IPv6 to IPv4

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

IPv6 to IPv4

Rhys Ferris
Not sure if this is possible. I am trying to enable dual stack for my server, which also proxies several other internal services. Nginx is receiving requests on IPv6 fine, but some of my services are IPv4 only. Can Nginx receive the request on IPv6, retrieve the content from IPv4 internally, and the. Serve the context over IPv6?

Thanks

Rhys Ferris

☎ <a href="tel:808-257-2252" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0/0" style="text-decoration-color: rgba(0, 0, 0, 0.258824);">808-257-2252

📱 <a href="tel:757-848-7278" dir="ltr" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0/1" style="text-decoration-color: rgba(0, 0, 0, 0.258824);">757-848-7278

📧 [hidden email]


Sent from my iPhone

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 to IPv4

Sergey A. Osokin-2
Hi Rhys,

hope you're doing well.

Yes, it's definitely possible.  The following code snippet does the show:

    server {
        listen   [::]:80 default ipv6only=on;
        location / { proxy_pass <a href="http://127.0.0.1:8081;">http://127.0.0.1:8081; }
    }

    server {
        listen   127.0.0.1:8081;
        location / { return 200 "OK, 127.0.0.1:8081\n"; }
    }


% curl 127.0.0.1:8081
OK, 127.0.0.1:8081
% curl -g -6 "http://[::1]/"  
OK, 127.0.0.1:8081

On Wed, Dec 11, 2019 at 11:52:42AM -1000, Rhys Ferris wrote:
> Not sure if this is possible. I am trying to enable dual stack for my server, which also proxies several other internal services. Nginx is receiving requests on IPv6 fine, but some of my services are IPv4 only. Can Nginx receive the request on IPv6, retrieve the content from IPv4 internally, and the. Serve the context over IPv6?
>
> Thanks
>
> Rhys Ferris
> ??? 808-257-2252
> ???? 757-848-7278
> ???? [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 to IPv4

Rhys Ferris

hi, sorry for the extreme delay... i was lazy.

Here's what happens when I connect to my server on IPv6 (mind you, everything works fine if I remove the AAAA record):

2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/bootstrap-select/bootstrap-select.min.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/plugins/bower_components/boots
trap-select/bootstrap-select.min.js", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/tinymce/tinymce.min.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/plugins/bower_components/tinymce/tinymce.min.js"
, host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/multiselect/js/jquery.multi-select.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/plugins/bower_components/multisel
ect/js/jquery.multi-select.js", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/mousetrap/mousetrap.min.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/plugins/bower_components/mousetrap/mousetrap
.min.js", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/bootstrap-treeview-master/dist/bootstrap-treeview.min.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/plugins/bower_
components/bootstrap-treeview-master/dist/bootstrap-treeview.min.js", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/js/jquery.mousewheel.min.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/js/jquery.mousewheel.min.js", host: "domain.net", referrer: "http
s://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/js/ua-parser.min.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/js/ua-parser.min.js", host: "domain.net", referrer: "https://domain.ne
t/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/js/plyr.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/js/plyr.js", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/js/simplebar.js HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/js/simplebar.js", host: "domain.net", referrer: "https://domain.net/sonarr
/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/js/functions.js?v=2.0.325 HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/js/functions.js?v=2.0.325", host: "domain.net", referrer: "https://
domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/js/custom.min.js?v=2.0.325 HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/js/custom.min.js?v=2.0.325", host: "domain.net", referrer: "https:
//domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) fai
led (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/api/plugins/js/chat.js?v=2.0.325 HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/api/plugins/js/chat.js?v=2.0.325", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/api/plugins/js/invites.js?v=2.0.325 HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/api/plugins/js/invites.js?v=2.0.325", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/api/plugins/js/php-mailer.js?v=2.0.325 HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/api/plugins/js/php-mailer.js?v=2.0.325", host: "domain.net", referrer: "https://domain.net/sonarr/"
2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/api/plugins/js/speedTest.js?v=2.0.325 HTTP/2.0", upstream: "http://192.168.136.135:8989/sonarr/api/plugins/js/speedTest.js?v=2.0.325", host: "domain.net", referrer: "https://domain.net/sonarr/"
And so on.....

The way I'm reading it is that it is trying to connect from IPv6 source interface to IPv4 destination interface, and well, that obviously doesn't work. Here's my configs

nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	server_names_hash_bucket_size 1024;
#	proxy_headers_hash_bucket_size: 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log warn;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

#	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

excerpt of domain.net.conf


##Orgv2 Let's encrypt vhost - Non SSL 
##vhost_template_v: v1.0.2
##author: elmerfdz

## http://domain.net redirects to https://domain.net
#	include config/domain.net/http_server.conf; 
upstream sonarr-upstream { server 192.168.136.135:8989; }
upstream radarr-upstream { server 192.168.136.135:7878; }
upstream tautulli-upstream { server 192.168.136.141:8181; }
upstream webmin-upstream { server 192.168.136.130:10000; }

## Serves https://www.domain.net
server {
	listen 443 ssl http2; listen [::]:443 ssl http2;
	server_name domain.net;
	include /etc/nginx/config/domain.net/ssl.conf; #edit path to your certs
	root /var/www/domain.net/html;
	index index.php index.html index.htm index.nginx-debian.html;
	location ~ /auth-(.*) { rewrite ^/auth-(.*) /api/?v1/auth&group=$1; } #Org Auth
	error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
	location / {try_files $uri $uri/ =404;}
	include config/domain.net/phpblock.conf;  #PHP Block
        location /sonarr/ {
            proxy_pass http://sonarr-upstream;
            include config/domain.net/proxy.conf;
            error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
        }
    ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem; # managed by Certbot

And on the off chance you need it, heres proxy.conf
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_bind $server_addr;
proxy_buffers 32 4k;
#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
proxy_hide_header X-Frame-Options;
#add_header X-Frame-Option "DENY";
# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_no_cache $cookie_session;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

Let me know if you need any more info. Thanks for the help.
I really hope this list supports HTML otherwise that's going to a mess to read...

Rhys


    
On 12/11/19 1:34 PM, Sergey A. Osokin wrote:
Hi Rhys,

hope you're doing well.

Yes, it's definitely possible.  The following code snippet does the show:

    server {
        listen   [::]:80 default ipv6only=on;
        location / { proxy_pass http://127.0.0.1:8081; }
    }

    server {
        listen   127.0.0.1:8081;
        location / { return 200 "OK, 127.0.0.1:8081\n"; }
    }


% curl 127.0.0.1:8081
OK, 127.0.0.1:8081
% curl -g -6 "http://[::1]/"   
OK, 127.0.0.1:8081

On Wed, Dec 11, 2019 at 11:52:42AM -1000, Rhys Ferris wrote:
Not sure if this is possible. I am trying to enable dual stack for my server, which also proxies several other internal services. Nginx is receiving requests on IPv6 fine, but some of my services are IPv4 only. Can Nginx receive the request on IPv6, retrieve the content from IPv4 internally, and the. Serve the context over IPv6?

Thanks

Rhys Ferris
??? 808-257-2252
???? 757-848-7278
???? [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
-- 
Sent from Thunderbird on Ubuntu 19.10

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 to IPv4

Sergey Kandaurov

> On 16 Dec 2019, at 12:14, Rhys Ferris <[hidden email]> wrote:
>
> hi, sorry for the extreme delay... i was lazy.
> Here's what happens when I connect to my server on IPv6 (mind you, everything works fine if I remove the AAAA record):
> 2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/bootstrap-select/bootstrap-select.min.js HTTP/2.0", upstream:
> "http://192.168.136.135:8989/sonarr/plugins/bower_components/boots
> trap-select/bootstrap-select.min.js"
> , host: "domain.net", referrer: "https://domain.net/sonarr/"
>
> [...]
>
> The way I'm reading it is that it is trying to connect from IPv6 source interface to IPv4 destination interface, and well, that obviously doesn't work. Here's my configs
> nginx.conf
>

Your analysis looks correct (see below).

> [..]
>
> excerpt of domain.net.conf
>
>
> ##Orgv2 Let's encrypt vhost - Non SSL
> ##vhost_template_v: v1.0.2
> ##author: elmerfdz
>
> ##
> http://domain.net redirects to https://domain.net
>
> # include config/domain.net/http_server.conf;
> upstream sonarr-upstream { server 192.168.136.135:8989; }
> upstream radarr-upstream { server 192.168.136.135:7878; }
> upstream tautulli-upstream { server 192.168.136.141:8181; }
> upstream webmin-upstream { server 192.168.136.130:10000; }
>
> ## Serves
> https://www.domain.net
>
> server {
> listen 443 ssl http2; listen [::]:443 ssl http2;
> server_name domain.net;
> include /etc/nginx/config/domain.net/ssl.conf; #edit path to your certs
> root /var/www/domain.net/html;
> index index.php index.html index.htm index.nginx-debian.html;
> location ~ /auth-(.*) { rewrite ^/auth-(.*) /api/?v1/auth&group=$1; } #Org Auth
> error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
> location / {try_files $uri $uri/ =404;}
> include config/domain.net/phpblock.conf;  #PHP Block
>         location /sonarr/ {
>             proxy_pass
> http://sonarr-upstream
> ;
>             include config/domain.net/proxy.conf;
>             error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
>         }
>     ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem; # managed by Certbot
>     ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem; # managed by Certbot
>
>
> And on the off chance you need it, heres proxy.conf
>
> client_max_body_size 10m;
> client_body_buffer_size 128k;
> proxy_bind $server_addr;

Try removing this directive, that's likely the culprit.
Your backend addresses are IPv4, while you're trying binding IPv6 ($server_addr),
hence address family mismatch.  That's not going to work.

--
Sergey Kandaurov

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: IPv6 to IPv4

Rhys Ferris
THANKS SO MUCH!

One of those things where I started with something someone else built
without fully understanding it. Learning as I go. Thanks again!

Rhys

On 12/16/19 12:36 AM, Sergey Kandaurov wrote:

>> On 16 Dec 2019, at 12:14, Rhys Ferris <[hidden email]> wrote:
>>
>> hi, sorry for the extreme delay... i was lazy.
>> Here's what happens when I connect to my server on IPv6 (mind you, everything works fine if I remove the AAAA record):
>> 2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/bootstrap-select/bootstrap-select.min.js HTTP/2.0", upstream:
>> "http://192.168.136.135:8989/sonarr/plugins/bower_components/boots
>> trap-select/bootstrap-select.min.js"
>> , host: "domain.net", referrer: "https://domain.net/sonarr/"
>>
>> [...]
>>
>> The way I'm reading it is that it is trying to connect from IPv6 source interface to IPv4 destination interface, and well, that obviously doesn't work. Here's my configs
>> nginx.conf
>>
> Your analysis looks correct (see below).
>
>> [..]
>>
>> excerpt of domain.net.conf
>>
>>
>> ##Orgv2 Let's encrypt vhost - Non SSL
>> ##vhost_template_v: v1.0.2
>> ##author: elmerfdz
>>
>> ##
>> http://domain.net redirects to https://domain.net
>>
>> # include config/domain.net/http_server.conf;
>> upstream sonarr-upstream { server 192.168.136.135:8989; }
>> upstream radarr-upstream { server 192.168.136.135:7878; }
>> upstream tautulli-upstream { server 192.168.136.141:8181; }
>> upstream webmin-upstream { server 192.168.136.130:10000; }
>>
>> ## Serves
>> https://www.domain.net
>>
>> server {
>> listen 443 ssl http2; listen [::]:443 ssl http2;
>> server_name domain.net;
>> include /etc/nginx/config/domain.net/ssl.conf; #edit path to your certs
>> root /var/www/domain.net/html;
>> index index.php index.html index.htm index.nginx-debian.html;
>> location ~ /auth-(.*) { rewrite ^/auth-(.*) /api/?v1/auth&group=$1; } #Org Auth
>> error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
>> location / {try_files $uri $uri/ =404;}
>> include config/domain.net/phpblock.conf;  #PHP Block
>>         location /sonarr/ {
>>             proxy_pass
>> http://sonarr-upstream
>> ;
>>             include config/domain.net/proxy.conf;
>>             error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
>>         }
>>     ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem; # managed by Certbot
>>     ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem; # managed by Certbot
>>
>>
>> And on the off chance you need it, heres proxy.conf
>>
>> client_max_body_size 10m;
>> client_body_buffer_size 128k;
>> proxy_bind $server_addr;
> Try removing this directive, that's likely the culprit.
> Your backend addresses are IPv4, while you're trying binding IPv6 ($server_addr),
> hence address family mismatch.  That's not going to work.
>
--
Sent from Thunderbird on Ubuntu 19.04



_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

smime.p7s (5K) Download Attachment