Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nginx] IPv6 support? #3640

Closed
emilstahl opened this issue Oct 15, 2016 · 5 comments
Closed

[nginx] IPv6 support? #3640

emilstahl opened this issue Oct 15, 2016 · 5 comments
Labels
area: nginx feature request
Milestone
0.21.0

Comments

@emilstahl
Copy link

emilstahl commented Oct 15, 2016
edited

Currently the nginx plugin adds:
listen 443 ssl; # managed by Certbot

It should add the following for IPv6 support:

listen 443 ssl; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot

An option for HTTP 2 would be nice too, either by specifying --http2 flag or just check nginx for compatibility.;

listen 443 ssl http2;
listen [::]:443 ssl http2;
@bmw bmw mentioned this issue Oct 17, 2016
Open
@bmw
Copy link
Member

bmw commented Oct 17, 2016
edited

@emilstahl, thanks for making this issue. I created #3646 so we can track the issues of IPv6 and HTTP2 separately.

@bmw bmw added this to the 1.0.0 milestone Oct 17, 2016
@bmw bmw changed the title [nginx] IPv6 & HTTP 2 support? [nginx] IPv6 support? Oct 17, 2016
@kirelagin
Copy link

Actually, it is not entirely safe. In older versions of nginx the ipv6only was off by default, so having these two lines you propose at the same time would break the config.

I’d say that ipv6only=on should be added to the listen [::]:443 line, but, AFAIU, this option is Linux-only and I’m not sure how nginx will respond to it on other OSes.

This was referenced Aug 3, 2017
Closed
Closed
@ohemorange ohemorange mentioned this issue Oct 4, 2017
Closed
@joohoi joohoi mentioned this issue Oct 8, 2017
Merged
@bmw bmw modified the milestones: 1.0.0, 0.20.0 Nov 22, 2017
@bmw bmw modified the milestones: 0.20.0, 0.21.0 Dec 6, 2017
@jkldgoefgkljefogeg
Copy link

jkldgoefgkljefogeg commented Feb 4, 2018
edited

ipv6only=on is the default. https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
For a server config with listen [::]:80;, certbox does not generate listen [::]:443; At least user should be warned IPv6 SSL was not enabled.

For it breaks for some legacy version nginx_version check to skip ipv6 config is fine. Current implementation does not support IPv6 for nginx stable/mainline

@jplatte
Copy link

jplatte commented Feb 4, 2018

@bmw So what's the current state of this? You closed this issue in #5178, but then seem to have reverted your changes. Should this issue be re-opened?

@ohemorange
Copy link
Contributor

@jplatte: We then unreverted the changes. The latest version of Certbot supports IPv6; see some caveats that we plan to fix in #5438.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: nginx feature request
Projects
None yet
Milestone
0.21.0
Development

No branches or pull requests
6 participants
@kirelagin @jplatte @jkldgoefgkljefogeg @ohemorange @emilstahl @bmw