Nginx 1.14.0 fails to start if ipv6 support on host is disabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Nginx |
Won't Fix
|
Undecided
|
Unassigned | ||
nginx (Debian) |
Unknown
|
Unknown
|
|||
nginx (Ubuntu) |
Triaged
|
Low
|
Thomas Ward |
Bug Description
See bug report at https:/
# uname -a
Linux bevand10-
# nginx -V
nginx version: nginx/1.14.0 (Ubuntu) built with OpenSSL 1.1.1 11 Sep 2018 TLS SNI support enabled configure arguments: --with-cc opt='-g -O2 -fdebug-
# ifconfig
docker0: flags=4099<
inet 192.168.249.1 netmask 255.255.255.0 broadcast 192.168.249.255
ether 02:42:19:ba:e6:23 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker_gwbridge: flags=4163<
inet 192.168.250.1 netmask 255.255.255.0 broadcast 192.168.250.255
ether 02:42:19:d7:3f:8e txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1033 bytes 172294 (172.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s31f6: flags=4099<
ether c8:d3:ff:69:38:89 txqueuelen 1000 (Ethernet)
RX packets 1334863 bytes 1058768699 (1.0 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 380949 bytes 134078135 (134.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xe1200000-e1220000
lo: flags=73<
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 4019381 bytes 2054803911 (2.0 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4019381 bytes 2054803911 (2.0 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth3b18948: flags=4163<
ether ba:7a:7f:04:bc:2d txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1033 bytes 172294 (172.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp2s0: flags=4163<
inet 10.56.110.15 netmask 255.255.252.0 broadcast 10.56.111.255
ether f0:d5:bf:01:b7:4c txqueuelen 1000 (Ethernet)
RX packets 17897545 bytes 13685388137 (13.6 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5316328 bytes 1206667801 (1.2 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# nginx -t
nginx: the configuration file /etc/nginx/
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: configuration file /etc/nginx/
Fragment from /etc/nginx/
server {
listen 80 default_server;
listen [::]:80 default_server;
If I comment out the listen [::]:80 ipv6 directive, nginx starts successfully.
This appears to be a recent regression, as previously, absence of ipv6 support on the host would not result is a nginx start error.
For info, this occurred during a today's (2019-07-25) Ubuntu 18.04 upgrade:
nginx/bionic-
nginx-common/
nginx-core/
The running nginx instance was halted because of the defect. What should have been a seamless upgrade was service affecting.
The NGINX team response:
Resolution set to invalid
Status changed from new to closed
You may want to report this to maintainers of the package you are using - by default nginx does not listen on IPv6 addresses.
description: | updated |
description: | updated |
description: | updated |
Thanks for filing this bug in Ubuntu.
I installed nginx 1.14.0-0ubuntu1 from the release pocket of Bionic, i.e., no updates: nginx:~ # apt-cache policy nginx br.archive. ubuntu. com/ubuntu bionic/main amd64 Packages
root@bionic-
nginx:
Installed: 1.14.0-0ubuntu1
Candidate: 1.14.0-0ubuntu1
Version table:
*** 1.14.0-0ubuntu1 500
500 http://
And it already has the listen configuration for ipv6: nginx:~ # grep listen /etc/nginx/ sites-enabled/ default
root@bionic-
listen 80 default_server;
listen [::]:80 default_server;
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
# listen 80;
# listen [::]:80;
I then did a quick "git blame" on that file in the git repository, and that configuration has been there since at least 2014, if I'm reading this correctly: conf/sites- available/ default| grep listen
10:01 $ git blame debian/
659cb474c (Kartik Mistry 2013-04-25 12:51:45 +0530 22) listen 80 default_server;
4f4fcce28 (Christos Trochalakis 2014-10-16 13:34:29 +0300 23) listen [::]:80 default_server;
4f4fcce28 (Christos Trochalakis 2014-10-16 13:34:29 +0300 27) # listen 443 ssl default_server;
4f4fcce28 (Christos Trochalakis 2014-10-16 13:34:29 +0300 28) # listen [::]:443 ssl default_server;
4f4fcce28 (Christos Trochalakis 2014-10-16 13:34:29 +0300 80) # listen 80;
4f4fcce28 (Christos Trochalakis 2014-10-16 13:34:29 +0300 81) # listen [::]:80;
Furthermore, the change introduced in 1.14.0-0ubuntu1.3 is just a rebuild with the newer openssl library that was updated in bionic:
nginx (1.14.0-0ubuntu1.3) bionic; urgency=medium
* No changes rebuild (to build against OpenSSL 1.1.1 in Bionic)
(LP: #1836366)
-- Thomas Ward <email address hidden> Fri, 12 Jul 2019 14:18:43 -0400
If all of a sudden ipv6 was required in an update to a stable release, I'd agree it's surprising to say the least. Are you sure your server didn't get ipv6 disabled before this update, and it was only noticed when nginx was restarted? Has the server always had ipv6 disabled?
If it wasn't failing before, and started to fail now with just the rebuild with new openssl, that's something that has to be investigated, but I just want to clear up that point before we dig in, given the above details I have given.
Thanks!