Adding IPV6 support to nginx

Question. Hope someone can help me out while we wait for IPV6 to be available by default in hestia.

I am trying to add a template which enables ipv6, but for the life of me can´t get it to work. Can someone spot my mistake? This is what I did.

In /usr/local/hestia/data/templates/web/nginx:

cp default.tpl ipv6.tpl
cp default.stpl ipv6.stpl

Add ipv6 listen directive:

# ipv6.tpl
server {
        listen      [::]:%proxy_port%;
        listen      %ip%:%proxy_port%;
# ipv6.stpl
server {
        listen      [::]:%proxy_ssl_port% ssl http2;
        listen      %ip%:%proxy_ssl_port% ssl;

Then set the domain to ipv6 and rebuild. For some reason accessing the site over ipv6 still doesn’t work (tested with and Am I missing something obvious?

I have a firewall outside of hestia, so mysql ports and such are not a concern for me.

Remove http2 part, http2 is already enabled in main nginx conf.

listen [::]:%proxy_ssl_port% ssl;


Thanks for the response!

I tried this, but unfortunately I am still unable to access the website on ipv6. My testcase is

Any other suggestions? This should work right? I can confirm that the /etc/nginx/conf.d/domains/* file gets correctly updated with the above listen directive.

Seems you are not using the righ IPv6 address:

❯ dig aaaa +short

The ip should be 2a01:4f8:c012:c9f4::1

Testing access to your server:

Using 2a01:4f8:c012:c9f4::

❯ curl -IkL6 -m 10 -H "" "https://[2a01:4f8:c012:c9f4::]/"
curl: (28) Connection timed out after 10001 milliseconds

Using 2a01:4f8:c012:c9f4::1

❯ curl -IkL6 -m 10 -H "" "https://[2a01:4f8:c012:c9f4::1]/"
HTTP/2 301 
server: nginx
date: Mon, 08 Jan 2024 14:28:41 GMT
content-type: text/html
content-length: 162

curl: (28) Connection timed out after 10001 milliseconds

Still doesn’t work fine using 2a01:4f8:c012:c9f4::1 but is an advance :wink:


Thanks for the response! Life happened and it took me a while to get back to this. But your suggestion was indeed the solution. I can’t believe “ensure your dns record is correct” was the actual culprit :person_facepalming:.

I’m going to brush up on my AAAA record knowledge. I figured since 2a01:4f8:c012:c9f4:: is a valid IPV6 address it would also be a valid AAAA record, but apparently not?

Thanks for the suggestion, this really helped a lot.

1 Like