Issue with only some members being able to access site?

[-GR-]

We are currently hosting with Linode and running Xenforo 2.0. All of the checks I have done seem good. However we have a couple of members that can't access the site or any site on the server for that matter. I can count myself as one of them when using my cell phone only using cellular data and I am on AT&T, as soon as I turn wifi back on it will connect just fine. I am pretty sure the other members who can't access the site that we know about are AT&T customers or one of their subsidiaries. I believe one member that is having issues is on Hughes.

Does anyone have any suggestions on what else I could try? There are no ip blocks. The server's ip is not on any blacklist. I have been googling but not having any luck coming up with anything. My next step is to switch to a different host but before going through all that hassle I figured I would post here.

 

[rdn]

What is the error when accessing your website?
Behind Cloudflare or any proxy?

 

[-GR-]

From my iphone on cellular it says "Safari cannot open the page because the network connection was lost." From Chrome it says "There is no internet connection" even though there is because I can access xenforo or other sites just fine. However if I type in the servers ip address into the url it will pull up the server's default page. Which leads me to it being a dns issue when on cellular because everything works fine on wi-fi.

No proxy or cloudfare.

 

[jeb35]

I can't say this is it but I had issues the other day accessing websites when Comcast had the nationwide outage, websites just wouldn't load. It could still be related to the outage as I'm not sure its all totally fixed yet.

 

[-GR-]

I can't say this is it but I had issues the other day accessing websites when Comcast had the nationwide outage, websites just wouldn't load. It could still be related to the outage as I'm not sure its all totally fixed yet.

I actually think I may have found the issue. It's related to ipv6 and I don't have nginx setup to listen for it. Looks like I have some reading to do.

 

[Anthony Parsons]

It's related to ipv6 and I don't have nginx setup to listen for it. Looks like I have some reading to do.

Did you fix it? I don't understand why that would be the issue... as DNS binds domain to IP, removing IP from the equation for viewers, regardless what the IP infrastructure used by the client to view your website. You don't need an IPv6 server to handle people accessing the internet via IPv6 between them and their ISP. They lookup a domain, that domain validates to your IP, boom >> they view your website. NAT.

Yes, IPv6 allows you to have a direct known connection without the reliance of NAT. Most domain registrars still don't cater IPv6 for glue records.

Am I missing something about IPv6?

 

[TPerry]

I actually think I may have found the issue. It's related to ipv6 and I don't have nginx setup to listen for it. Looks like I have some reading to do.

If on a VPS, simply disable IPv6 on the server... otherwise, you have to make sure that NGINX has been compiled to listen for IPv6 calls and you have your vhost also listening.
To disable IPv6 on a CentOS server, log in via SSH and assume root or use sudo to run the following commands
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
On a Debian (or any that uses Debian as it's base like Ubuntu) you would SSH into the server and issue [I]sudo nano /etc/sysctl.conf and then edit the file to add
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
to the bottom of the file, save it and then reboot the server instance.

If wanting to check NGINX then it's fairly simple.
From your CLI when logged in via SSH issue a nginx -V and look for --with-ipv6. That will tell you if your NGINX is compiled with IPv6 support.
If you are using CentMin Mod, there is a parameter that needs to be set in your /etc/centminmod/custom_config.inc that is NGINX_IPV='y'. What this does is each time you upgrade your NGINX via CentMin Mod it compiles the IPv6 into it.
To have nginx listen on ALL IPv6 address for the vhost on port 80 you would use listen [::]:80; in your vhost definition. If using SSL you would use listen [::]:443; also.
This is what I use to bind one of my vhosts to a specific IPv6 address - listen [2604:180:0:5::15]:80; and in the main server segment I do the same, but for port 443 since I rewrite all inbound HTTP to HTTPS.

 

[Anthony Parsons]

If you are using CentMin Mod, there is a parameter that needs to be set in your /etc/centminmod/custom_config.inc that is NGINX_IPV='y'. What this does is each time you upgrade your NGINX via CentMin Mod it compiles the IPv6 into it.

You made me nervous for a second... this isn't required nowadays as NGINX defaults to IPv6 enabled. Confirmed that with George.

 

[TPerry]

Yes, had forgotten about that... I keep it in there for a "just in case" use.
I never understood why the default compilation had it disabled honestly.

 

[-GR-]

I did get it resolved. It was ipv6 which the server was already setup for along with the DNS records but nginx didn't have the required config lines to listen. I would disable ipv6 but it seems a lot of mobile providers are starting to use it more and more. I think it is probably best to keep it enabled and configured long term. I also added tables to ip6tables to allow the typical ports for a web server and block all others.