IPv6 does not work correctly with nginx

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

IPv6 does not work correctly with nginx

nginx mailing list
Hello,

I'm trying to finish to configure nginx for ipv6

listen [::]:443 ssl;
doesn't work
but
listen [fc00:1:1::13]:443 ssl;
works

I need to explicitly specify the ipv6 address whereas in ipv4 I don't need to

# nginx -V
nginx version: nginx/1.12.1

server {
    listen 443 ssl;
#    listen [::]:443 ssl;
    listen [fc00:1:1::13]:443 ssl;
    server_name test.mydomain.org;
    root /var/www/html;

# ifconfig vmx0
vmx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
...
inet6 fc00:1:1::13 prefixlen 64

Does someone knows why ?

Thank you



_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 does not work correctly with nginx

Francis Daly
On Fri, Jan 05, 2018 at 01:04:52AM +0000, Mik J via nginx wrote:

Hi there,

> I'm trying to finish to configure nginx for ipv6
> listen [::]:443 ssl;doesn't workbutlisten [fc00:1:1::13]:443 ssl;works

"listen [::]:443 ssl;" seems to work for me.

What does "doesn't work" mean to you, specifically?

What does error log say?

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 does not work correctly with nginx

nginx mailing list
Hello Francis,

The port seems open but there is no ssl transaction.
When I did a simple tcpdump capture I saw syn then syn/ack, then ack
The brower displays an error that the site is not accessible.

I forgot to say that I d-natted my IPv6 and the one I displayed is not a public IP.
I was wondering if nginx treats it differently


Le vendredi 5 janvier 2018 à 12:26:20 UTC+1, Francis Daly <[hidden email]> a écrit :


On Fri, Jan 05, 2018 at 01:04:52AM +0000, Mik J via nginx wrote:

Hi there,

> I'm trying to finish to configure nginx for ipv6
> listen [::]:443 ssl;doesn't workbutlisten [fc00:1:1::13]:443 ssl;works

"listen [::]:443 ssl;" seems to work for me.

What does "doesn't work" mean to you, specifically?

What does error log say?


    f

--
Francis Daly        [hidden email]


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 does not work correctly with nginx

Francis Daly
On Fri, Jan 05, 2018 at 01:23:47PM +0000, Mik J via nginx wrote:

Hi there,

I don't have a direct solution to the issue you report.

I do have a few things to try, which might help isolate where the problem
is (and therefore where the fix should be).

> The port seems open but there is no ssl transaction.When I did a simple tcpdump capture I saw syn then syn/ack, then ackThe brower displays an error that the site is not accessible.

Can you compare this tcpdump, with the start of a tcpdump of a
working connection (when you have told nginx to listen on a dedicated
IP:port)? Perhaps that will show which part of the communication fails.

(If you can tcpdump on both the client and server, maybe that will show
if something is lost in the network.)

Do you see the same problem if you omit ssl? If so, that might make it
easier to test manually. If not, that's probably useful information.

> I forgot to say that I d-natted my IPv6 and the one I displayed is not a public IP.I was wondering if nginx treats it differently

nginx should not care; something outside of nginx might care.

If you make a "curl" request from the nginx machine to itself, do you
see the problem?

And - if you omit nginx and just use a tcp listener (such as netcat)
as the server, do you see a similar problem?

Good luck with it,

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx