Hi, I recently turned on IPv6 addresses on one of our droplets hosted in Bangalore. I added a new AAAA entry for this IPv6 address, in addition to the A entry. I now have 2 entries (addresses are obscured here): A Record: @ 139.59.XX.YY 600 seconds AAAA record: @ 2400:6180:100:WW::XXX:YYYY 1 Hour
While I am able to load the website on my browser using https (or http which gets redirected to https), I get a webserver unreachable when I test IPv6 connectivity using http://ipv6-test.com/validate.php
Here are some commands I ran on the server to debug the issue, but I couldn’t find anything wrong:
sudo netstat -tulpan | grep nginx tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2705/nginx -g daemo tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2705/nginx -g daemo tcp6 0 0 :::443 :::* LISTEN 2705/nginx -g daemo tcp6 0 0 :::80 :::* LISTEN 2705/nginx -g daemo
ufw status Status: inactive
sudo sysctl -a | grep bindv6only (I explicitly set this to 1 ) net.ipv6.bindv6only = 1 sysctl: reading key “net.ipv6.conf.all.stable_secret” sysctl: reading key “net.ipv6.conf.default.stable_secret” sysctl: reading key “net.ipv6.conf.eth0.stable_secret” sysctl: reading key “net.ipv6.conf.eth1.stable_secret” sysctl: reading key “net.ipv6.conf.lo.stable_secret” sysctl: reading key “net.ipv6.conf.lxdbr0.stable_secret”
This is my nginx config (/etc/nginx/sites-enabled/default)
server { listen 80; listen [::]:80 ipv6only=on; server_name example.com www.example.com; rewrite ^(.*) https://example.com$1 permanent; }
server { listen 443 ssl; listen [::]:443 ipv6only=on; server_name example.com;
ssl_certificate example.com.pem; ssl_certificate_key example.com.key;
: : : }
Am I missing something here?
Best, Roshan
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
@roshanbaliga
When it comes to NGINX, enabling IPv6 should only require that you’re server block contain the lines shown below (I’ve intentionally cut the rest of the sever block out since the important thing is getting IPv6 working for you – the other lines don’t really matter).
or
The
default_server
setting isn’t required and simply tells NGINX that if a request for a domain is received and can not be routed, that it should be routed to this server block, i.e. the default server.If this is a recently deployed Droplet, that should be the only configuration that you need. You should not have to modify any other configuration settings.
To test this, I just compiled NGINX on a dev droplet that I have setup and configured one of my test domains to point to the IPv4 and IPv6 addresses and ran the same test you linked to and it worked instantly.
DNS
In terms of DNS, one thing that would prevent this from working is how you’ve setup DNS. Let’s use the following as examples (as that’s what you included in your OP).
IPv4 IP: 139.59.0.0 IPv6 IP: 2400:6180:100:WW::XXX:YYYY
Now let’s say your Droplet hostname is:
and your domain is:
And you want IPv4 + IPv6 to work on both, of course.
So you should have 2 A entries and 2 AAAA entries – i.e. one of each for both of the above.
For
domain.com
and for
web.domain.com
:After making any changes to NGINX, you should either restart or reload.
or
Thank you very much @jtittle, with your instructions. Which I judiciously followed I was able to resolve this issue. I wish I could give you more than 1 like on this Q&A thread. :D. I knew I made the right decision choosing DO!!
First off great job @jtittle, I really appreciate your consistency and care at handling this issue for @roshanbaliga . I am currently facing the same issue. So I’ve gone through the tutorial on https://www.digitalocean.com/community/tutorials/how-to-enable-ipv6-for-digitalocean-droplets#enabling-ipv6-on-an-existing-droplet But I’m stuck here where I have to
sudo nano /etc/network/interfaces
and add a section for my ipv6 address. Instead I get this file:I have gone through installing nginx and letsencrypt.
here is my nginx server settings:
Thanks in advance.
@roshanbaliga
Thanks for the update, definitely appreciated!
I was about to suggest that same link, though I was under the impression that the Droplet was setup and deployed with IPv6 enabled from the start. Next time I’ll make sure I lead with that so I can save the next person time and hassle!
That said, I am happy to hear that they were able to help and that you were able to get things up and running as needed!
@roshanbaliga
The only other issue that I can think of would be that NGINX may not be compiled with IPv6 support. Whether or not this is the case depends on the version of NGINX you’re running. The latest versions don’t require the compile option
--with-ipv6
, however, prior to the newer releases, older version of NGINX did.You can check the compile options by running the following command from the CLI:
Which will detail every option that NGINX was compiled with for your build. If your version is 1.10.x or 1.11.x, you don’t need that compile option as it’s deprecated. If you’re build is older and it doesn’t show up when running the above, then your build of NGINX may not support IPv6 connections and that’d be why you’re unable to verify it.
The downside is that if you are running an older version and there’s not a newer version in the repo, then the best option is doing a source compile where you’ll have to define each option that NGINX should be compile with.
If that’s the route needed, I can help you there. I actually have a copy & paste solution to help with that, but before doing something like that, you’d need to backup any data in
/etc/nginx
that you don’t want destroyed (i.e. server block files for your website(s)) as we’d be deleting everything there and starting from scratch.