Discover Centmin Mod today
Register Now

Nginx ipv6 on single domain port 80

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by upgrade81, May 3, 2018.

Tags:
  1. upgrade81

    upgrade81 Premium Member Premium Member

    266
    16
    18
    Sep 5, 2016
    Italy
    Ratings:
    +27
    Local Time:
    8:17 AM
    1.17
    10.3
    how can I enable only for 1 domain on port 80 ipv6?

    I only have the final .ssl file (domain.com.ssl) and it handles only https traffic.

    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
       server_name www.domain.com domain.com;
       return 301 https://www.domain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 backlog=2048 reuseport fastopen=256;
      listen [2a00:dcc0:xxxxxxx::1]:443 ssl http2 ipv6only=on;
      server_name www.domain.com domain.com;
    
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,404
    10,301
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,979
    Local Time:
    4:17 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Not sure i understand the question you mean you want www version domain to use HTTPS port 443 via IPv4 and IPv6. But also want non-HTTPS port 80 version of same domain to use IPv6 only ? or IPv6 and Ipv4 ? If you are forcing that domain to redirect to HTTPS on port 443, you can no longer use non-HTTPS port 80 for that domain concurrently.
     
  3. upgrade81

    upgrade81 Premium Member Premium Member

    266
    16
    18
    Sep 5, 2016
    Italy
    Ratings:
    +27
    Local Time:
    8:17 AM
    1.17
    10.3
    By performing an online test, this> IPv6 test - web site reachability

    Without entering https in the domain does not open the site "ipv6"
    if I put https it works regularly.

    IPv6 Connectivity
    FAIL
    Could not connect to www.domain.com on port 80 over IPv6.

    I'll send you the domain in private so you can see for yourself.
     
    Last edited: May 3, 2018
  4. eva2000

    eva2000 Administrator Staff Member

    45,404
    10,301
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,979
    Local Time:
    4:17 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Oh you mean non-https port 80 site isn't connecting to Nginx when using IPv6 connection. That is because your non-https port 80 server{} context is missing listen directives.

    so try to change from
    Code (Text):
     server {
    
       server_name www.domain.com domain.com;
       return 301 https://www.domain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 backlog=2048 reuseport fastopen=256;
      listen [2a00:dcc0:xxxxxxx::1]:443 ssl http2 ipv6only=on;
      server_name www.domain.com domain.com;
    

    to
    Code (Text):
     server {
      listen 80;
      listen [2a00:dcc0:xxxxxxx::1]:80 ipv6only=on;
       server_name www.domain.com domain.com;
       return 301 https://www.domain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 backlog=2048 reuseport fastopen=256;
      listen [2a00:dcc0:xxxxxxx::1]:443 ssl http2 ipv6only=on;
      server_name www.domain.com domain.com;
    

    restart nginx
    Code (Text):
    service nginx restart
    

    or use centmin mod command shortcut
    Code (Text):
    ngxrestart
    
     
  5. upgrade81

    upgrade81 Premium Member Premium Member

    266
    16
    18
    Sep 5, 2016
    Italy
    Ratings:
    +27
    Local Time:
    8:17 AM
    1.17
    10.3
    perfect! it was just the piece I was missing.

    however the redirect from 80 to 443 was already executed, but now it is also performed for ipv6.
     
  6. upgrade81

    upgrade81 Premium Member Premium Member

    266
    16
    18
    Sep 5, 2016
    Italy
    Ratings:
    +27
    Local Time:
    8:17 AM
    1.17
    10.3
    I have a little doubt.

    With the directive "ipv6only = on;" is ipv4 traffic being redirected to the ipv6 socket?
     
  7. eva2000

    eva2000 Administrator Staff Member

    45,404
    10,301
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,979
    Local Time:
    4:17 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    no not redirected. that directive means ipv6 only so in combination with listen 80 = listen on ipv4 and ipv6

    depending on client like browsers, tools i.e. curl and servers, they may have their own preference for ipv6 over ipv4
     
  8. upgrade81

    upgrade81 Premium Member Premium Member

    266
    16
    18
    Sep 5, 2016
    Italy
    Ratings:
    +27
    Local Time:
    8:17 AM
    1.17
    10.3
    the important thing is that it does not block traffic on 443 only for those using ipv6.
     
  9. eva2000

    eva2000 Administrator Staff Member

    45,404
    10,301
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,979
    Local Time:
    4:17 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    no the 2 directives together mean ipv4 + ipv6