Disable IPv6 in nginx proxy_pass

nginx
49,113

Solution 1

Looks like there are a solution since nginx >= 1.5.8: 

 resolver 8.8.8.8 ipv6=off;

You can find more here: http://nginx.org/en/docs/http/ngx_http_core_module.html

Solution 2

Nginx is doing DNS resolution at startup by default.

Include (an empty) variable in the hostname to force Nginx to do resolution at runtime with the specified resolver directive.

location / {
    resolver 1.1.1.1 ipv6=off valid=30s;
    set $empty "";
    proxy_pass https://example.com$empty;
}

Solution 3

Using the resolver did not work for me when using proxy_pass to a https url. I had to modify the sysctl.

  1. Add the following lines in /etc/sysctl.conf.
    net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.conf.eth0.disable_ipv6 = 1 net.ipv6.conf.eth1.disable_ipv6 = 1 net.ipv6.conf.eth2.disable_ipv6 = 1 net.ipv6.conf.eth3.disable_ipv6 = 1
  2. Reboot system with sysctl -p.
  3. Reboot nginx with sudo nginx -s reload.

Solution 4

I had the same issue with fastcgi_pass to localhost. In this special case (i.e., if you are only forwarding to localhost), you can fix this by using

fastcgi_pass 127.0.0.1:9000;

instead of

fastcgi_pass localhost:9000;
Share:
49,113

Related videos on Youtube

Author by

Anton

Updated on September 18, 2022

Comments

  • Anton 3 months

    My server doesn't have IPv6 adresses.

    However, when I use Nginx proxy_pass to upstream with IPv4 and IPv6, sometimes it tries to send outgoing requests using IPv6:

    2013/07/30 00:25:06 [error] 1930#0: *1482670 connect() to [AAAA:BBBB:C:DDD:E:F:GGG:HHH]:443 failed (101: Network is unreachable) while connecting to upstream, client: AA.BB.CC.DD, server: example.com, request: "GET /download/file HTTP/1.0", upstream: "https://[AAAA:BBBB:C:DDD:E:F:GGG:HHH]:443/download/file", host: "example.com"

    How can I disable IPv6 for outgoing requests in proxy_pass?

    nginx.conf:

    upstream download {
  server download.example.com:443;
  keepalive 8;
}
location /download {
  proxy_set_header      X-Forwarded-For  $proxy_add_x_forwarded_for;
  proxy_set_header      Connection "";
  proxy_ignore_headers  X-Accel-Redirect;
  proxy_http_version    1.1;
  resolver              8.8.8.8;
  resolver_timeout      5s;
  proxy_pass            https://download;
}

    nginx -V: 

    nginx version: nginx/1.4.2
built by gcc 4.7.2 (Debian 4.7.2-5)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --with-ipv6

    OS: Debian Wheezy

    Linux 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux

    ip a

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 6c:62:6d:7a:ea:af brd ff:ff:ff:ff:ff:ff
    inet XXX.XXX.XXX.XXX/27 brd XXX.XXX.XXX.XXX scope global eth0
    • Anton over 9 years
      Flup, net.ipv6.bindv6only=0 doesn't help
    • Michael Hampton
      Michael Hampton over 9 years
      That definitely looks wrong. You should have at least IPv6 link-local addresses. What changes have you or your provider made to this server's configuration?
    • Anton over 9 years
      We've added only net.ipv6.conf.all.disable_ipv6=1. Our provider doesn't assign IPv6 using DHCP, so it must be configured manually.
    • Dmitry Polushkin over 6 years
      Is there are anyway to solve that specifically with nginx config, without changing global system settings?
    • Michael Hampton
      Michael Hampton over 3 years
      You should not use the disable_ipv6 sysctl, and you should configure IPv6 if you have it available to you.
    • Pascal Pixel Rigaux about 2 years
      NB: by default nginx handles IPv4 & IPv6 as different "upstream"s. It will use round robin to choose which to use (cf function "ngx_http_upstream_init_round_robin" which uses "ngx_inet_resolve_host")
  • GaryBishop
    GaryBishop almost 3 years
    Solved my problem proxying flickr.
  • GaryBishop
    GaryBishop almost 3 years
    It fixed my problem but now the error log is showing complaints (99: Cannot assign requested address) even though the request apparently succeeds. I'd just like to figure out how to prevent it from trying the ipv6 address.
  • GaryBishop
    GaryBishop almost 3 years
    Adding the ipv6=off to the resolver in nginx along with this fixes it and eliminates the error messages.
  • phiresky
    phiresky over 2 years
    this works but you also need to add $request_uri because it is only added by default when there is no other variable present
  • Pascal Pixel Rigaux about 2 years
    As explained by Pedro, this works for dynamic DNS resolution (when proxy_pass host is dynamic): you must use a variable in the host: http://${empty}example.com
  • GaryBishop
    GaryBishop almost 2 years
    It won't allow me to set the variable empty. I read elsewhere that custom variables aren't allowed. What are you doing to allow the set $empty ""?
  • piotrekkr
    piotrekkr over 1 year
    @phiresky $request_uri is automatically added when there is no /uri/ present in proxy_pass url. See here nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
  • Bennet G. 12 months
    This completely disables ipv6 on the OS. Which can be done if you don't want any ipv6 traffic in our out, but might overshoot on not-resolving ipv6 to your proxy-pass.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Dart http.MultipartRequest not sending data to Lumen after relocating server to a different apache server, Postman works fine
Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response. (nginx)
Failed to start The nginx HTTP and reverse proxy server issue
How to use FastCGI globally and Basic Auth in sublocations in nginx?
Dynamic proxy_pass with map and regexp
How to handle "OPTIONS *" request in nginx?
unable to configure grafana with graphite
How can I make nginx return a static response and send request headers to app?
How to configure Phalcon in the Nginx config file
nginx vs node-http-proxy