Web server running on IPv6-only instance not reachable from Internet

0

My instance is running in a dual-stack VPC with a public subnet. It has a public IPv6 address (but no public IPv4). The instance runs a web server listening on port 4433. The attached security group has rules to allow inbound traffic on :4433 from 0.0.0.0/0 and from ::/0. The VPC has a NAT64 gateway to allow IPv6 instances to connect to external IPv4-only services.

Connecting to the instance via SSH works fine using: ssh -6 ubuntu@INSTANCE_PUBLIC_IPV6_ADDRESS but trying to access the web server via a browser as https://[INSTANCE_PUBLIC_IPV6_ADDRESS]:4433/ fails with ERR_CONNECTION_REFUSED. I also have a Route53 AAAA record (mysub.mydom.com) resolving to the IPv6 address but https://mysub.mydom.com:4433/ fails the same way.

Vas
asked a month ago1164 views
2 Answers
1
Accepted Answer

Hello.

Is your web server (such as Nginx) configured to listen to IPv6?
I suspect that the web server settings are only allowing it to listen on IPv4.
https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-configure-ipv6-on-nginx.html

profile picture
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile pictureAWS
EXPERT
reviewed a month ago
0

Thank you for the pointer! That was indeed the issue. I'm not using nginx (yet), just allowing direct access to the app via a WSGI server. I didn't realize you must explicitly tell uwsgi to listen for IPv6 hosts: uwsgi --https [::]:$PORT,$SSL_CERT_PATH,$SSL_KEY_PATH --socket /tmp/app.sock --mount ...

Vas
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions