Hi Charles, IPv6 listeners can also accept IPv4 requests. This will result in IPs being passed through to logs and such like ::ffff:192.168.123.101. If you do not want this and do want both, add ipv6only=on to the IPv6 listen line.
Daniƫl On Jul 26, 2016 02:25, "Charles Lawrence" <[email protected]> wrote: > I'm in the process of setting up a new server built on ubuntu 16.04 > using nginx 1.10.0. > > The specific issue is that while my new configuration essentially > matches my old nginx configuration from an ubuntu 13.10 server using > nginx 1.4.4, nginx 1.10.0 is only creating either ipv4 or ipv6 > workers, but not both. This behavior is not present on the old server. > Not sure what else to try at this point. > > I've verified that my nginx installation was built with ipv6. > > > nginx version: nginx/1.10.0 (Ubuntu) > > built with OpenSSL 1.0.2g-fips 1 Mar 2016 > > TLS SNI support enabled > > configure arguments: --with-cc-opt='-g -O2 -fPIE > -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time > -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie > -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx > --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log > --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock > --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body > --http-fastcgi-temp-path=/var/lib/nginx/fastcgi > --http-proxy-temp-path=/var/lib/nginx/proxy > --http-scgi-temp-path=/var/lib/nginx/scgi > --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit > --with-ipv6 --with-http_ssl_module --with-http_stub_status_module > --with-http_realip_module --with-http_auth_request_module > --with-http_addition_module --with-http_dav_module --with-http_geoip_module > --with-http_gunzip_module --with-http_gzip_static_module > --with-http_image_filter_module --with-http_v2_module --with-htt > p_sub_module --with-http_xslt_module --with-stream > --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads > > Below are my current configurations for the new server: > > ># /etc/nginx/nginx.conf> user www-data; > > worker_rlimit_nofile 30000; > > worker_processes 8; > > pid /run/nginx.pid; > > > > events { > > worker_connections 500000; > > } > > > > http { > > sendfile on; > > tcp_nopush on; > > tcp_nodelay on; > > keepalive_timeout 65; > > types_hash_max_size 2048; > > > > include /etc/nginx/mime.types; > > default_type application/octet-stream; > > > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE > > ssl_prefer_server_ciphers on; > > > > access_log /var/log/nginx/access.log; > > error_log /var/log/nginx/error.log; > > > > gzip on; > > gzip_disable "msie6"; > > gzip_vary on; > > gzip_proxied any; > > gzip_comp_level 6; > > gzip_buffers 16 8k; > > gzip_http_version 1.1; > > gzip_types text/plain text/css application/json application/javascript > text/xml application/xml application/xml+rss text/javascript; > > > > include /etc/nginx/conf.d/*.conf; > > include /etc/nginx/sites-enabled/*; > > } > > Lastly, the weird thing is whether the workers get bound to ipv4 or > ipv6 entirely depends on the order in which the listen directives are > placed. In the following data, I've switched the order and tried > different configurations multiple times. After each change to > /etc/nginx/sites-enabled/blog I did sudo service nginx stop; sudo > service nginx start; sudo lsof -i;to get the data. > > Also note that I changed the workers count to 8 after performing these > steps. However while the number of workers increased, the same > behavior was seen where all workers were either ipv4 or ipv6. > > > listen [::]:80; > > listen 80; > > nginx 27675 root 6u IPv4 204423 0t0 TCP *:http (LISTEN) > > nginx 27676 www-data 6u IPv4 204423 0t0 TCP *:http (LISTEN) > > > > listen 80; > > listen [::]:80; > > nginx 27747 root 6u IPv6 205134 0t0 TCP *:http (LISTEN) > > nginx 27748 www-data 6u IPv6 205134 0t0 TCP *:http (LISTEN) > > > > listen 80; > > listen [::]:80 default ipv6only=on; > > nginx 27819 root 6u IPv6 205849 0t0 TCP *:http (LISTEN) > > nginx 27820 www-data 6u IPv6 205849 0t0 TCP *:http (LISTEN) > > > > listen 80; > > listen [::]:80 default ipv6only=off; > > nginx 27885 root 6u IPv6 206495 0t0 TCP *:http (LISTEN) > > nginx 27886 www-data 6u IPv6 206495 0t0 TCP *:http (LISTEN) > > > > listen 80; > > listen [::]:80 default; > > nginx 27953 root 6u IPv6 207184 0t0 TCP *:http (LISTEN) > > nginx 27954 www-data 6u IPv6 207184 0t0 TCP *:http (LISTEN) > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
