Nginx listening on IPv6 addresses

leonep

• November 28, 2022 04:21

Hi, I use nginx as reverse proxy and i want disable nginx listen on ipv6 for all users. in fact I disabled ipv6 on my server but i still have ipv6 visitors on websites. on default.conf i removed lines: listen [::]:80; listen [::]:443 ssl http2; running /usr/local/cpanel/scripts/ea-nginx config --all does not update /users/*.conf may i miss something?

• 

  leonep

  • November 28, 2022 15:28

  I'm trying to understand better ! to change the configuration i don't have to use the default.conf file but i have to use the file /etc/nginx/ea-nginx/settings.json and rebuild conf this is the default settings.json file { "apache_ssl_port": "444", "apache_port_ip": "127.0.0.1", "apache_ssl_port_ip": "127.0.0.1", "server_names_hash_max_size": 1024, "apache_port": "81", "server_names_hash_bucket_size": 128 } how to edit file for remove following under /etc/nginx/conf.d/users/*.conf? listen [::]:80; listen [::]:443 ssl http2; is it correct? thanks

  0
• 

  cPRex Jurassic Moderator

  • November 28, 2022 17:29

  Hey hey! I wouldn't expect that tool to change the configuration files at all, as that isn't the intended purpose of that script: The ea-nginx Script | cPanel & WHM Documentation I'm not currently finding a way to change that listening behavior. Would it be possible for you to just disable all IPv6 traffic at the server level if you don't need any of that coming into your machine.

  0
• 

  leonep

  • November 28, 2022 18:05

  oh yess ! i have already disabled ipv6... i have some service still listening on ipv6.. btw is not a problem . no more connection on ipv6 now ! with tweak setting " Listen on IPv6 Addresses " i turn off listening cpanel services ,but still have some services i have manual stop exim with directives in exim configuration i also stop pure-ftp on /etc/pure-ftp.conf now i am looking for named ... [root@host]# lsof -i 6 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME chronyd 961 chrony 6u IPv6 17000 0t0 UDP localhost:323 named 1737 named 21u IPv6 25941 0t0 TCP *:domain (LISTEN) named 1737 named 512u IPv6 25939 0t0 UDP *:domain named 1737 named 513u IPv6 25939 0t0 UDP *:domain named 1737 named 514u IPv6 25939 0t0 UDP *:domain named 1737 named 515u IPv6 25939 0t0 UDP *:domain named 1737 named 516u IPv6 25939 0t0 UDP *:domain named 1737 named 517u IPv6 25939 0t0 UDP *:domain named 1737 named 518u IPv6 25939 0t0 UDP *:domain nginx 2538 root 11u IPv6 33906 0t0 TCP *:http (LISTEN) nginx 2538 root 13u IPv6 33908 0t0 TCP *:https (LISTEN) nginx 2543 root 11u IPv6 33906 0t0 TCP *:http (LISTEN) nginx 2543 root 13u IPv6 33908 0t0 TCP *:https (LISTEN) nginx 2544 nobody 11u IPv6 33906 0t0 TCP *:http (LISTEN) nginx 2544 nobody 13u IPv6 33908 0t0 TCP *:https (LISTEN)

  0
• 

  leonep

  • November 28, 2022 19:33

  ok i found how to stop named on ipv6 on /etc/named.conf (option is : listen-on-v6 { none; }; ) now the last is chronyd and nginx any help please?

  0
• 

  leonep

  • November 29, 2022 16:50

  i paste cpanel support reply, just for others guys, and thanks @cPRex After further investigation we do not provide a way disable IPv6 on NGINX as it is configured in the template: server { server_name[% FOREACH domain IN domains %] [% domain %] [%- IF domain.match('^[^\*]') %] www.[% domain %][% IF !mail_subdomain_exists %] mail.[% domain %][% END %][% END %][% END %][% IF ip %] [% ip %][% END %]; listen 80; [% IF !ipv6 %]# server does not have IPv6 enabled: [% END %]listen [::]:80; Please note that as explained before there is no possible way to connect to the server since it is not routing over IPv6, there are no active IPv6 addresses or connections on this server. thanks

  0
• 

  cPRex Jurassic Moderator

  • November 29, 2022 17:39

  I think I mentioned that wasn't possible earlier :D

  0
• 

  leonep

  • November 29, 2022 17:50

  yes but i have stopped all others ! thanks

  0

Please sign in to leave a comment.