2

My nginx server (which serves multiple vhosts) fails to start:

Nov 08 23:54:43 foo systemd[1]: Starting nginx - high performance web server...
Nov 08 23:54:43 foo nginx[3830]: nginx: [emerg] duplicate listen options for [::]:8081 in /etc/nginx/sites-enabled/000-mysite.vhost:3
Nov 08 23:54:43 foo nginx[3830]: nginx: configuration file /etc/nginx/nginx.conf test failed
Nov 08 23:54:43 foo systemd[1]: nginx.service: control process exited, code=exited status=1
Nov 08 23:54:43 foo systemd[1]: Failed to start nginx - high performance web server.
Nov 08 23:54:43 foo systemd[1]: Unit nginx.service entered failed state.
Nov 08 23:54:43 foo systemd[1]: nginx.service failed.

I've pinpointed the problem to two listen directives bound to the same TCP port for both IPv4 and IPv6, where the option ipv6only is used: 

[root@foo ~]# head /etc/nginx/sites-enabled/mysite.vhost 
server {
        listen 8081;
        listen [::]:8081 ipv6only=on;  
        ssl off;
...

So this configuration works correctly:

[root@foo ~]# head /etc/nginx/sites-enabled/mysite.vhost 
server {
        listen 8081;
        listen [::]:8081;  
        ssl off;
...

[Related question: https://serverfault.com/questions/638367/do-you-need-separate-ipv4-and-ipv6-listen-directives-in-nginx]

Now, this configuration is provisioned by Puppet via the puppet-nginx module. Is there a way to (via Puppet) not specify the ipv6only option, or solve the problem in another manner?

Community
  • 1
dr_
  • 28,763
  • 21
  • 89
  • 133

1 Answers1

2

I'm not able to say, how your puppet part looks like. Anyway, puppet-nginx module has resource nginx::resource::vhost, which - I guess - you use somehow. This resource has option ipv6_listen_options, which includes ipv6only=on by default. So you should be able to call it in this way:

nginx::resource::vhost { 'example.com':
    ipv6_listen_options => '',
    # another options there
}

Another possibility is that you use older module, which had ipv6only=on hardcoded in template. It was fixed in Feb with this pull request. So you can remove it from template or upgrade module.

stderr
  • 976
  • 4
  • 12