Question

IPv6 connectivity issues with nginx

Hi, I recently turned on IPv6 addresses on one of our droplets hosted in Bangalore. I added a new AAAA entry for this IPv6 address, in addition to the A entry. I now have 2 entries (addresses are obscured here): A Record: @ 139.59.XX.YY 600 seconds AAAA record: @ 2400:6180:100:WW::XXX:YYYY 1 Hour

While I am able to load the website on my browser using https (or http which gets redirected to https), I get a webserver unreachable when I test IPv6 connectivity using http://ipv6-test.com/validate.php

Here are some commands I ran on the server to debug the issue, but I couldn’t find anything wrong:

sudo netstat -tulpan | grep nginx tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2705/nginx -g daemo tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2705/nginx -g daemo tcp6 0 0 :::443 :::* LISTEN 2705/nginx -g daemo tcp6 0 0 :::80 :::* LISTEN 2705/nginx -g daemo

ufw status Status: inactive

sudo sysctl -a | grep bindv6only (I explicitly set this to 1 ) net.ipv6.bindv6only = 1 sysctl: reading key “net.ipv6.conf.all.stable_secret” sysctl: reading key “net.ipv6.conf.default.stable_secret” sysctl: reading key “net.ipv6.conf.eth0.stable_secret” sysctl: reading key “net.ipv6.conf.eth1.stable_secret” sysctl: reading key “net.ipv6.conf.lo.stable_secret” sysctl: reading key “net.ipv6.conf.lxdbr0.stable_secret”

This is my nginx config (/etc/nginx/sites-enabled/default)

server { listen 80; listen [::]:80 ipv6only=on; server_name example.com www.example.com; rewrite ^(.*) https://example.com$1 permanent; }

server { listen 443 ssl; listen [::]:443 ipv6only=on; server_name example.com;

ssl_certificate example.com.pem; ssl_certificate_key example.com.key;

: : : }

Am I missing something here?

Best, Roshan


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@roshanbaliga

When it comes to NGINX, enabling IPv6 should only require that you’re server block contain the lines shown below (I’ve intentionally cut the rest of the sever block out since the important thing is getting IPv6 working for you – the other lines don’t really matter).

server
{
    listen                          80 default_server;
    listen                          [::]:80 ipv6only=on;
}

or

server
{
    listen                          443 default_server;
    listen                          [::]:443 ipv6only=on;
}

The default_server setting isn’t required and simply tells NGINX that if a request for a domain is received and can not be routed, that it should be routed to this server block, i.e. the default server.

If this is a recently deployed Droplet, that should be the only configuration that you need. You should not have to modify any other configuration settings.

To test this, I just compiled NGINX on a dev droplet that I have setup and configured one of my test domains to point to the IPv4 and IPv6 addresses and ran the same test you linked to and it worked instantly.

DNS

In terms of DNS, one thing that would prevent this from working is how you’ve setup DNS. Let’s use the following as examples (as that’s what you included in your OP).

IPv4 IP: 139.59.0.0 IPv6 IP: 2400:6180:100:WW::XXX:YYYY

Now let’s say your Droplet hostname is:

web.domain.com

and your domain is:

domain.com

And you want IPv4 + IPv6 to work on both, of course.

So you should have 2 A entries and 2 AAAA entries – i.e. one of each for both of the above.

For domain.com

A        domain.com        139.59.0.0
AAAA     domain.com        2400:6180:100:WW::XXX:YYYY

and for web.domain.com:

A        web.domain.com    139.59.0.0
AAAA     web.domain.com    2400:6180:100:WW::XXX:YYYY

After making any changes to NGINX, you should either restart or reload.

sudo service nginx restart

or

sudo service nginx reload

Thank you very much @jtittle, with your instructions. Which I judiciously followed I was able to resolve this issue. I wish I could give you more than 1 like on this Q&A thread. :D. I knew I made the right decision choosing DO!!

First off great job @jtittle, I really appreciate your consistency and care at handling this issue for @roshanbaliga . I am currently facing the same issue. So I’ve gone through the tutorial on https://www.digitalocean.com/community/tutorials/how-to-enable-ipv6-for-digitalocean-droplets#enabling-ipv6-on-an-existing-droplet But I’m stuck here where I have to sudo nano /etc/network/interfacesand add a section for my ipv6 address. Instead I get this file:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# Source interfaces
# Please check /etc/network/interfaces.d before changing this file
# as interfaces may have been defined in /etc/network/interfaces.d
# See LP: #1262951
source /etc/network/interfaces.d/*.cfg

I have gone through installing nginx and letsencrypt.

here is my nginx server settings:

server {
    listen 80 ;
    listen [::]:80 ;
    listen 443 ssl http2 ;
    listen [::]:443 ssl http2 ;

    root /var/www/example.com/html;
    server_name example.com www.example.com;
    include snippets/ssl-example.com.conf;
    include snippets/ssl-params.conf;

   location ~ /.well-known {
            allow all;
   }
}

Thanks in advance.