IPv6 to IPv4

Mon Dec 16 10:36:49 UTC 2019

> On 16 Dec 2019, at 12:14, Rhys Ferris <rhys.j.ferris at gmail.com> wrote:
> 
> hi, sorry for the extreme delay... i was lazy.
> Here's what happens when I connect to my server on IPv6 (mind you, everything works fine if I remove the AAAA record):
> 2019/12/15 22:53:44 [crit] 15662#15662: *2225 bind(<my server's IPv6 address here>) failed (97: Address family not supported by protocol) while connecting to upstream, client: <my desktop's IPv6 address here>, server: domain.net, request: "GET /sonarr/plugins/bower_components/bootstrap-select/bootstrap-select.min.js HTTP/2.0", upstream: 
> "http://192.168.136.135:8989/sonarr/plugins/bower_components/boots
> trap-select/bootstrap-select.min.js"
> , host: "domain.net", referrer: "https://domain.net/sonarr/"
> 
> [...]
> 
> The way I'm reading it is that it is trying to connect from IPv6 source interface to IPv4 destination interface, and well, that obviously doesn't work. Here's my configs
> nginx.conf
> 

Your analysis looks correct (see below).

> [..]
> 
> excerpt of domain.net.conf
> 
> 
> ##Orgv2 Let's encrypt vhost - Non SSL 
> ##vhost_template_v: v1.0.2
> ##author: elmerfdz
> 
> ## 
> http://domain.net redirects to https://domain.net
> 
> #	include config/domain.net/http_server.conf; 
> upstream sonarr-upstream { server 192.168.136.135:8989; }
> upstream radarr-upstream { server 192.168.136.135:7878; }
> upstream tautulli-upstream { server 192.168.136.141:8181; }
> upstream webmin-upstream { server 192.168.136.130:10000; }
> 
> ## Serves 
> https://www.domain.net
> 
> server {
> 	listen 443 ssl http2; listen [::]:443 ssl http2;
> 	server_name domain.net;
> 	include /etc/nginx/config/domain.net/ssl.conf; #edit path to your certs
> 	root /var/www/domain.net/html;
> 	index index.php index.html index.htm index.nginx-debian.html;
> 	location ~ /auth-(.*) { rewrite ^/auth-(.*) /api/?v1/auth&group=$1; } #Org Auth
> 	error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
> 	location / {try_files $uri $uri/ =404;}
> 	include config/domain.net/phpblock.conf;  #PHP Block
>         location /sonarr/ {
>             proxy_pass 
> http://sonarr-upstream
> ;
>             include config/domain.net/proxy.conf;
>             error_page 400 401 403 404 405 408 500 502 503 504  /?error=$status;  #error page
>         }
>     ssl_certificate /etc/letsencrypt/live/domain.net/fullchain.pem; # managed by Certbot
>     ssl_certificate_key /etc/letsencrypt/live/domain.net/privkey.pem; # managed by Certbot
> 
> 
> And on the off chance you need it, heres proxy.conf
> 
> client_max_body_size 10m;
> client_body_buffer_size 128k;
> proxy_bind $server_addr;

Try removing this directive, that's likely the culprit.
Your backend addresses are IPv4, while you're trying binding IPv6 ($server_addr),
hence address family mismatch.  That's not going to work.

-- 
Sergey Kandaurov