Webserver on ipv6

Having issues with your DietPi installation or found a bug? Post it here.
trigrhappy
Posts: 27
Joined: Sat Aug 31, 2019 6:38 am

Webserver on ipv6

Post by trigrhappy »

So I've been hosting my content on ipv4, but have made the move to SpaceX's Starlink satellite internet (the upload speeds alone are usually in excess of 70mb!). The problem is the ipv4 is behind a CGNAT, but since it has working ipv6 I don't need to worry about NAT at all anymore. So I've written a cronjob to update my ipv6 IP with Google Domains (which my domain is registered on) and verified that it registers the proper IPV6 address.

The issue I have now as that it simply doesn't work. I suspect that I must open port 80 specifically on my IPV6, but I don't know where to begin. I verified port 80 is open and available (and that my website etc is working properly on port 80 from its ipv4 address on my LAN. I'm using lighttpd.

Any advice is appreciated.
User avatar
Joulinar
Posts: 4502
Joined: Sat Nov 16, 2019 12:49 am

Re: Webserver on ipv6

Post by Joulinar »

Hi,

not sure if you already did but I guess you would need to activate port forwarding on IPv6 on your internet router or at least define the port to be forwarded on IPv6.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
trigrhappy
Posts: 27
Joined: Sat Aug 31, 2019 6:38 am

Re: Webserver on ipv6

Post by trigrhappy »

No port forwarding is necessary on ipv6 since the connection is directly from the client to the server. The router can block or allow traffic to or from any computer connected behind it (in a native IPV6 environment, the "router" is essentially just a hardware firewall), but there's no conventional address translation or forwarding to be done.

I've verified that port 80 is not blocked to the dietpi server (on neither ipv4 nor ipv6) from any client.

Dietpi-config network/adapter options do not display any ipv6 information (just that it is enabled)..... When I select "Ethernet Details" only ipv4 information is displayed. I don't know if its related to my webserver on port 80 not being accessible via ipv6, but it is worth mentioning.
User avatar
Joulinar
Posts: 4502
Joined: Sat Nov 16, 2019 12:49 am

Re: Webserver on ipv6

Post by Joulinar »

but still the port would need to be open on your router. Isn't it? Otherwise it would mean you server is fully expose to the internet.

As well you could check if your web server is listen on the IPv6 address.

Code: Select all

ss -tulpn | grep LISTEN
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
trigrhappy
Posts: 27
Joined: Sat Aug 31, 2019 6:38 am

Re: Webserver on ipv6

Post by trigrhappy »

Yes, on my router i have specifically set all connections to port 80 be allowed to my server's ipv6 address.

Code: Select all

root@superDietPi:~# ss -tulpn | grep LISTEN
tcp    LISTEN  0       50                                         0.0.0.0:58846                                                                                                             0.0.0.0:*      users:(("deluged",pid=21597,fd=17))
tcp    LISTEN  0       64                                         0.0.0.0:44703                                                                                                             0.0.0.0:*
tcp    LISTEN  0       128                                        0.0.0.0:44735                                                                                                             0.0.0.0:*      users:(("rpc.mountd",pid=21346,fd=17))
tcp    LISTEN  0       5                                          0.0.0.0:6881                                                                                                              0.0.0.0:*      users:(("deluged",pid=21597,fd=13))
tcp    LISTEN  0       64                                         0.0.0.0:2049                                                                                                              0.0.0.0:*
tcp    LISTEN  0       100                                        0.0.0.0:6789                                                                                                              0.0.0.0:*      users:(("nzbget",pid=21582,fd=5))
tcp    LISTEN  0       128                                        0.0.0.0:52133                                                                                                             0.0.0.0:*      users:(("rpc.mountd",pid=21346,fd=9))
tcp    LISTEN  0       80                                       127.0.0.1:3306                                                                                                              0.0.0.0:*      users:(("mysqld",pid=21457,fd=40))
tcp    LISTEN  0       128                                      127.0.0.1:6379                                                                                                              0.0.0.0:*      users:(("redis-server",pid=21375,fd=7))
tcp    LISTEN  0       128                                        0.0.0.0:54123                                                                                                             0.0.0.0:*      users:(("rpc.mountd",pid=21346,fd=13))
tcp    LISTEN  0       50                                         0.0.0.0:139                                                                                                               0.0.0.0:*      users:(("smbd",pid=21325,fd=32))
tcp    LISTEN  0       5                                          0.0.0.0:5901                                                                                                              0.0.0.0:*      users:(("Xtigervnc",pid=768,fd=7))
tcp    LISTEN  0       128                                        0.0.0.0:8686                                                                                                              0.0.0.0:*      users:(("mono",pid=21671,fd=8))
tcp    LISTEN  0       128                                        0.0.0.0:111                                                                                                               0.0.0.0:*      users:(("rpcbind",pid=394,fd=4),("systemd",pid=1,fd=56))
tcp    LISTEN  0       128                                        0.0.0.0:10000                                                                                                             0.0.0.0:*      users:(("miniserv.pl",pid=21770,fd=5))
tcp    LISTEN  0       50                                         0.0.0.0:8112                                                                                                              0.0.0.0:*      users:(("deluge-web",pid=21685,fd=5))
tcp    LISTEN  0       128                                        0.0.0.0:80                                                                                                                0.0.0.0:*      users:(("lighttpd",pid=21555,fd=4))
tcp    LISTEN  0       128                                        0.0.0.0:8084                                                                                                              0.0.0.0:*      users:(("mono",pid=478,fd=5))
tcp    LISTEN  0       10                                         0.0.0.0:8085                                                                                                              0.0.0.0:*      users:(("python",pid=21781,fd=5))
tcp    LISTEN  0       128                                        0.0.0.0:22                                                                                                                0.0.0.0:*      users:(("dropbear",pid=739,fd=3))
tcp    LISTEN  0       128                                        0.0.0.0:443                                                                                                               0.0.0.0:*      users:(("lighttpd",pid=21555,fd=6))
tcp    LISTEN  0       128                                        0.0.0.0:8989                                                                                                              0.0.0.0:*      users:(("mono",pid=21650,fd=10))
tcp    LISTEN  0       50                                         0.0.0.0:445                                                                                                               0.0.0.0:*      users:(("smbd",pid=21325,fd=31))
tcp    LISTEN  0       128                                              *:8096                                                                                                                    *:*      users:(("EmbyServer",pid=21613,fd=231))
tcp    LISTEN  0       5                                             [::]:6881                                                                                                                 [::]:*      users:(("deluged",pid=21597,fd=12))
tcp    LISTEN  0       64                                            [::]:2049                                                                                                                 [::]:*
tcp    LISTEN  0       128                                           [::]:56737                                                                                                                [::]:*      users:(("rpc.mountd",pid=21346,fd=19))
tcp    LISTEN  0       128                                              *:7878                                                                                                                    *:*      users:(("Radarr",pid=21663,fd=206))
tcp    LISTEN  0       128                                           [::]:37255                                                                                                                [::]:*      users:(("rpc.mountd",pid=21346,fd=11))
tcp    LISTEN  0       128                                           [::]:58569                                                                                                                [::]:*      users:(("rpc.mountd",pid=21346,fd=15))
tcp    LISTEN  0       128                                          [::1]:6379                                                                                                                 [::]:*      users:(("redis-server",pid=21375,fd=8))
tcp    LISTEN  0       50                                            [::]:139                                                                                                                  [::]:*      users:(("smbd",pid=21325,fd=30))
tcp    LISTEN  0       64                                            [::]:45005                                                                                                                [::]:*
tcp    LISTEN  0       5                                             [::]:5901                                                                                                                 [::]:*      users:(("Xtigervnc",pid=768,fd=8))
tcp    LISTEN  0       128                                           [::]:111                                                                                                                  [::]:*      users:(("rpcbind",pid=394,fd=6),("systemd",pid=1,fd=58))
tcp    LISTEN  0       128                                           [::]:80                                                                                                                   [::]:*      users:(("lighttpd",pid=21555,fd=5))
tcp    LISTEN  0       128                                              *:21                                                                                                                      *:*      users:(("proftpd",pid=21303,fd=0))
tcp    LISTEN  0       128                                           [::]:22                                                                                                                   [::]:*      users:(("dropbear",pid=739,fd=4))
tcp    LISTEN  0       128                                              *:9117                                                                                                                    *:*      users:(("jackett",pid=9036,fd=190))
tcp    LISTEN  0       50                                            [::]:445                                                                                                                  [::]:*      users:(("smbd",pid=21325,fd=29))
I take from that:

Code: Select all

tcp    LISTEN  0       128                                           [::]:80                                                                                                                   [::]:*      users:(("lighttpd",pid=21555,fd=5))
Likely means yes, it's listening?
trigrhappy
Posts: 27
Joined: Sat Aug 31, 2019 6:38 am

Re: Webserver on ipv6

Post by trigrhappy »

I've verified that the ipv6 address is live by manually entering it into a web browser and connecting to my open Emby instance.

When I try to connect to port 80, it simply says "Connection Refused". I did notice that it's automatically appending "https://" to the front of the address, even when I change it to "http://". That makes me suspect it's an ssl issue. Unfortunately, I'm not able to run dietpi-letsencrypt to get a new certificate since it says its publicly inaccessable.

I'll continue troubleshooting tomorrow. Thank you for all of your help thus far!
User avatar
Joulinar
Posts: 4502
Joined: Sat Nov 16, 2019 12:49 am

Re: Webserver on ipv6

Post by Joulinar »

yes lighttpd is LISTEN on IPv6 port 80 but on 80 only. It would need to listen on port 443 as well. Like it is on IPv4

Code: Select all

tcp LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("lighttpd",pid=21555,fd=4))
tcp LISTEN 0 128 0.0.0.0:443 0.0.0.0:* users:(("lighttpd",pid=21555,fd=6))
I guess you activated http > https redirect on dietpi-letsencrypt. Therefore you will be forwarded to https, always.

Maybe your issue will be addressed on next DietPi release already. At least there is note on the changelog for current BETA

https://github.com/MichaIng/DietPi/blob ... OG.txt#L12
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
trigrhappy
Posts: 27
Joined: Sat Aug 31, 2019 6:38 am

Re: Webserver on ipv6

Post by trigrhappy »

Updated to the beta. Still no dice.

Code: Select all

DietPi v7.1.1 (beta) : 18:22 - Tue 04/27/2021
 ─────────────────────────────────────────────────────
 - Device model : Native PC (x86_64)
 - LAN IP : 192.168.0.3 (eth0)
 - Freespace (RootFS) : 309G
 - MOTD : Open Beta v7.1, please help testing the upcoming release:
          https://github.com/MichaIng/DietPi/issues/4294
 ─────────────────────────────────────────────────────

 DietPi Team     : MichaIng (lead), Daniel Knight (founder), Joulinar (support)
 Image by        : DietPi Core Team (pre-image: Debian mini.iso)
 Web             : https://dietpi.com | https://twitter.com/DietPi_
 Patreon Legends : Camry2731
 Contribute      : https://dietpi.com/contribute.html
 DietPi Hosting  : Powered by https://myvirtualserver.com

 dietpi-launcher : All the DietPi programs in one place.
 dietpi-config   : Feature rich configuration tool for your device.
 dietpi-software : Select optimized software for installation.
 htop            : Resource monitor.
 cpu             : Shows CPU information and stats.

root@superDietPi:~# ss -tulpn | grep LISTEN
tcp    LISTEN  0       100                                        0.0.0.0:6789                                                   0.0.0.0:*      users:(("nzbget",pid=1864,fd=6))
tcp    LISTEN  0       80                                       127.0.0.1:3306                                                   0.0.0.0:*      users:(("mysqld",pid=1765,fd=19))
tcp    LISTEN  0       128                                      127.0.0.1:6379                                                   0.0.0.0:*      users:(("redis-server",pid=1694,fd=7))
tcp    LISTEN  0       50                                         0.0.0.0:139                                                    0.0.0.0:*      users:(("smbd",pid=789,fd=32))
tcp    LISTEN  0       5                                          0.0.0.0:5901                                                   0.0.0.0:*      users:(("Xtigervnc",pid=771,fd=7))
tcp    LISTEN  0       128                                        0.0.0.0:8686                                                   0.0.0.0:*      users:(("mono",pid=1893,fd=8))
tcp    LISTEN  0       128                                        0.0.0.0:111                                                    0.0.0.0:*      users:(("rpcbind",pid=394,fd=4),("systemd",pid=1,fd=33))
tcp    LISTEN  0       128                                        0.0.0.0:10000                                                  0.0.0.0:*      users:(("miniserv.pl",pid=1977,fd=5))
tcp    LISTEN  0       50                                         0.0.0.0:8112                                                   0.0.0.0:*      users:(("deluge-web",pid=1900,fd=5))
tcp    LISTEN  0       128                                        0.0.0.0:80                                                     0.0.0.0:*      users:(("lighttpd",pid=1850,fd=4))
tcp    LISTEN  0       64                                         0.0.0.0:34769                                                  0.0.0.0:*
tcp    LISTEN  0       128                                        0.0.0.0:44625                                                  0.0.0.0:*      users:(("rpc.mountd",pid=828,fd=9))
tcp    LISTEN  0       128                                        0.0.0.0:8084                                                   0.0.0.0:*      users:(("mono",pid=476,fd=5))
tcp    LISTEN  0       10                                         0.0.0.0:8085                                                   0.0.0.0:*      users:(("python",pid=1981,fd=5))
tcp    LISTEN  0       128                                        0.0.0.0:22                                                     0.0.0.0:*      users:(("dropbear",pid=717,fd=3))
tcp    LISTEN  0       128                                        0.0.0.0:53337                                                  0.0.0.0:*      users:(("rpc.mountd",pid=828,fd=17))
tcp    LISTEN  0       128                                        0.0.0.0:443                                                    0.0.0.0:*      users:(("lighttpd",pid=1850,fd=6))
tcp    LISTEN  0       128                                        0.0.0.0:58971                                                  0.0.0.0:*      users:(("rpc.mountd",pid=828,fd=13))
tcp    LISTEN  0       128                                        0.0.0.0:8989                                                   0.0.0.0:*      users:(("mono",pid=1887,fd=10))
tcp    LISTEN  0       50                                         0.0.0.0:445                                                    0.0.0.0:*      users:(("smbd",pid=789,fd=31))
tcp    LISTEN  0       50                                         0.0.0.0:58846                                                  0.0.0.0:*      users:(("deluged",pid=1875,fd=17))
tcp    LISTEN  0       5                                          0.0.0.0:6881                                                   0.0.0.0:*      users:(("deluged",pid=1875,fd=13))
tcp    LISTEN  0       64                                         0.0.0.0:2049                                                   0.0.0.0:*
tcp    LISTEN  0       128                                              *:7878                                                         *:*      users:(("Radarr",pid=1890,fd=206))
tcp    LISTEN  0       128                                          [::1]:6379                                                      [::]:*      users:(("redis-server",pid=1694,fd=8))
tcp    LISTEN  0       50                                            [::]:139                                                       [::]:*      users:(("smbd",pid=789,fd=30))
tcp    LISTEN  0       64                                            [::]:44429                                                     [::]:*
tcp    LISTEN  0       5                                             [::]:5901                                                      [::]:*      users:(("Xtigervnc",pid=771,fd=8))
tcp    LISTEN  0       128                                           [::]:111                                                       [::]:*      users:(("rpcbind",pid=394,fd=6),("systemd",pid=1,fd=35))
tcp    LISTEN  0       128                                           [::]:80                                                        [::]:*      users:(("lighttpd",pid=1850,fd=5))
tcp    LISTEN  0       128                                           [::]:56565                                                     [::]:*      users:(("rpc.mountd",pid=828,fd=11))
tcp    LISTEN  0       128                                              *:21                                                           *:*      users:(("proftpd",pid=772,fd=0))
tcp    LISTEN  0       128                                           [::]:22                                                        [::]:*      users:(("dropbear",pid=717,fd=4))
tcp    LISTEN  0       128                                              *:9117                                                         *:*      users:(("jackett",pid=1910,fd=190))
tcp    LISTEN  0       50                                            [::]:445                                                       [::]:*      users:(("smbd",pid=789,fd=29))
tcp    LISTEN  0       128                                           [::]:59199                                                     [::]:*      users:(("rpc.mountd",pid=828,fd=19))
tcp    LISTEN  0       128                                              *:8096                                                         *:*      users:(("EmbyServer",pid=1880,fd=231))
tcp    LISTEN  0       5                                             [::]:6881                                                      [::]:*      users:(("deluged",pid=1875,fd=12))
tcp    LISTEN  0       64                                            [::]:2049                                                      [::]:*
tcp    LISTEN  0       128                                           [::]:48385                                                     [::]:*      users:(("rpc.mountd",pid=828,fd=15))
root@superDietPi:~#
User avatar
Joulinar
Posts: 4502
Joined: Sat Nov 16, 2019 12:49 am

Re: Webserver on ipv6

Post by Joulinar »

Hi,

I guess you would need to rerun dietpi-letsencrypt as the change will be done on this script if I'm not mistaken

To make it easier to filter on Lighttpd, you could use following command.

Code: Select all

ss -tulpn | grep lighttpd
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
trigrhappy
Posts: 27
Joined: Sat Aug 31, 2019 6:38 am

Re: Webserver on ipv6

Post by trigrhappy »

So I've verified that my domain is reachable at its registered domain name using https://ipv6-test.com/validate.php. It returns my correct ipv6 associated address and the correct version of lighttpd, but unfortunately, letsencrypt fails:

Code: Select all

 DietPi-LetsEncrypt
─────────────────────────────────────────────────────
 Mode: Running Certbot

[  OK  ] DietPi-LetsEncrypt | Lighttpd webserver detected
[  OK  ] DietPi-LetsEncrypt | systemctl start lighttpd
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.NotMyActualWebsite.com
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.NotMyActualWebsite.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.NotMyActualWebsite.com/.well-known/acme-challenge/olhoB0uy-eJBxKXc3zVq7CJ5Exc2mmpKmGsfC_eWNCU: Connection refused
Post Reply