Welcome! Log In Create A New Profile

Advanced

Nginx and ipv6

January 15, 2011 08:57AM
Hi,

I have a small server running nginx and hosting a dokuwiki site. For security reason some directories of the dokuwiki install should be accessed by the outside world so my nginx site file is like that :

[code]
server {

listen 80; ## listen for ipv4

server_name XXX;

access_log /var/log/nginx/xxx.access.log;
error_log /var/log/nginx/xxx.error.log notice;
rewrite_log on;
root /var/www/xxx;
index doku.php;

location ~ ^/(data|conf|bin|inc) {
deny all;
}

location / {
try_files $uri $uri/ @dokuwiki;
}

location @dokuwiki {
rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
rewrite ^/tag/(.*) /doku.php?id=tag:$1&do=showtag&tag=tag:$1 last;
rewrite ^/(.*) /doku.php?id=$1&$args last;
}


location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
}
[/code]

Notice the fact that the directories data, conf, bin and inc are denied.

With ipv4 only (like in the previous config file), everything works great : the wiki is working great and the forbidden directories are well protected.

Yesterday I made one change listen 80 -> listen [::]:80 (to enable ipv6) and all the forbidden directories are not protected anymore (anybody with ipv4 or ipv6 can access them). Reverting to ipv4 (listen 80) fix the problem.

I tried to change my configuration file that way
[code]
listen 80; ## listen for ipv4
listen [::]:80 default ipv6only=on;
[/code]
to have two explicit bind.

And if I force my browser to use ipv4 the directories are protected. If my browser use ipv6 the directories are not protected anymore.

So I have many questions :
- Is my configuration file wrong ?
- Is there something wrong with ipv6 and nginx ?
- Does anybody already had this problem ?


Thanks in advance.

Vlad
Subject Author Posted

Nginx and ipv6

vlad59 January 15, 2011 08:57AM

Re: Nginx and ipv6

Maxim Dounin January 15, 2011 10:10AM

Re: Nginx and ipv6

vlad59 January 15, 2011 10:51AM

Re: Nginx and ipv6

toto2008 January 16, 2011 04:02PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready