Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx Rebuild NGINX with IPv6 Support - Question/Help

Discussion in 'Install & Upgrades or Pre-Install Questions' started by ENF, Dec 19, 2016.

  1. ENF

    ENF New Member

    6
    2
    3
    May 9, 2016
    Tokyo, Japan
    Ratings:
    +2
    Local Time:
    1:47 AM
    1.11.9
    MariaDB 10.1.21
    Hi All.

    We're beginning to redeploy some servers into a new facility that has just opened up to us recently. We thought this would be a good time to go ahead and roll-out IPv6 support.

    On a new node, I have rolled out the very vanilla Centminmod from the beta branch and we've updated everything and no further updates are available. (NGNIX 1.11.7, PHP 5.6.29, CentOS Linux release 7.3.1611 (Core) etc.)

    Now, NGINX is not compiled with IPv6 by default and I found some instructions here (#34) for rebuilding NGINX with IPv6 support using the Centminmod menu item #4.

    The target domain has the required AAAA record and the server in general can use IPv6 as shown through pings..

    Anyway, the main point here is that after creating the /etc/centminmod/custom_config.inc file and including NGINX_IPV='y' within it, the rebuild using menu #4 doesn't add IPv6 support in as shown here with "--with-ipv6".

    I haven't moved further in the steps, since I can't seem to get the NGINX build done with IPv6 in it.

    So, please slap me and tell me what I'm doing wrong. lol....

    Thank you in advance.
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,034
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, in 123.09beta01 starting with nginx 1.11.5+ IIRC, IPv6 support is compiled in natively by nginx folks so no need for FAQ item 34 though setting up ipv6 directives in nginx vhost still applies as per FAQ item 34.

     
  3. ENF

    ENF New Member

    6
    2
    3
    May 9, 2016
    Tokyo, Japan
    Ratings:
    +2
    Local Time:
    1:47 AM
    1.11.9
    MariaDB 10.1.21
    Ok, I will proceed forward with the rest of the configuration and see how it goes. I misunderstood that we should still see the IPv6 build note in the compiled version under cmd> nginx -V.

    Thank you for the prompt reply.
     
  4. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
    So i followed the guide after making the change to the consistent config

    after adding
    listen 443 ssl http2;
    listen [......................]:443 ssl http2 ipv6only=on;

    it works on the first site and nginx restarts with no issues, but when i add it to a second site, nginx fails to restart, even though nginx -t had no issues,

    Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.

    when i run systemctl status nginx.service:
    Dec 25 00:12:15 cluster.sflcnetwork.com nginx[4029]: Starting nginx: nginx: [emerg] duplicate listen options for [::]:443 in ...nf:17

    not sure what im doing wrong, do i need a separate ipv6 per site :(

    I tried toggling the ipv6only=on and off, as well as actually putting in my ipv6 address instead of [::] but the same issue comes up
     
  5. eva2000

    eva2000 Administrator Staff Member

    29,034
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    see FAQ item 34 FAQ - CentminMod.com LEMP Nginx web stack for CentOS if you setting separate ipv6 and ipv4 listeners it's ipv6only=on

    with specific IPv6 address
    Code (Text):
    server {
      listen 443 ssl http2;
      listen [2604:180:1::fd2c:e4xx]:443 ssl http2 ipv6only=on;
     
  6. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
    strange, still getting the same duplicate listen error
     
  7. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
    all sites are running on lets encrypt https only, not sure if that changes things. first site ok, second site wont allow it.
     
  8. eva2000

    eva2000 Administrator Staff Member

    29,034
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    Across all vhosts try using only one instance of ipv6only=on directive on each port pair one vhosts and see

    Do once for port 80 and once for port 443
     
  9. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
  10. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
    i tried on with ipv6only=on and the rest as off, still same issue,

    in all my non ssl conf's there isnt any listen directives as the sites are all https
     
  11. eva2000

    eva2000 Administrator Staff Member

    29,034
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    example for 3 vhosts site1.com, site2.com and site3.com separate vhosts where each listen port instance for 443 has only one instance of ipv6only=on

    3 separate ipv6 specific ips for port 443 https where only need one instance of ipv6only=on for them all
    Code (Text):
    server {
      listen 443 ssl http2;
      listen [2604:180:1::fd2c:e4x1]:443 ssl http2 ipv6only=on;
      server_name site1.com;
    

    Code (Text):
    server {
      listen 443 ssl http2;
      listen [2604:180:1::fd2c:e4x2]:443 ssl http2;
      server_name site2.com;
    

    Code (Text):
    server {
      listen 443 ssl http2;
      listen [2604:180:1::fd2c:e4x3]:443 ssl http2;
      server_name site3.com;
    
     
    • Like Like x 1
  12. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
    Interesting thanks @eva2000 that worked, does this mean that theres a misconfiguration with my setup somewhere or was this issue normal, Im new to the whole ipv6 thing
     
  13. eva2000

    eva2000 Administrator Staff Member

    29,034
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    that's normal, i am updating faq #34 with these instructions to make it clearer
     
    • Like Like x 1
  14. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
    Thanks again @eva2000, do you know of any tools i can get a screenshot of my sites on ipv6 to ensure everything else is working properly, my provider here only has ipv4 and prob wont get ipv6 until sometime around the year 3000

    i found a few websites that check to see if the site resolves, but that doesnt guarantee whatll be displayed in the browser is the actual site
     
  15. eva2000

    eva2000 Administrator Staff Member

    29,034
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    unfortunately not off the top of my head
     
  16. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    6:47 PM
    1
    10
    • Informative Informative x 1
  17. eva2000

    eva2000 Administrator Staff Member

    29,034
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,784
    Local Time:
    2:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    nice (y)