Web server running on IPv6-only instance not reachable from Internet

Question

My instance is running in a dual-stack VPC with a public subnet. It has a public IPv6 address (but no public IPv4). The instance runs a web server listening on port 4433. The attached security group has rules to allow inbound traffic on :4433 from 0.0.0.0/0 and from ::/0. The VPC has a NAT64 gateway to allow IPv6 instances to connect to external IPv4-only services.

Connecting to the instance *via SSH* works fine using: `ssh -6 ubuntu@INSTANCE_PUBLIC_IPV6_ADDRESS` but trying to access the web server *via a browser* as `https://[INSTANCE_PUBLIC_IPV6_ADDRESS]:4433/` fails with ERR_CONNECTION_REFUSED. I also have a Route53 AAAA record (mysub.mydom.com) resolving to the IPv6 address but `https://mysub.mydom.com:4433/` fails the same way.

Accepted Answer

Hello.

Is your web server (such as Nginx) configured to listen to IPv6?  
I suspect that the web server settings are only allowing it to listen on IPv4.  
https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configure-ipv6-on-nginx.html

Answer

Thank you for the pointer! That was indeed the issue. I'm not using nginx (yet), just allowing direct access to the app via a WSGI server. I didn't realize you must explicitly tell uwsgi to listen for IPv6 hosts:
`uwsgi --https [::]:$PORT,$SSL_CERT_PATH,$SSL_KEY_PATH --socket /tmp/app.sock --mount ...`

Web server running on IPv6-only instance not reachable from Internet

Relevant content