Should listen *:443 bind to IPv4 and IPv6 ?
Maxim Dounin
mdounin at mdounin.ru
Wed Jun 13 15:58:31 UTC 2018
Hello!
On Wed, Jun 13, 2018 at 05:10:51PM +0200, Ralph Seichter wrote:
> On 13.06.18 14:19, Maxim Dounin wrote:
>
> > The "listen *:443" snippet always created only IPv4 listening socket.
>
> That's interesting. Maybe Gentoo Linux did indeed add a custom patch to
> previous nginx versions.
>
> What is the shortest officially recommended way to bind nginx to port
> 443 for both IPv4 and IPv6? I should probably mention that my servers
> usually service multiple domains using TLS SNI.
>
> server {
> listen *:443 ssl;
> listen [::]:443;
> }
>
> works, but perhaps there is method with just one listen statement?
Using
listen 443 ssl;
listen [::]:443 ssl;
should be good enough.
While it is possible to use just one listen statement with an IPv6
address and "ipv6only=off", I would rather recommend to use an
explicit configuration with two distinct listening sockets.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list