Add configuration option to allow the NGINX vhosts to listen for IPv6 connections in addition to IPv4 (#657)

2026-01-27 18:18:55 +00:00 · 2022-05-30 05:52:58 +08:00
parent 4da7fd5a88
commit d4bc8d559f
3 changed files with 10 additions and 0 deletions
--- a/docs/docs/reference/configuration-file.md
+++ b/docs/docs/reference/configuration-file.md
@@ -95,6 +95,7 @@ Shown below is a complete listing of the configuration options available in
 | `default['firezone']['nginx']['rate_limiting_zone_name']`                     | Nginx rate limiting zone name.                                                                               | `'firezone'`                                                           |
 | `default['firezone']['nginx']['rate_limiting_backoff']`                       | Nginx rate limiting backoff.                                                                                 | `'10m'`                                                                |
 | `default['firezone']['nginx']['rate_limit']`                                  | Nginx rate limit.                                                                                            | `'10r/s'`                                                              |
+| `default['firezone']['nginx']['ipv6']`                                        | Allow nginx to listen for HTTP requests for IPv6 in addition to IPv4.                                        | `true`                                                                 |
 | `default['firezone']['postgresql']['enabled']`                                | Enable or disable bundled Postgresql. Set to `false` and fill in the `database` options below to use your own Postgresql instance. | `true`                                           |
 | `default['firezone']['postgresql']['username']`                               | Username for Postgresql.                                                                                     | `node['firezone']['user']`                                             |
 | `default['firezone']['postgresql']['data_directory']`                         | Postgresql data directory.                                                                                   | `"#{node['firezone']['var_directory']}/postgresql/13.3/data"`          |
--- a/omnibus/cookbooks/firezone/attributes/default.rb
+++ b/omnibus/cookbooks/firezone/attributes/default.rb
@@ -152,6 +152,9 @@ default['firezone']['nginx']['log_rotation']['file_maxbytes'] = 104_857_600
 default['firezone']['nginx']['log_rotation']['num_to_keep'] = 10
 default['firezone']['nginx']['log_x_forwarded_for'] = false

+# Permit nginx to listen for IPv6 connections in addition to IPv4
+default['firezone']['nginx']['ipv6'] = true
+
 # Redirect to the FQDN
 default['firezone']['nginx']['redirect_to_canonical'] = false

--- a/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb
+++ b/omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb
@@ -15,6 +15,9 @@ log_format cache '$remote_addr - [$time_local] "$request" $upstream_cache_status

 server {
  listen <%= @nginx['non_ssl_port'] %> default_server;
+<% if @nginx['ipv6'] -%>
+  listen [::]:<%= @nginx['non_ssl_port'] %> default_server;
+<% end -%>
  server_name <%= @fqdn %>;
 <% if @nginx['force_ssl'] -%>
  location / {
@@ -30,6 +33,9 @@ server {

 server {
  listen <%= @nginx['ssl_port'] %> default_server;
+<% if @nginx['ipv6'] -%>
+  listen [::]:<%= @nginx['ssl_port'] %> default_server;
+<% end -%>
  server_name <%= @fqdn %>;

 <%   if @ssl['enabled'] -%>