SOLVED Nginx listening on IPv6 addresses

leonep

Well-Known Member
Nov 18, 2014
225
18
68
Pescara
cPanel Access Level
Root Administrator
Hi,
I use nginx as reverse proxy and i want disable nginx listen on ipv6 for all users.
in fact I disabled ipv6 on my server but i still have ipv6 visitors on websites.
on default.conf i removed lines:

listen [::]:80;
listen [::]:443 ssl http2;

running
/usr/local/cpanel/scripts/ea-nginx config --all does not update /users/*.conf
may i miss something?
 

leonep

Well-Known Member
Nov 18, 2014
225
18
68
Pescara
cPanel Access Level
Root Administrator
I'm trying to understand better !
to change the configuration i don't have to use the default.conf file but i have to use the file /etc/nginx/ea-nginx/settings.json and rebuild conf

this is the default settings.json file
{
"apache_ssl_port": "444",
"apache_port_ip": "127.0.0.1",
"apache_ssl_port_ip": "127.0.0.1",
"server_names_hash_max_size": 1024,
"apache_port": "81",
"server_names_hash_bucket_size": 128
}

how to edit file for remove following under /etc/nginx/conf.d/users/*.conf?
listen [::]:80;
listen [::]:443 ssl http2;


is it correct? thanks
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
13,329
2,102
363
cPanel Access Level
Root Administrator
Hey hey! I wouldn't expect that tool to change the configuration files at all, as that isn't the intended purpose of that script: The ea-nginx Script | cPanel & WHM Documentation

I'm not currently finding a way to change that listening behavior. Would it be possible for you to just disable all IPv6 traffic at the server level if you don't need any of that coming into your machine.
 
  • Like
Reactions: leonep

leonep

Well-Known Member
Nov 18, 2014
225
18
68
Pescara
cPanel Access Level
Root Administrator
oh yess !
i have already disabled ipv6...
i have some service still listening on ipv6.. btw is not a problem . no more connection on ipv6 now !
with tweak setting " Listen on IPv6 Addresses " i turn off listening cpanel services ,but still have some services
i have manual stop exim with directives in exim configuration
i also stop pure-ftp on /etc/pure-ftp.conf
now i am looking for named ...

[[email protected]]# lsof -i 6
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
chronyd 961 chrony 6u IPv6 17000 0t0 UDP localhost:323
named 1737 named 21u IPv6 25941 0t0 TCP *:domain (LISTEN)
named 1737 named 512u IPv6 25939 0t0 UDP *:domain
named 1737 named 513u IPv6 25939 0t0 UDP *:domain
named 1737 named 514u IPv6 25939 0t0 UDP *:domain
named 1737 named 515u IPv6 25939 0t0 UDP *:domain
named 1737 named 516u IPv6 25939 0t0 UDP *:domain
named 1737 named 517u IPv6 25939 0t0 UDP *:domain
named 1737 named 518u IPv6 25939 0t0 UDP *:domain
nginx 2538 root 11u IPv6 33906 0t0 TCP *:http (LISTEN)
nginx 2538 root 13u IPv6 33908 0t0 TCP *:https (LISTEN)
nginx 2543 root 11u IPv6 33906 0t0 TCP *:http (LISTEN)
nginx 2543 root 13u IPv6 33908 0t0 TCP *:https (LISTEN)
nginx 2544 nobody 11u IPv6 33906 0t0 TCP *:http (LISTEN)
nginx 2544 nobody 13u IPv6 33908 0t0 TCP *:https (LISTEN)
 
Last edited:

leonep

Well-Known Member
Nov 18, 2014
225
18
68
Pescara
cPanel Access Level
Root Administrator
i paste cpanel support reply , just for others guys, and thanks @cPRex


After further investigation we do not provide a way disable IPv6 on NGINX as it is configured in the template:
server {
server_name[% FOREACH domain IN domains %] [% domain %] [%- IF domain.match('^[^\*]') %] www.[% domain %][% IF !mail_subdomain_exists %] mail.[% domain %][% END %][% END %][% END %][% IF ip %] [% ip %][% END %];
listen 80;
[% IF !ipv6 %]# server does not have IPv6 enabled: [% END %]listen [::]:80;

Please note that as explained before there is no possible way to connect to the server since it is not routing over IPv6, there are no active IPv6 addresses
or connections on this server.

thanks