• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

nginx dedicated v4 AND v6 ip

Adam Howard

Well-known member
#1
The idea is I want to have both a v4 and v6 IP address. Below is what I currently have now
PHP:
server {
      listen       xxx.xxx.xxx.xxx:80;
      server_name  sociallyuncensored.net;

        #charset koi8-r;
        access_log  /var/log/nginx/log/sociallyuncensored.net.log  main;

      root   /usr/share/nginx/sociallyuncensored.net/public_html;
    index  index.html index.php;

        include /etc/nginx/rewrites.conf;

        include /etc/nginx/php.conf;
}
How exactly would I add the v6 IP address?

I tried this...
PHP:
server {
      listen       xxx.xxx.xxx.xxx:80;
      listen       yyy.yyy.yyy.yyy:80;
      server_name  sociallyuncensored.net;

        #charset koi8-r;
        access_log  /var/log/nginx/log/sociallyuncensored.net.log  main;

      root   /usr/share/nginx/sociallyuncensored.net/public_html;
    index  index.html index.php;

        include /etc/nginx/rewrites.conf;

        include /etc/nginx/php.conf;
}
But sadly that gave me this error.
PHP:
nginx: [emerg] invalid port in "yyyy:yyyy:yyy:yyyy:80" of the "listen" directive in /etc/nginx/conf.d/sociallyuncensored_net.conf:3
nginx: configuration file /etc/nginx/nginx.conf test failed
So I am puzzled....
 

euantor

Well-known member
#2
I believe IPv6 addresses are wrapped in braces like so:

Code:
 server {
  listen  xxx.xxx.xxx.xxx:80;
  listen  [yyy:yyy:yyy:yyy]:80;
  server_name  sociallyuncensored.net;

  #charset koi8-r;
  access_log  /var/log/nginx/log/sociallyuncensored.net.log  main;

  root  /usr/share/nginx/sociallyuncensored.net/public_html;
  index  index.html index.php;

  include /etc/nginx/rewrites.conf;

  include /etc/nginx/php.conf;
}
Also ensure you have nginx compiled with IPv6 support obviously.
 

Adam Howard

Well-known member
#3
I believe IPv6 addresses are wrapped in braces like so:

Code:
server {
  listen  xxx.xxx.xxx.xxx:80;
  listen  [yyy:yyy:yyy:yyy]:80;
  server_name  sociallyuncensored.net;

  #charset koi8-r;
  access_log  /var/log/nginx/log/sociallyuncensored.net.log  main;

  root  /usr/share/nginx/sociallyuncensored.net/public_html;
  index  index.html index.php;

  include /etc/nginx/rewrites.conf;

  include /etc/nginx/php.conf;
}
Also ensure you have nginx compiled with IPv6 support obviously.
Getting there, just still not there yet
PHP:
nginx: [emerg] invalid IPv6 address in "[yyyy:yyyy:yyy:yyyy]:80" of the "listen" directive in /etc/nginx/conf.d/sociallyuncensored_net.conf:3
nginx: configuration file /etc/nginx/nginx.conf test failed
 

euantor

Well-known member
#4
Could you post the actual IPv6 address you're using? I believe the form is as follows, though I don't have any IPv6 addresses:

Code:
listen [2607:f0d0:1004:2::2]:80;
 

Adam Howard

Well-known member
#5
Could you post the actual IPv6 address you're using? I believe the form is as follows, though I don't have any IPv6 addresses:

Code:
listen [2607:f0d0:1004:2::2]:80;
Small mistype on my part. My host gave me the whole /64 block so I have more than I could ever use.
PHP:
2604:4600:B01:6137::/64
This is what I'm imputing now
PHP:
      listen      [2604:4600:B01:6137::2]:80;
Which now gives me the following error
PHP:
nginx: [emerg] bind() to [2604:4600:b01:6137::2]:80 failed (99: Cannot assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed
 
Last edited:

Adam Howard

Well-known member
#7
Looks like one of the three solutions found here might help: http://mattgadient.com/2013/12/28/s...nginx-using-ipv6-on-a-kvm-vps-running-ubuntu/

Alternatively, do you need to listen on only that specific address? You could listen on all IPv6 addresses on port 80 as follows:

Code:
listen [::]:80;
Because I wish to add SSL in the future and also there are more than one site on the server. I also use an AnyCast DNS offsite for help balance and need to provide an AAA record there as well.

I am totally new to v6 IP addresses. Not even 100% sure how to read them correctly yet. Quoting my host when I asked for a more defined IP list;

"There are some 18 quintillian addresses within a /64, so it is not feasible to provide a listing of these.

The usable block would be:
2604:4600:0B01:6137:0000:0000:0000:0000 - 2604:4600:0B01:6137:FFFF:FFFF:FFFF:FFFF
"


Which is good to know, but if I was to count backwards... I have no idea the in between values on WHEN those numbers become letters. lol

I laughed myself silly when he told me this... I only wanted 5 :p
 

euantor

Well-known member
#8
Ok, try using the following then:

Code:
listen [2604:4600:0B01:6137:0000:0000:0000:0001]:80;
Since you have that whole block, you can just increment through to F.
 

Adam Howard

Well-known member
#9
Looks like one of the three solutions found here might help: http://mattgadient.com/2013/12/28/s...nginx-using-ipv6-on-a-kvm-vps-running-ubuntu/

Alternatively, do you need to listen on only that specific address? You could listen on all IPv6 addresses on port 80 as follows:

Code:
listen [::]:80;
I ignored the first 2 suggestions because there is no

post-up

In Ubuntu linux. I found a virtual package for it in

maptransfer maptransfer-server

But those are for game servers and are not for my requirements.

The final solution to that, also did me no good and restarting nginx gives me the same error as before.
 

Adam Howard

Well-known member
#10
Solved (?)

Ran this command
PHP:
ip -6 a s
Which displayed a few Ip's the seem to be already associated (not sure how).
Used one of them and it worked
 

Adam Howard

Well-known member
#11
^ Actually a little concerned in using those

PHP:
 ip -6 a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2604:4600:b01:6127:f9de:b2f:fa48:685a/64 scope global temporary dynamic 
       valid_lft 525729sec preferred_lft 6729sec
    inet6 2604:4600:b01:6127:8c71:4fc3:144b:2eba/64 scope global temporary deprecated dynamic 
       valid_lft 439932sec preferred_lft 0sec
    inet6 2604:4600:b01:6127:91c5:ffca:17f0:57ed/64 scope global temporary deprecated dynamic 
       valid_lft 354135sec preferred_lft 0sec
    inet6 2604:4600:b01:6127:884d:3083:f7d7:f24a/64 scope global temporary deprecated dynamic 
       valid_lft 268338sec preferred_lft 0sec
    inet6 2604:4600:b01:6127:4daf:1a46:5b0a:400d/64 scope global temporary deprecated dynamic 
       valid_lft 182541sec preferred_lft 0sec
    inet6 2604:4600:b01:6127:bde7:351f:23b0:2d09/64 scope global temporary deprecated dynamic 
       valid_lft 96744sec preferred_lft 0sec
    inet6 2604:4600:b01:6127:b0da:ee41:2cf2:98f5/64 scope global temporary deprecated dynamic 
       valid_lft 10947sec preferred_lft 0sec
    inet6 2604:4600:b01:6127:223:7dff:fe50:c517/64 scope global dynamic 
       valid_lft 1998147sec preferred_lft 10947sec
    inet6 fe80::223:7dff:fe50:c517/64 scope link 
       valid_lft forever preferred_lft forever
The whole "temporary" notice has me concerned
 

Tracy Perry

Well-known member
#12
Hehehehe.... took about 2 minutes
Screen Shot 2014-05-26 at 9.06.19 PM.png
Code:
root@bart:/etc/nginx# ip -6 a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::20ad:ddff:fea3:7767/64 scope link
      valid_lft forever preferred_lft forever
Now I jsut have to make the DNS entry for it (and wait for namesilo to reflect it).
I'm still thinking about just moving it all over to Quadranets DNS service.
 
Last edited:

Adam Howard

Well-known member
#13
Hehehehe.... took about 2 minutes
View attachment 74473
Code:
root@bart:/etc/nginx# ip -6 a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::20ad:ddff:fea3:7767/64 scope link
      valid_lft forever preferred_lft forever
Now I jsut have to make the DNS entry for it (and wait for namesilo to reflect it).
I'm still thinking about just moving it all over to Quadranets DNS service.
You could explain exactly how you achieved it....

nginx tells me that it's working, but http://ipv6-test.com/validate.php tells me that it's not :(
 

Tracy Perry

Well-known member
#14
You could explain exactly how you achieved it....

nginx tells me that it's working, but http://ipv6-test.com/validate.php tells me that it's not :(
There is more to it than just the nginx configuration. I just locked myself out of the ProxMox server when I enabled IPv6 on it (and had to request a KVM hookup since their web based has a buglet with my computers).
I had to add a new address in the /etc/network/interfaces (and since I'm have a VPS setup I have to configure my KVM server to route IPV6 also).
 

Tracy Perry

Well-known member
#15
And now I think I got the server (KVM) doing the routing it needs (these are on two separate VPS's on the same KVM server).

Screen Shot 2014-05-26 at 11.52.46 PM.png Screen Shot 2014-05-27 at 12.24.31 AM.png
Code:
beerbuzzed@bart:/etc/network$ ping6 -c5 ipv6.google.com
PING ipv6.google.com(sea09s01-in-x02.1e100.net) 56 data bytes
64 bytes from sea09s01-in-x02.1e100.net: icmp_seq=1 ttl=50 time=76.1 ms
64 bytes from sea09s01-in-x02.1e100.net: icmp_seq=2 ttl=51 time=75.5 ms
64 bytes from sea09s01-in-x02.1e100.net: icmp_seq=3 ttl=50 time=76.1 ms
64 bytes from sea09s01-in-x02.1e100.net: icmp_seq=4 ttl=51 time=75.6 ms
64 bytes from sea09s01-in-x02.1e100.net: icmp_seq=5 ttl=51 time=75.6 ms
--- ipv6.google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 75.572/75.837/76.191/0.324 ms
This is the beginning of the server section (each VPS only holds one forum on it).
Code:
server {
listen 80 default;
listen [::]:80 default ipv6only=on;
    listen              443 ssl spdy;
    listen              [::]:443 default ssl spdy;
 
Last edited:

Adam Howard

Well-known member
#16
There is more to it than just the nginx configuration. I just locked myself out of the ProxMox server when I enabled IPv6 on it (and had to request a KVM hookup since their web based has a buglet with my computers).
I had to add a new address in the /etc/network/interfaces (and since I'm have a VPS setup I have to configure my KVM server to route IPV6 also).
/ect/network/interfaces
PHP:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
        address 23.239.64.40
        netmask 255.255.255.192
        gateway 23.239.64.1
auto eth0:1
iface eth0:1 inet static
        address 23.239.73.208
        netmask 255.255.255.255
        gateway 23.239.73.1
auto eth0:2
iface eth0:2 inet static
        address 23.239.73.209
        netmask 255.255.255.255
        gateway 23.239.73.1
#IPV6 configuration
auto eth0:3
iface eth0:3 inet6 static
pre-up modprobe ipv6
address 2604:4600:B01:6137:0000:0000:0000:0010
netmask 64
gateway 2604:4600:B01:6137:0000:0000:0000:0001
Still no joy :(
 
Last edited:

Adam Howard

Well-known member
#18
I'm getting there...

In Ubuntu Linux (maybe Debian as well), there is the "privacy" setting that gives you a temp IP. Which is why I kept getting temps listed.

PHP:
/etc/sysctl.d/10-ipv6-privacy.conf
Changed these
PHP:
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
to this
PHP:
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
Then ran
PHP:
service procps restart
This FINALLY allowed me to ping6 out properly
ping6 ipv6.google.com

Still no incoming though.... But 1/2 way there so far :D
 

Adam Howard

Well-known member
#19
I'm beyond confused and puzzled. This is working on 1 domain and only 1 domain.

/etc/network/interfaces
PHP:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet static
        address 23.239.64.40
        netmask 255.255.255.192
        gateway 23.239.64.1
auto eth0:1
iface eth1 inet dhcp
iface eth0:1 inet static
        address 23.239.73.208
        netmask 255.255.255.255
        gateway 23.239.73.1
auto eth0:2
iface eth2 inet dhcp
iface eth0:2 inet static
        address 23.239.73.209
        netmask 255.255.255.255
        gateway 23.239.73.1
#IPV6 configuration
auto eth0:3
iface eth3 inet dhcp
iface eth0:3 inet6 static
pre-up modprobe ipv6
address 2604:4600:b01:6127::2
netmask 64
gateway 2604:4600:b01:6127::1
This is where it gets a little confusing...

ip -6 neighbor show dev eth0
PHP:
2604:4600:b01:6127::2  FAILED
2604:4600:b01:6127::1 lladdr 00:0c:cf:9a:60:00 router REACHABLE
2604:4600:b01:6127::  FAILED
fe80::20c:cfff:fe9a:6000 lladdr 00:0c:cf:9a:60:00 router REACHABLE
And yet, oddly enough it is working on sociallyuncensored.eu

ip -6 address show eth0
PHP:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2604:4600:b01:6137:223:7dff:fe50:c517/64 scope global dynamic 
       valid_lft 2587345sec preferred_lft 600145sec
    inet6 2604:4600:b01:6127:223:7dff:fe50:c517/64 scope global dynamic 
       valid_lft 2587345sec preferred_lft 600145sec
    inet6 fe80::223:7dff:fe50:c517/64 scope link 
       valid_lft forever preferred_lft forever
Do not know why my server seems to like that IP address (2604:4600:b01:6127:223:7dff:fe50:c517), but it does.

Now if this isn't strange enough... IF I attempt to add any other IP in nginx or to another domain... I get this...

PHP:
nginx: [emerg] duplicate listen options for [IP-HERE]:80 in /etc/nginx/conf.d/sociallyuncensored_net.conf:3
nginx: configuration file /etc/nginx/nginx.conf test failed
Replace "IP-HERE" with whatever I decide to add.

So I am puzzled.... Very puzzled.