NGINX - ipv6


#1

A few days ago our NGINX reverse proxy startet to do weird stuff - at least, I thought so. When you tried to open https://meta.it-syndikat.org you got an error message regarding the ssl certificate not matching the url you’re trying to open.

First, it seemed hat the problem fixed itself - even that shouldn’t be possible in the first place. Reason being: I opened the same website in the same browser an hour later, but on a different location.

Some investigation later - and with some input from others - I realized that same webpace is working perfectly if I tried to connect via ipv4. A little more into it, I came across the SLI plugin from NGINX, but that wasn’t responsible for the problem.

Today, after fiddeling around with the config files of the virtual hosts on the reverse proxy I finally found out what cauesd the problem: It seems, NGINX does some weird stuff, if it doesn’t know from which network interface the request came through.

Changing the line

listen [::}:443:

to the server’s own ipv6 address

listen [aaaa:bbbb:cccc::1]:443:

fixed the problem