Hacker News new | ask | show | jobs
by orlp 985 days ago
Thanks for letting me know. I just double-checked and the AAAA IPv6 record does have the right IP, port 80 is open in the VPS firewall for both IPv4 and v6 and my nginx config does listen on both as well:

    listen 80;
    listen [::]:80;
I'm by no means a networking expert, so I'm a bit puzzled. I'll investigate more in a couple of days, not particularly excited to mess with the system while serving a post on the front page.
1 comments
p4bl0 985 days ago
That's the HTTP config, but the website is served over HTTPS and the HTTP version redirects to it. My bet would be that the HTTPS settings does not bind to IPv6.

Do you have:

    listen [::]:443 ssl;
somewhere in the server {} block where the certificate is declared?

My mobile phone carrier uses IPv6 so I cannot access your website from my phone (except if I connect to a wifi network that uses IPv4).

link
orlp 985 days ago
Yep, I have

    listen [::]:443 ssl;
    listen 443 ssl;
in the server block.
link
p4bl0 985 days ago
Maybe the second line should be "listen 443 ssl;" (without the colon, like in the non-HTTPS version)? That's how it is in my config.

EDIT: orlp updated their comment above, this one is not relevant anymore.

link
orlp 985 days ago
> Maybe the second line should be "listen 443 ssl;" (without the colon, like in the non-HTTPS version)? That's how it is in my config.

That's a clerical error while copying to Hacker News, it is without the colon in my config as well. I've edited the post.

I think I figured it out, Hetzner lists 2a01:4f8:c012:175e::/64 as the IPv6 for my VPS, so I put 2a01:4f8:c012:175e:: in the DNS record. However it seems it only actually listens on 2a01:4f8:c012:175e::1. Probably just me being an idiot and fundamentally misunderstanding how IPv6 addresses work. I've updated it, although it will probably take some time before the DNS cache refreshes.

link
MayeulC 984 days ago
> Hetzner lists 2a01:4f8:c012:175e::/64 as the IPv6 for my VPS

Yup, that's the address prefix, 64 bit long as indicated by the /64. Your VPS can therefore be configured with 2^(128-64)=2^64 IP addresses, as long as they start with that prefix.

The actual IP is chosen by your VPS itself, so I guess it has assigned itself prefix::1. You can see that address with `ip -6 a`. And add new ones if you want: `ip -6 address add 2a01:4f8:c012:175e::2 dev yournetworkcard0`. You can technically add one IP address per service and bypass the reverse proxy by having the services listen on their dedicated IPs. That makes it easy to migrate services to another host (change the AAAA record).

link
p4bl0 985 days ago
It works! :)
link