IPv6 configuration for a dedicated machine + Nginx

2 minute read

Out Of Date Warning

This article was published on 11/11/2014, this means the content may be out of date or no longer relevant.
You should verify that the technical information in this article is still up to date before relying upon it for your own purposes.

Recently, we stumbled upon IPv6 issues for a side-project. Our server had an IPv6 enabled, but we never configured anything. So some users reported a broken app and running curl from the server to itself doesn't work, either. Running curl with curl -v http://example.com revealed, that curl indeed used the Ipv6 of the server, which Nginx couldn't handle.

Here are some of the steps we've taken, to make Ipv6 work:

Setup DNS Record

To handle Ipv6, you need to setup an AAAA record at your DNS. The tool dig should display it alongside the normal A and CNAME records:

$ dig ANY example.com
example.com.    78788 IN  AAAA  2606:2800:220:6d:26bf:1447:1097:aa7

How to get that IP? Maybe it's displayed at your hoster's interface, or use ip addr on the server:

$ ip addr

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 6c:62:6d:d9:0a:31 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a01:5f8:142:2d8::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::6e63:7dff:fed8:a32/64 scope link
       valid_lft forever preferred_lft forever

Take note of the inet6 part on the eth0 interface with the global (here: 2a01:5f8:142:2d8::2/64). We just ended up putting that part as AAAA entry: 2a01:5f8:142:2d8::1 which seemed to work

Reverse IP

We also put that IP in as Reverse DNS at our hoster's web interface.

Also, update your /etc/hosts, if it not includes the IP:

# /etc/hosts localhost.localdomain localhost hostname.example.com
2a01:5f8:142:2d8::2 hostname.example.com


Just listen to port 80 might be not enough. Add a [::]: before:

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name example.com;
  # ...

(More info here)


If you have no IPv6 connection at home, you can use that site: