How to Enable or Disable IPv6 in NGINX

NGINX is a popular reverse proxy and web server that has built-in IPv6 support, which provides more expansive address ranges. Also, it has improved network performance compared to IPv4. It is not necessary that the IPv6 protocol will support your system or environment. It ought to work together, too.

With IPv6 offering an abundance of unique addresses, it is essential for web servers to adapt and configure their networks to support this new protocol.

In this article, we will provide a step-by-step guide on how to enable and disable IPv6 on the NGINX web server.

How to Configure IPv6 on NGINX

Before configuring IPv6 on NGINX, ensure that your server and network infrastructure support IPv6 by running the ip command as shown.

$ ip addr show | grep inet6

Output:

inet6 ::1/128 scope host
	inet6 2001:0db8:85a3:8a2e:0370:7334/64 scope global temporary dynamic
	inet6 fe80::a00:27ff:fe4e:66a8/64 scope link

This command retrieves the network interface information and filters it to display only the IPv6 addresses. The output will contain multiple lines, but we are specifically interested in the line that includes the term “scope global“, which indicates the globally routable IPv6 address.

To configure IPv6 on NGINX, you need to update the NGINX configuration file located at /etc/nginx/nginx.conf, /etc/nginx/sites-enabled/default or /etc/nginx/conf.d/domain.conf, depending on your specific distribution.

$ sudo nano /etc/nginx/nginx.conf             [main configuratin file]
$ sudo nano /etc/nginx/sites-enabled/default  [default virtual host file]
$ sudo nano /etc/nginx/conf.d/domain.conf     [domain specific virtual host file]

Inside the configuration file, locate the http block, which contains the main HTTP server configuration, and add the following line to enable IPv6:

server {
	listen 80 default_server;
	listen [2001:0db8:85a3:8a2e:0370:7334]:80 default_server;
}

This line instructs NGINX to listen only to specific IPv6 addresses on port 80.

If you are running an HTTPS-enabled server, add the following line to enable IPv6 for HTTPS:

server {
	listen 443 default_server;
	listen [2001:0db8:85a3:8a2e:0370:7334]:443 default_server;
}

If you want to NGINX to listen on all available IPv6 addresses on ports 80 and 443, add the following line.

server {
	listen 80 default_server;
	listen [::]:80;
}
server {
	listen 443 default_server;
	listen [::]:443 ssl;
}

You can also configure NGINX in such a way that it does not completely disables IPv6 protocol but prioritizes IPv4 as shown.

server {
	listen [2001:0db8:85a3:8a2e:0370:7334]:80 ipv6only=on default_server;
}

server {
	listen [2001:0db8:85a3:8a2e:0370:7334]:443 ipv6only=on default_server;
}

By limiting the IPv6 listeners, this directive makes sure that NGINX predominantly processes IPv4 traffic. It permits some IPv6 support, although IPv4 is still prioritised.

After making changes to the NGINX configuration file, you need to check and restart the NGINX service for the changes to take effect.

$ sudo nginx -t
$ sudo systemctl restart nginx

A socket in the LISTEN state for the IPv6 address on the specified port may also be confirmed using the ss command. This demonstrates that NGINX is actively monitoring the specified IPv6 address for inbound connections.

$ sudo ss -ltpn

Output:

State  Recv-Q Send-Q         Local Address:Port                     Peer Address:Port Process
LISTEN 0  	4096             127.0.0.53%lo:53      	                0.0.0.0:* 	users:(("systemd-resolve",pid=454,fd=14))
LISTEN 0  	128              0.0.0.0:22      	                    0.0.0.0:* 	users:(("sshd",pid=586,fd=3))
LISTEN 0  	511 	         [2001:0db8:85a3:8a2e:0370:7334]:80     [::]:* 	users:(("nginx",pid=3928,fd=6),("nginx",pid=3927,fd=6))
LISTEN 0  	128              [::]:22                             	[::]:* 	users:(("sshd",pid=586,fd=4))

The line with the given IPv6 address and port number should appear in the output, which is indicated by the line [2001:0db8:85a3:8a2e:0370:7334]:80. Additionally presented is the PID (Process ID) for the related process.

How to Disable IPv6 on NGINX

The IPv6 can be simply disabled by editing the NGINX configuration file using the nano editor.

$ sudo nano /etc/nginx/nginx.conf             [main configuratin file]
$ sudo nano /etc/nginx/sites-enabled/default  [default virtual host file]
$ sudo nano /etc/nginx/conf.d/domain.conf     [domain specific virtual host file]

To disable IPv6, you need to comment out or remove any lines related to IPv6 configuration. Look for lines that start with listen [::], listen [::]:80 or listen [::]:443. Comment out these lines by adding a # at the beginning of each line.

# listen [::]:80;
# listen [::]:443 ssl;
# listen [::]

After making the necessary changes to the NGINX configuration file, you must restart the NGINX service for the modifications to take effect.

$ sudo systemctl restart nginx

To confirm that IPv6 has been successfully disabled on NGINX, run the following ss command again.

$ ss -tuln | grep nginx

If no entries related to IPv6 addresses are displayed, it indicates that NGINX is no longer listening on IPv6.

Conclusion

This article’s instructions may now be successfully used to enable or disable IPv6 setup for your NGINX server. Although testing your server with multiple IPv4 and IPv6 setups is strongly encouraged to ensure top server performance.

Remember to consider the security of your web server. You must decide whether to give IPv4 traffic priority if necessary.