    IPADDR2=192.168.2.3
    IPADDR3=192.168.2.4
    IPADDR4=192.168.2.5
    IPADDR5=192.168.2.6
    IPADDR6=192.168.2.7
    IPADDR7=192.168.2.8
    IPADDR8=192.168.2.9
    IPADDR9=192.168.2.10
    NETMASK=255.255.255.255
    BROADCAST=xxx.xxx.xxx.xxx
    ONBOOT=yes
    

    again you can script for this IPLIST variable defining space separated list of additional IP addresses in a for ip in $IPLIST loop with starting i=0 variable that increments by a value of 1 for each IPLIST entry
    Code (Text):
    IPLIST="192.168.2.2 192.168.2.3 192.168.2.4 192.168.2.5 192.168.2.6 192.168.2.7 192.168.2.8 192.168.2.9 192.168.2.10"
    i=0
    for ip in $IPLIST; do
      i=$(($i+1))
      echo "IPADDR${i}=$ip"
    done
    

    changing existing IPADDR line from
    Code (Text):
    IPADDR=192.168.2.1
    

    to
    Code (Text):
    IPADDR0=192.168.2.1
    

    Then restart your networking service
    Code (Text):
    service network restart
    

    check the additional IPs registered on your system via command
    Code (Text):
    ifconfig
    
     
    Last edited: May 30, 2017
  2. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+

    Configuring Nginx Additional IP Usage



    To configure Nginx additional IPs, you need to first do the above to add the additional IPs to the system's networking configuration and for the IPs to show up in ifconfig output and be pingable. Nginx can setup Vhosts to use either name based hosting (default) sharing the main IP address or IP based hosting where a Vhost uses a dedicated or different IP address from the main IP address. This is controlled by Nginx listen directive How nginx processes a request

    SECOND_IP

    Centmin Mod 123.09beta01 and higher have native support to configure Nginx vhost creation routines to use a separate second IP from the main server IP address via persistent config file /etc/centminmod/custom_config.inc set variable called SECOND_IP discussed and added at https://community.centminmod.com/th...r-routines-support-second-ip.5292/#post-22203. So out of the box, new nginx vhosts generated will use the defined SECOND_IP=111.222.333.444 where the IP is a secondary IP addressed added to the server.

    You define SECOND_IP variable is centmin mod persistent config file outlined at Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS you manually create the file at /etc/centminmod/custom_config.inc and add SECOND_IP=yoursecondary_IPaddress variable to it which will be registered with nginx vhost generator routine so that any new nginx vhosts created via centmin.sh menu option 2 or /usr/bin/nv or centmin.sh menu option 22, will have pre-defined SECOND_IP ip address set in the nginx vhost's listen directive.

    So in persistent config file you create or already created at /etc/centminmod/custom_config.inc set in it
    Code (Text):
    SECOND_IP=111.222.333.444
    


    So at centmin.sh menu option 2, 22 or nv command runs to create a fresh new Nginx vhost instead of server{} context's listen directive being listed as
    Code (Text):
    listen 80;
    

    with SECOND_IP set it will become
    Code (Text):
    listen 111.222.333.444:80;
    

    for HTTPS on port 443

    instead of
    Code (Text):
    listen 443;
    

    with SECOND_IP set it will become
    Code (Text):
    listen 111.222.333.444:443;
    

    where you defined SECOND_IP=111.222.333.444

    Thus allowing you to use a different server IP for new nginx vhosts generated automatically when you run centmin.sh menu options 2, 22 or nv command line.

    Nginx Vhost Manual Configuration



    Now if you want to use a different IP address from main server IP or the one defined in SECOND_IP variable, then right now you would need to manually edit your Nginx vhost config file's listen directive yourself defining the additional IP you added earlier. So if a 3rd additional IP address is 111.222.333.555, your nginx vhost's listen directive would be like the following:

    for port 80
    Code (Text):
    listen 111.222.333.555:80;
    

    or for port 443
    Code (Text):
    listen 111.222.333.555:443;
    

    and restart Nginx server afterwards
    Code (Text):
    service nginx restart
    

    or centmin mod command shortcut
    Code (Text):
    ngxrestart
    
     
    Last edited: May 30, 2017
  3. upgrade81

    upgrade81 Member

    295
    17
    18
    Sep 5, 2016
    CH
    Ratings:
    +30
    Local Time:
    9:16 AM
    1.17
    10.3
    Hi I tried to add more ipv6 addresses like you did in the example. then listing one below the other in the eth0 network interface.

    the problem is that by assigning to a vhost an ipv6 address and to another vhost a different address gives me error when nginx restart.

    nginx: [emerge] bind () to [2a00: dcc0: dead: xxxx :: 1]: 80 failed (99: Can not assign requested address)
    Sep 13 21:32:47 vip03.hostname.it nginx [6230]: [FAILED]
    Sep 13 21:32:47 vip03.hostname.it systemd [1]: nginx.service: control process exited, code = exited status = 1
     
  4. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what does output for nginx config test show
    Code (Text):
    nginx -t
    

    for posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags :)
    have you checked if your IPv6 addresses are working first and properly added ? Can you ping them via ping6 ? i.e.
    Code (Text):
    ping6 -c4 2a00:dcc0:dead:xxxx::1 -I eth0
    

    changing eth0 to the internet the IPv6 is assigned to
    Does existing IPv6 addresses assigned work and are pingable ?
     
  5. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Or just set nginx to listen on all IPv6
    Code (Text):
    listen [::]:80 ipv6only=on
    

    and set DNS AAAA record for specific IPv6 for the domain

    also you should only set the ipv6only directive once per listen port number regardless of the number of Nginx vhost sites you have
     
  6. upgrade81

    upgrade81 Member

    295
    17
    18
    Sep 5, 2016
    CH
    Ratings:
    +30
    Local Time:
    9:16 AM
    1.17
    10.3
    Certainly the first ipv6 is pingable and also the second.

    sorry, but is it not possible to configure each host to always listen to the same ipv6 address?

    because I did it as usual with ipv4 but the following error comes out

    Code:
    Starting nginx: nginx: [emerge] duplicate listen options for [2a00: dcc0: d ... onf: 5
    and

    Code:
    server {
      listen 443 ssl http2;
      listen [2a00:dcc0:dead:xxxx::2]:443 ssl http2 ipv6only=on;
    
    obviously ipv4 and ipv6 must coexist.
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    as previous post you should only set the ipv6only directive once per listen port number regardless of the number of Nginx vhost sites you have so only one nginx vhost needs ipv6only=on per ip/port pair otherwise you get duplicate listen options error
     
  8. AHTOLLlKA

    AHTOLLlKA Member

    32
    4
    8
    Dec 1, 2017
    Ratings:
    +9
    Local Time:
    11:16 AM
    with parameter "SECOND_IP" i got 403 error when getting SSL from Let's Encrypt....
    try 3 times.... now remove this parameter and all working good (with 22 menu)
    then manual change listen parameter in nginx conf
     
  9. skringjer

    skringjer NoobMaster69

    208
    26
    28
    Apr 21, 2019
    Ratings:
    +43
    Local Time:
    1:16 PM
    Nginx 1.21.6
    MariaDB 10.3.x
    for Centos just use nmtui, its the best and easiest.
     
  10. AHTOLLlKA

    AHTOLLlKA Member

    32
    4
    8
    Dec 1, 2017
    Ratings:
    +9
    Local Time:
    11:16 AM
    and how its help connect some domain to second ip ? or its just for manage ip, hostname ?
     
  11. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    SECOND_IP should work but you need to add the 2nd IP itself to your CentOS system's network configuration as well. If you haven't done so, the 2nd IP won't have network routing working.
     
  12. AHTOLLlKA

    AHTOLLlKA Member

    32
    4
    8
    Dec 1, 2017
    Ratings:
    +9
    Local Time:
    11:16 AM
    yes, second ip was added in centos and tested before start 22 menu
     
  13. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    strange then it should of worked as long as domain name's DNS A record for non-www and www versions pointed to 2nd IP address
     
  14. JoeDer

    JoeDer Member

    82
    19
    8
    Feb 22, 2015
    Ratings:
    +48
    Local Time:
    10:16 AM
    Nginx 1.21.x
    MariaDB 10.3.x
    I have exactly the same issue when I run centmin option 2 or /usr/local/src/centminmod/addons/acmetool.sh issue mydomain.com lived
    Code:
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for mydomain.com
    -----------------------------------------------------------
    testcert value = lived
    /root/.acme.sh/acme.sh --issue -d mydomain.com -d www.mydomain.com --days 60 -w /home/nginx/domains/mydomain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-270920-162857.log --log-level 2
    [Sun Sep 27 16:29:13 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
    [Sun Sep 27 16:29:13 UTC 2020] Multi domain='DNS:dmydomain.com,DNS:www.mydomain.com'
    [Sun Sep 27 16:29:13 UTC 2020] Getting domain auth token for each domain
    [Sun Sep 27 16:29:16 UTC 2020] Getting webroot for domain='mydomain.com'
    [Sun Sep 27 16:29:16 UTC 2020] Getting webroot for domain='www.mydomain.com'
    [Sun Sep 27 16:29:16 UTC 2020] Verifying: mydomain.com
    [Sun Sep 27 16:29:19 UTC 2020] mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/BEbyKNttmn1ZxibFUDLcuySxjr0-2j9nXHKz-Gk_av4 [My 2nd IPv4]:
    [Sun Sep 27 16:29:20 UTC 2020] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-270920-162857.log
    LECHECK = 1
     
  15. eva2000

    eva2000 Administrator Staff Member

    54,110
    12,179
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,739
    Local Time:
    6:16 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    best to start a new thread in the DNS subforum at Domains, DNS, Email & SSL Certificates with info asked in sticky thread at SSL - Domains - Letsencrypt - How too troubleshoot Letsencrypt SSL certificate issuance or renewal