Welcome to Centmin Mod Community
Become a Member

Nginx IPv6 configured according to docs, but IPv6 test sites report failure

Discussion in 'Nginx and PHP-FPM news & discussions' started by jeffwidman, Apr 24, 2015.

Tags:
  1. jeffwidman

    jeffwidman Active Member

    152
    27
    28
    Dec 3, 2014
    Ratings:
    +51
    Local Time:
    6:15 PM
    I've got an Nginx server block that looks like this:


    Code:
    server    {
          listen             80;
        listen            [::]:80;
        #listen             443 ssl;
    
          server_name         mydomain.com;
         ...location directives, etc...
    
    According to previous posts here and elsewhere, that should tell Nginx to listen on IPV6. Nginx starts just fine.

    When I check the site using an IPV6 validator like IPv6 test - web site reachability it says my DNS settings are correct, but fails because the web server isn't accepting connections.

    I looked through various Nginx conf files, and everything looks normal. Unfortunately my home Comcast cable service is still IPV4 only, so I can't manually curl the server via ipv6.

    Nginx error logs look fine to me, not seeing anything amiss.

    What could possibly be causing this?
    It's a plain vanilla Centminmod install, beta .08 for Centos 7 that I installed last night on a new Ramnode VPS.
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:15 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You can use http://ip6.nl/ to test a site's IPv6 support i.e. http://ip6.nl/#!sslspdy.com :)

    Code:
    server {
    listen 80;
    listen [2604:180:1::fd2c:e402]:80 default_server ipv6only=on;
      server_name sslspdy.com www.sslspdy.com;
       return 301 https://$server_name$request_uri;
    }
    
    server {
      listen 443 ssl spdy;
      listen [2604:180:1::fd2c:e402]:443 default_server ssl spdy ipv6only=on;
      server_name sslspdy.com www.sslspdy.com;
     
  3. jeffwidman

    jeffwidman Active Member

    152
    27
    28
    Dec 3, 2014
    Ratings:
    +51
    Local Time:
    6:15 PM
    Actually, the site you linked to only checks the DNS readiness, it doesn't ping the webserver itself. That website reports my site as working correctly for IPV6, even though it's not.

    As I mentioned in my post, DNS isn't the issue--the packets are getting routed to the correct server. It's just something is misconfigured within my server.

    I'm not sure if CSF firewall is intercepting the packets before Nginx sees them, or which Nginx log to check (there's both a general error log and a per-domain error log).

    Any suggestions on things I can use to debug where the root cause is are appreciated.
     
    Last edited: Apr 24, 2015
  4. jeffwidman

    jeffwidman Active Member

    152
    27
    28
    Dec 3, 2014
    Ratings:
    +51
    Local Time:
    6:15 PM
  5. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    12:15 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah virtual.conf doesn't have ipv6 settings as Centmin Mod Nginx by default doesn't enable IPv6

    CSF does have IPv6 TCP6/UDP6 ports that need whitelisting which is done already by default in /etc/csf/csf.conf - quick check would be to disable CSF temporarily to see if you can accept connections.