Welcome! Log In Create A New Profile

Advanced

IPv6 does not work correctly with nginx

Posted by Mik J via nginx 
Mik J via nginx
IPv6 does not work correctly with nginx
January 05, 2018 02:10AM
Hello,
I'm trying to finish to configure nginx for ipv6
listen [::]:443 ssl;doesn't workbutlisten [fc00:1:1::13]:443 ssl;works
I need to explicitly specify the ipv6 address whereas in ipv4 I don't need to
# nginx -V
nginx version: nginx/1.12.1

server {
    listen 443 ssl;
#    listen [::]:443 ssl;
    listen [fc00:1:1::13]:443 ssl;
    server_name test.mydomain.org;
    root /var/www/html;
# ifconfig vmx0
vmx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
....inet6 fc00:1:1::13 prefixlen 64

Does someone knows why ?

Thank you


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: IPv6 does not work correctly with nginx
January 05, 2018 12:10PM
On Fri, Jan 05, 2018 at 01:04:52AM +0000, Mik J via nginx wrote:

Hi there,

> I'm trying to finish to configure nginx for ipv6
> listen [::]:443 ssl;doesn't workbutlisten [fc00:1:1::13]:443 ssl;works

"listen [::]:443 ssl;" seems to work for me.

What does "doesn't work" mean to you, specifically?

What does error log say?

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Mik J via nginx
Re: IPv6 does not work correctly with nginx
January 05, 2018 02:30PM
Hello Francis,
The port seems open but there is no ssl transaction.When I did a simple tcpdump capture I saw syn then syn/ack, then ackThe brower displays an error that the site is not accessible.
I forgot to say that I d-natted my IPv6 and the one I displayed is not a public IP.I was wondering if nginx treats it differently


Le vendredi 5 janvier 2018 à 12:26:20 UTC+1, Francis Daly <[email protected]> a écrit :

On Fri, Jan 05, 2018 at 01:04:52AM +0000, Mik J via nginx wrote:

Hi there,

> I'm trying to finish to configure nginx for ipv6
> listen [::]:443 ssl;doesn't workbutlisten [fc00:1:1::13]:443 ssl;works

"listen [::]:443 ssl;" seems to work for me.

What does "doesn't work" mean to you, specifically?

What does error log say?

    f
--
Francis Daly        francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: IPv6 does not work correctly with nginx
January 10, 2018 09:40AM
On Fri, Jan 05, 2018 at 01:23:47PM +0000, Mik J via nginx wrote:

Hi there,

I don't have a direct solution to the issue you report.

I do have a few things to try, which might help isolate where the problem
is (and therefore where the fix should be).

> The port seems open but there is no ssl transaction.When I did a simple tcpdump capture I saw syn then syn/ack, then ackThe brower displays an error that the site is not accessible.

Can you compare this tcpdump, with the start of a tcpdump of a
working connection (when you have told nginx to listen on a dedicated
IP:port)? Perhaps that will show which part of the communication fails.

(If you can tcpdump on both the client and server, maybe that will show
if something is lost in the network.)

Do you see the same problem if you omit ssl? If so, that might make it
easier to test manually. If not, that's probably useful information.

> I forgot to say that I d-natted my IPv6 and the one I displayed is not a public IP.I was wondering if nginx treats it differently

nginx should not care; something outside of nginx might care.

If you make a "curl" request from the nginx machine to itself, do you
see the problem?

And - if you omit nginx and just use a tcp listener (such as netcat)
as the server, do you see a similar problem?

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login