Project

General

Profile

lighttpd 1.4.48 : simultaneous HTTPS connection to lighttpd on IPv4 and IPv6 is not working

Added by nlimbani over 5 years ago

I am using lighttpd on a linux (kernel 4.4) based embedded device.
  1. lighttpd -v
    lighttpd/1.4.48 (ssl) - a light and fast webserver #

My device support DUAL stack IP mode (IPV4 and IPv6 both).

I want to configure lighttpd for HTTPS access on IPV4 and IPv6. I use following configuration to achieve this.

[....]
server.port = 443
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "<path to certificate file on the device>"
}
$SERVER["socket"] == "[::]:443" {
ssl.engine = "enable"
ssl.pemfile = "<path to certificate file on the device>"
}
[....]

But with this configuration HTTPS is accessible on IPv6 only. It is not accessible on IPv4.
Am I using the right configuration in this case?

Regards,
Narendra


Replies (3)

RE: lighttpd 1.4.48 : simultaneous HTTPS connection to lighttpd on IPv4 and IPv6 is not working - Added by gstrauss over 5 years ago

I just verified on an x86 machine with lighttpd 1.4.51 and that syntax works as expected.

Check the values of server.use-ipv6 or server.set-v6only if you are setting them in your config, though the values should not matter since you are explicitly specifying both IPv4 and IPv6 addresses, as is recommended.

RE: lighttpd 1.4.48 : simultaneous HTTPS connection to lighttpd on IPv4 and IPv6 is not working - Added by nlimbani over 5 years ago

I am not explicitly setting the values for server.use-ipv6 or server.set-v6only in the config file.

But when I run the command "sysctl net.ipv6.bindv6only" I see following output.

# sysctl net.ipv6.bindv6only
net.ipv6.bindv6only = 1
#

Is this configuration causing the issue?

Is there any way available to debug this issue?

In this particular case the output of netstat command shows that a listening port(443 - https) for the address "0.0.0.0" and "::" is successfully opened.

RE: lighttpd 1.4.48 : simultaneous HTTPS connection to lighttpd on IPv4 and IPv6 is not working - Added by nlimbani over 5 years ago

I could achieve HTTPS on IPv4 and IPv6 by using following configuration.

ssl.engine = "enable" 
ssl.pemfile = "<path to cert file>" 
$SERVER["socket"] == ":443" { ssl.engine = "enable" }
$SERVER["socket"] == "[::]:443" { ssl.engine = "enable" }

    (1-3/3)