Ubuntu
eglibc package

apache2 does not listen on ipv6 at all when there is no routable IPv6 address

Bug #633981 reported by Loïc Minier on 2010-09-09

This bug report is a duplicate of: Bug #397393: can't bind to ::1. Edit Remove

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	eglibc (Ubuntu)	Confirmed	Medium	Unassigned

Bug Description

Binary package hint: apache2

I created a lucid vm on a lucid host (with routable IPv6, but that's irrelevant) with vm-builder and installed apache2, then added a virtualhost configuration.

From a job on that same vm, I'm doing "wget http://$hostname.$domainname/somefile" which should download a file via apache2.

This first fails with IPv6 then succeeds with IPv4:
+ wget -O .config http://somehost.example.com/somefile
--2010-09-09 12:45:21-- http://somehost.example.com/somefile
Resolving somehost.example.com... ::1, 127.0.1.1
Connecting to somehost.example.com|::1|:80... failed: Connection refused.
Connecting to somehost.example.com|127.0.1.1|:80... connected.
HTTP request sent, awaiting response... 200 OK

I checked with netstat, and apache2 does NOT listen on port 80 for IPv6 connections, only for IPv4. Another http server (java based) on the same host DOES listen on both and works fine with a similar wget test.

I added a routable IPv6 address with something like:
sudo ip addr add 2a01:e35:xxxx:xxxxxxxx/64 dev eth0
(even if it's actually not routed)
restarted apache2, and wget / w3m would be able to connect to http://ip6-localhost.

I removed the address with ip addr del, restarted apache2, and wget/w3m didn't work anymore, apache2 wasn't listening anymore.

It seems apache2 or possibly eglibc change behavior depending on whether there is a routable IPv6 address, and apache2 doesn't consider listening on ::1 which is a bug preventing local ipv6 traffic.

Thanks,

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: apache2 2.2.14-5ubuntu8
ProcVersionSignature: Ubuntu 2.6.32-24.42-server 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-server x86_64
Architecture: amd64
Date: Thu Sep 9 14:14:13 2010
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: apache2

Tags:

Revision history for this message

Loïc Minier (lool) wrote on 2010-09-09:

Dependencies.txt Edit (1.7 KiB, text/plain; charset="utf-8")

Revision history for this message

dazza5000 (darran-kelinske) wrote on 2010-09-09:

Loic,

Thank you for reporting this. Do you know if this is specific to Ubuntu? Have you tried it on other distros? I will look for an upstream bug in the meantime.

Darran

Revision history for this message

Loïc Minier (lool) wrote on 2010-09-09:

I didn't try on other distros, no; I did check the build log to confirm we weren't passing any --enable/--disable-v4-mapped and we don't.

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2010-09-10:

Hi Loic,

I see the same effect, just booted a Lucid EC2 instance and apache does not listen on ::1

In fact, I can't make it listen on ::1 explicitly with

Listen [::1]:80

Even though that exists on the loopback according to ip addr list/ifconfig. I get this error:

... waiting [Fri Sep 10 22:57:04 2010] [crit] (EAI 9)Address family for hostname not supported: alloc_listener: failed to set up sockaddr for ::1
Syntax error on line 9 of /etc/apache2/ports.conf:

But when I've added a routable ipv6 address it works fine!

Marking Confirmed.

Setting Importance to Medium. While ipv6 is not the norm now, We need to make sure we support IPv6 users/developers/etc. now, and this may signal something broken deeper down in the system.

Changed in apache2 (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Medium

Clint Byrum (clint-fewbar) on 2010-09-10

summary:

- apache2 doens't listen on ::1 when there is no routable IPv6 address
+ apache2 does not listen on ipv6 at all when there is no routable IPv6
+ address

Revision history for this message

Stefan Fritsch (sf-sfritsch) wrote on 2010-09-12:

It seems reasonable to not listen on IPv6 if no v6 address is configured. Unfortunately, Apache (or rather APR) does this by using getaddrinfo's AI_ADDRCONFIG flag. And glibc seems to ignore IPv6 addresses of scope host (i.e. ::1) when deciding if an v6 address is configured. For me, the default fe80::* address of scope link that is configured on eth0 is enough to make getaddrinfo return v6 addresses. If I delete that address, getaddressinfo returns only the v4 address.

So, this looks more like a problem of eglibc than apache/APR to me.

Stefan Fritsch (sf-sfritsch) on 2010-09-12

affects:

apache2 (Ubuntu) → eglibc (Ubuntu)

Revision history for this message

Alex Athanasopoulos (filopodaros) wrote on 2010-11-15:

What is the workaround? What is a good way to automatically add an ip6 address to say my eth0 interface at boot time before apache2 starts? (for those of use that are not proficient in network initialization).

I've switched my local http applications to ipv6 to familiarize myself with ipv6 but I ran into this. I also thought using ipv6 would give me an easier to administer firewall, since ipv6 and ipv4 packets go through separate packet filters.

Revision history for this message

Loïc Minier (lool) wrote on 2010-11-15:

Add some public IPv6 to your box; perhaps with some tunnel broker?

Revision history for this message

Alex Athanasopoulos (filopodaros) wrote on 2010-11-16:

Just any ipv6 for my own private network.
For example, if I do this: sudo ifconfig eth0 add 1::2
...then apache starts listening on :::80
I just want this to be done automatically at boot time.
Perhaps by putting some commands in /etc/network/interfaces?