nginx server listen ipv6 and ipv4 and SSL

short description

Creating a website on a nginx Webserver which got ipv6 and ipv4, the template only creates listen *:80; in server config. That way nginx is only serving ipv4 connections.

correct behaviour

Since ISPConfig is able to split serving ipv4 and ipv6 for a vhost, I suggest best way is to add:

listen *:80;
listen [::]:80 ipv6only=on;

That way you keep the visual splitting. If you remove ipv6only=on, listen [::]:80; is serving IPv4 AND IPv6 and you could drop the listen *:80;.

Additional, if you did not use gai.conf to prefer ipv4 over ipv6, letsencrypt is not able to verify the website, unless you add listen [::]:80; After SSL is working you need to add the IPv6 SSL listen parameter manually, too.

To have IPv4 and IPv6 working with SSL on a vhost, I suggest this:

server {
        listen *:80;
        listen [::]:80 ipv6only=on;
        listen *:443 ssl;
        listen [::]:443 ssl ipv6only=on;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

In my manually edited config, I currently use this, because it is shorter. It is also working for IPv4 and IPv6.

server {
        listen [::]:80;
        listen [::]:443 ssl;
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_certificate /var/www/clients/client0/web38/ssl/domain.com-le.crt;
        ssl_certificate_key /var/www/clients/client0/web38/ssl/domain.com-le.key;

        server_name domain.com ;

        root   /var/www/domain.com/web/;

environment

Server OS: debian Server OS version: stretch ISPConfig version: 3.1.13

If it might be related to the problem

nginx version: nginx/1.10.3

PHP 7.0.30-0+deb9u1 (cli) (built: Jun 14 2018 13:50:25) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.30-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies