Question

Multiple Django/gunicorn/Nginx sites using different IPv6 addresses on one Droplet

Hello,

I turned on IPv6 on my droplet and followed a couple DigitalOcean docs and was able to get a second site running from the same droplet. So, I have one site running with SSL using the IPv4 address and another site with SSL as well (different certificates) using the IPv6 address shown on the droplet’s control panel.

I want to host one more site using another IPv6 address on the same droplet. I followed the instructions on https://www.digitalocean.com/docs/networking/ipv6/how-to/configure-additional-addresses/#enable-new-addresses-on-boot and setup a second address. I can check using ip -6 addr show eth0 and see my second address there. If I go on a web browser and go directly to that IP I can see the Nginx splash screen.

After that I tried to do another gunicorn socket and service and tested it, it works. Then I created another Nginx config under /etc/nginx/sites-available/ (config file below) and linked it to /etc/nginx/sites-enabled/. I setup my domain to point to the second IPv6 address with my domain registrar and on DigitalOcean.

So, in theory (following what I did for the first IPv6 site) everything should work, but when I go to the second domain/IPv6 address on my web browser I still just get the Nginx splash screen. I personally think it is something wrong with how I setup the Nginx config for both IPv6 sites but after a lot of Googleing I have no idea what is wrong.

Nginx config for FIRST IPv6 site (SSL enabled):

server {
    server_name [Pv6:address:1] exampleSite1.com www.exampleSite1.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /path/to/FIRST/site;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/exampleSite1.sock;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    ssl_certificate /path/to/site/fullchain.pem; # managed by Certbot
    ssl_certificate_key /path/to/site/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
    if ($host = www.exampleSite1.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = exampleSite1.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen [::]:80;
    server_name [Pv6:address:1] exampleSite1.com www.exampleSite1.com;
    return 404; # managed by Certbot
}

Nginx config for SECOND IPv6 site (can’t run certbot):

server {
    server_name [Pv6:address:2] exampleSite2.com www.exampleSite2.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /static/ {
        root /path/to/SECOND/site;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/exampleSite2.sock;
    }
}

I hope this all helps. If any more information is needed please let me know.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
November 18, 2023

Hey,

Running multiple Django sites using different IPv6 addresses on a single Droplet is an efficient use of resources. However, there are a few things to keep in mind when setting this up. I’ll outline the steps below:

  1. For the second site, you’ll need to explicitly set Nginx to listen on the specific IPv6 address assigned to that site, both for HTTP and HTTPS:

    listen [ipv6:address:2]:80 ipv6only=on;
    listen [ipv6:address:2]:443 ssl ipv6only=on;
    

    Replace [ipv6:address:2] with the actual IPv6 address allocated to your second site. This tells Nginx to listen for incoming connections for that site on this specific address.

  2. Since you haven’t run Certbot for the second site, you’ll need to configure SSL manually. Assuming you have the SSL certificates ready:

    ssl_certificate /path/to/second/site/fullchain.pem;
    ssl_certificate_key /path/to/second/site/privkey.pem;
    

    These lines should be within the server block that listens on port 443. If you don’t have the certificates yet, you’ll need to obtain them before you can serve the site over HTTPS.

  3. Verify Nginx and Domain Configuration:

    • Run nginx -t to test your Nginx configuration for syntax errors.
    • Ensure DNS settings for your second domain are correct and propagated by using a tool like dig or visiting an online DNS checker.
    • Check your domain registrar and DigitalOcean’s networking settings to ensure your AAAA records match the IPv6 address configured in Nginx.
  4. Review Logs for Specific Error Messages:

    • Access and error logs for Nginx can offer more insights:
    sudo tail -f /var/log/nginx/error.log
    sudo tail -f /var/log/nginx/access.log
    
    • Look for any messages related to your second site and address any issues that stand out.
  5. Confirm that your firewall isn’t blocking connections to the second IPv6 address. If you’re using DigitalOcean’s Cloud Firewall, ensure the rules allow traffic to the second site.

  6. If you intend to use Certbot for SSL on the second site, make sure your Droplet is configured to handle IPv6 correctly, as Let’s Encrypt will need to validate your domain over IPv6 if an AAAA record exists.

After addressing these points, reload Nginx to apply any changes

sudo systemctl reload nginx

Changes in DNS can take time to propagate, and you might need to wait a bit before your settings take effect.

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel