Nginx configuration with IPv6

Hello all,

I got my openhab 3.4 running on openhabian and I am very pleased with it.
It is running behind nginx, with my own domain registered an with valid certificates.
All well.

BUT: I got my „Deutsche Glasfaser“ this week an now I am on a IPv6 connection.
Which is cool, but the nginx which is installed on the openhabian does no IPv6.
I am confident, that I placed the correct listen directives in the configuration and the dyndns resolves to the correct IP address, IPv4 and IPv6.
Running the IOS App in my local network, which is IP4, does all the magic. Outside , in WAN, the portforwarding does not happen.
Is there a way to enable IPv6 in nginx? If I do nginx -V there is no --withIPv6 listed.
Thanks for your help!

I don’t know if this is valid for your router but I would assume that you have to enable something on your router/modem to forward the request into your network.

But be CAREFULL allowing access from the internet to your equipment may allow users from the internet to get into your network. describes a few steps to be done during configuration. I assume that you are already aware of them.

What does ‘all the magic’ mean ? In case the app runs on a device using IPv4 then I would say there is no magic behind.

I would go the other way and disable IPv6. At this point in time, there’s no real benefit to it on a home network. I disabled IPv6 when I installed openHABian (I think it was an option in the Raspberry Pi installer).

Maybe an IPv6 option would be useful to add to openhabian-config?

Good morning, thanks for your replies.

Just to clarify: it does all the magic means it working as expected :innocent:
The portforewarding on the FRITZ!box is set up for IPv4 and IPv6 for just one port.
That’s the port nginx listens to. With IPv4 it’s working well, with IPv6 not.

It think enabling IPv6 on nginx would do the trick. But the one I get with apt-get install nginx is without IPv6.

I found a description using the configure procedure to build a IPv6 capable version.
But I hope to find an easier solution.

Am I the first with this task?

Happy weekend 4 all :grinning:

How do you know that it is not supported ?
In case IPv6 is not supported by nginx then I would expect to see an error message during startup of nginx due to the fact that the configuration for IPv4 and IPv6 is different.
If you configured nginx to use IPv6 and the startup does not complain about the included IPv6 syntac/configuration then it must be supported.

An easy test should be to configure nginx to use a port for IPv6 locahost or even on the IPv6 ethernet address of your device. Bind a web page to it ( should be supported by nginx ).
Then use your browser ( pay attention if localhost is used or the ethernet address with localhost the browser needs to run on the same device ) or telnet -6 command to connect to the port listening on IPv6/TCP6 protocol.

It is safer to block requests from the WAN and instead use a VPN to access hosts on your LAN. I use Wireguard for this, it’s quite easy to set up, there are a lot of guides on the internet.

My installation also uses openhabian and does not show --withIPv6 but does support IPv6.
See last line returned by following command:

netstat -tulpn | grep nginx
tcp        0      0    *               LISTEN      3187/nginx: master  
tcp        0      0   *               LISTEN      3187/nginx: master  
tcp6       0      0 :::8888                 :::*                    LISTEN      27275/nginx: master
1 Like

Thanks for ideas. I will give them a try when I am back home on Sunday.
I use WireGuard VPN in my setup and I did all the security considerations VPN vs. portforewarding to nginx.
I want both. The one port for a convenient access for the openhab app, and WireGuard for alle other access to my local network, which is seldom.

Thanks, Thomas

Every IPv6 capable router that I have come across does exactly that. You then have to punch holes in the firewall as needed for your purposes.

I would not recommend using a VPN if the desired goal can be fulfilled with already available resources (in this case, IPv6), on the grounds that the more complex solution increases the maintenance burden as well as the threat analysis effort for no apparent gain in a simple case such as this.

This is right up my alley.

But how can I do it?
I don’t get it to work.

And I did not find any helpful article on the interwebs.

All Nginx versions from 1.11.5 (11 Oct 2016) onwards are always built with automatic IPv6 support (if available on the host platform), so I would start by checking:

  • Is IPv6 enabled on your OpenHAB server? (ip addr and see what you get)
  • Is IPv6 enabled on your fibre router? Just because it supports it doesn’t mean it will ship with it enabled.
  • Are you able to reach OpenHAB locally (i.e., from your LAN) over IPv6? (curl -6 http://openhab:8080/ or curl -6 'http://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:8080/' – replacing with the actual IPv6 address of your OpenHAB server, of course!)
  • Did you punch a hole in your router’s firewall to allow external access to port 8080 on the OpenHAB server?

It’s there: openHABian | openHAB

And frankly, why run nginx at all. Myopenhab will do the trick a lot better and safer.

1 Like