nginx server listen ipv6 and ipv4 and SSL
short description
Creating a website on a nginx Webserver which got ipv6 and ipv4, the template only creates listen *:80;
in server config.
That way nginx is only serving ipv4 connections.
correct behaviour
Since ISPConfig is able to split serving ipv4 and ipv6 for a vhost, I suggest best way is to add:
listen *:80;
listen [::]:80 ipv6only=on;
That way you keep the visual splitting. If you remove ipv6only=on,
listen [::]:80;
is serving IPv4 AND IPv6 and you could drop the listen *:80;
.
Additional, if you did not use gai.conf to prefer ipv4 over ipv6, letsencrypt is not able to verify the website, unless you add listen [::]:80;
After SSL is working you need to add the IPv6 SSL listen parameter manually, too.
To have IPv4 and IPv6 working with SSL on a vhost, I suggest this:
server {
listen *:80;
listen [::]:80 ipv6only=on;
listen *:443 ssl;
listen [::]:443 ssl ipv6only=on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
In my manually edited config, I currently use this, because it is shorter. It is also working for IPv4 and IPv6.
server {
listen [::]:80;
listen [::]:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/client0/web38/ssl/domain.com-le.crt;
ssl_certificate_key /var/www/clients/client0/web38/ssl/domain.com-le.key;
server_name domain.com ;
root /var/www/domain.com/web/;
environment
Server OS: debian Server OS version: stretch ISPConfig version: 3.1.13
If it might be related to the problem
nginx version: nginx/1.10.3
PHP 7.0.30-0+deb9u1 (cli) (built: Jun 14 2018 13:50:25) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.30-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies