Adding IPV6 support to nginx

dinandmentink · January 6, 2024, 10:09am

Question. Hope someone can help me out while we wait for IPV6 to be available by default in hestia.

I am trying to add a template which enables ipv6, but for the life of me can´t get it to work. Can someone spot my mistake? This is what I did.

In /usr/local/hestia/data/templates/web/nginx:

cp default.tpl ipv6.tpl
cp default.stpl ipv6.stpl

Add ipv6 listen directive:

# ipv6.tpl
server {
        listen      [::]:%proxy_port%;
        listen      %ip%:%proxy_port%;
...

# ipv6.stpl
server {
        listen      [::]:%proxy_ssl_port% ssl http2;
        listen      %ip%:%proxy_ssl_port% ssl;
...

Then set the domain to ipv6 and rebuild. For some reason accessing the site over ipv6 still doesn’t work (tested with https://ready.chair6.net/ and https://internet.nl). Am I missing something obvious?

I have a firewall outside of hestia, so mysql ports and such are not a concern for me.

sahsanu · January 6, 2024, 11:36am

Remove http2 part, http2 is already enabled in main nginx conf.

listen [::]:%proxy_ssl_port% ssl;

dinandmentink · January 8, 2024, 1:04pm

Thanks for the response!

I tried this, but unfortunately I am still unable to access the website on ipv6. My testcase is https://ipv6.dev.elementon.nl/.

Any other suggestions? This should work right? I can confirm that the /etc/nginx/conf.d/domains/* file gets correctly updated with the above listen directive.

sahsanu · January 8, 2024, 2:31pm

Seems you are not using the righ IPv6 address:

❯ dig ipv6.dev.elementon.nl aaaa +short
2a01:4f8:c012:c9f4::

The ip should be 2a01:4f8:c012:c9f4::1

Testing access to your server:

Using 2a01:4f8:c012:c9f4::

❯ curl -IkL6 -m 10 -H "ipv6.dev.elementon.nl" "https://[2a01:4f8:c012:c9f4::]/"
curl: (28) Connection timed out after 10001 milliseconds

Using 2a01:4f8:c012:c9f4::1

❯ curl -IkL6 -m 10 -H "ipv6.dev.elementon.nl" "https://[2a01:4f8:c012:c9f4::1]/"
HTTP/2 301 
server: nginx
date: Mon, 08 Jan 2024 14:28:41 GMT
content-type: text/html
content-length: 162
location: https://ipv6.dev.elementon.nl/

curl: (28) Connection timed out after 10001 milliseconds

Still doesn’t work fine using 2a01:4f8:c012:c9f4::1 but is an advance

dinandmentink · January 24, 2024, 7:31pm

Thanks for the response! Life happened and it took me a while to get back to this. But your suggestion was indeed the solution. I can’t believe “ensure your dns record is correct” was the actual culprit .

I’m going to brush up on my AAAA record knowledge. I figured since 2a01:4f8:c012:c9f4:: is a valid IPV6 address it would also be a valid AAAA record, but apparently not?

Thanks for the suggestion, this really helped a lot.