0

This error drives me crazy: Running nginx on Debian Buster. ipv4 works fine, but testing with ipv6 throws:

Unable to connect to the server

AAAA Record is available and valid. Connection with http://ipv6-test.com and with Powershell (Test-NetConnection) from a DualStack Host was not successful.

Version check with nginx -V:

nginx version: nginx/1.14.2 built with OpenSSL 1.1.1d 10 Sep 2019 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-Cjs4TR/nginx-1.14.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-echo --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-subs-filter

/etc/nginx/sites-available/default looks like

server { listen 80 default_server; listen [::]:80 default_server; }

netstat -tulpn says

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 656/nginx: master p tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 656/nginx: master p tcp6 0 0 :::80 :::* LISTEN 656/nginx: master p tcp6 0 0 :::443 :::* LISTEN 656/nginx: master p

Firewall is open ufw status:

80/tcp (v6) ALLOW IN Anywhere (v6) 443/tcp (v6) ALLOW IN Anywhere (v6)

Assistance very appreachiated!

Improve this question
2
  • Was AAAA record created in DNS? Or how you're testing Commented Sep 23, 2020 at 21:03
  • 1
    Does your server actually have global IPv6 connectivity? It seems like you asked about this before, but did not resolve the problem. Commented Sep 23, 2020 at 21:40

2 Answers 2

Reset to default
0

Before anything, ensure the basics:

  • you have A/AAAA records correctly pointed
  • your nginx is listening on ipv6 (as of some ancient version, like 1.11 or so, ivp6 is baked in by default so there's no need to compile it explicitly)
  • which firewall might be f'n you up. You usually have iptables or ufw

In my case it was the simplest thing: ufw

do

$ sudo ufw status

See if it explicitly allows port 80/443.

In my case it stated:

To Action From -- ------ ---- 22 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6)

To fix: $ sudo ufw allow http && sudo ufw allow https

Then do a $ sudo ufw status again. You need a minimum of

Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6)

Then do the ssllabs.com test again.

Improve this answer
-1

Issue solved. OSI-Layer 8 Issue

enter image description here

Missconfiguration of /etc/network/interfaces.d/50-cloud-init.cfg

Improve this answer
7
  • What was the problem? Commented Sep 24, 2020 at 18:22
  • Missconfiguration of /etc/network/interfaces.d/50-cloud-init.cfg Commented Sep 29, 2020 at 12:57
  • That doesn't really say what the problem was, so it isn't useful for anyone. You can delete the question if you don't want to share any details. Commented Sep 29, 2020 at 13:23
  • That's possible candidate for most useless answer ever. Commented Aug 4, 2021 at 14:20
  • Well I have this problem too. Thanks for sharing zero information about how you solved it. :/ Commented Oct 13, 2021 at 23:19

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.