[pkg-lighttpd] Bug#864475: lighttpd: Does not bind to some ipv6 port

Christoph Kreutzer kreutzer.christoph at gmail.com
Fri Jun 9 17:41:51 UTC 2017 

Hello Johannes,

just tried it on a test server (using the upstream deb package from lighttpd.net):
lighttpd/1.4.45 (ssl) - a light and fast webserver
Build-Date: Jan 14 2017 11:40:43

In the default config, there is a perl script creating nearly the same configuration option as you did (/usr/share/lighttpd/use-ipv6.pl), however the block after the condition is empty: $SERVER["socket"] == "[::]:$PORT" { }

Per default, it is listening on the default port:
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port

:~# netstat -tulpn | grep lighttpd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      16921/lighttpd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      16921/lighttpd
tcp6       0      0 :::80                   :::*                    LISTEN      16921/lighttpd

After adding:
include_shell "/usr/share/lighttpd/use-ipv6.pl 443"

:~# netstat -tulpn | grep lighttpd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      16988/lighttpd
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      16988/lighttpd
tcp6       0      0 :::443                  :::*                    LISTEN      16988/lighttpd
tcp6       0      0 :::80                   :::*                    LISTEN      16988/lighttpd

So, my recommendation would be to try:
> $SERVER["socket"] == ":80"  { include "ssl-redirect.conf" }
> $SERVER["socket"] == ":443" { include "ssl.conf" }
> $SERVER["socket"] == "[::]:80"     { }
> $SERVER["socket"] == "[::]:443"    { }

HTH,
Christoph

> Am 09.06.2017 um 09:09 schrieb Johannes Schlumberger <spjsschl at doriath.informatik.uni-erlangen.de>:
> 
> Package: lighttpd
> Version: 1.4.45-1
> Severity: normal
> Tags: ipv6
> 
> Dear Maintainer,
> I am trying to have my lighttpd listen on port 80 and 443 for both ipv6 and
> ipv4. Please see attached config for how I am trying to achieve this.
> It ends up listening on 80 and 443 for ipv4, but only on port 80 for ipv6. I
> would expect it to listen to port 443 for ipv6 as well. There is nothing
> else listening on this port.
> 
> $ sudo netstat -tulpn | grep lighttpd
> tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      10525/lighttpd
> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      10525/lighttpd
> tcp6       0      0 :::80                   :::*                    LISTEN      10525/lighttpd
> $ sudo netstat -tulpn | grep 443
> tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      10525/lighttpd
> $ for prot in 4 6; do for port in 80 443; do echo -n -e "Testing with port $port \
> and ipv${prot}:\t"; echo exit | nc -q 1 -v -$prot localhost $port;done ;done
> Testing with port 80 and ipv4:  Connection to localhost 80 port [tcp/http] succeeded!
> Testing with port 443 and ipv4: Connection to localhost 443 port [tcp/https] succeeded!
> Testing with port 80 and ipv6:  Connection to localhost 80 port [tcp/http] succeeded!
> Testing with port 443 and ipv6: nc: connect to localhost port 443 (tcp) failed: Connection refused
> 
> 
> Please let me know if I can help with any other information.
> thank you for your work,
> 	Johannes
> 
> 
> -- System Information:
> Debian Release: 9.0
>  APT prefers testing
>  APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages lighttpd depends on:
> ii  init-system-helpers  1.48
> ii  libattr1             1:2.4.47-2+b2
> ii  libbz2-1.0           1.0.6-8.1
> ii  libc6                2.24-11
> ii  libfam0              2.7.0-17.2+b1
> ii  libpcre3             2:8.39-3
> ii  libssl1.1            1.1.0f-3
> ii  lsb-base             9.20161125
> ii  mime-support         3.60
> ii  zlib1g               1:1.2.8.dfsg-5
> 
> Versions of packages lighttpd recommends:
> ii  spawn-fcgi  1.6.4-1+b1
> 
> Versions of packages lighttpd suggests:
> pn  apache2-utils  <none>
> pn  lighttpd-doc   <none>
> ii  openssl        1.1.0f-3
> pn  php5-cgi       <none>
> pn  rrdtool        <none>
> 
> -- Configuration Files:
> /etc/lighttpd/lighttpd.conf changed:
> server.modules = (
> 	"mod_access",
> 	"mod_alias",
> 	"mod_compress",
> 	"mod_redirect",
> )
> server.document-root        = "/var/www"
> server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
> server.errorlog             = "/var/log/lighttpd/error.log"
> server.pid-file             = "/var/run/lighttpd.pid"
> server.username             = "www-data"
> server.groupname            = "www-data"
> server.port = 80
> index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
> url.access-deny             = ( "~", ".inc" )
> static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
> compress.cache-dir          = "/var/cache/lighttpd/compress/"
> compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )
> include_shell "/usr/share/lighttpd/create-mime.assign.pl"
> include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
> $SERVER["socket"] == "0.0.0.0:80"  { include "ssl-redirect.conf" }
> $SERVER["socket"] == "0.0.0.0:443" { include "ssl.conf" }
> $SERVER["socket"] == "[::]:80"     { include "ssl-redirect.conf" }
> $SERVER["socket"] == "[::]:443"    { include "ssl.conf" }
> 
> 
> -- no debconf information
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20170609/c86c6c6d/attachment-0001.sig>

More information about the pkg-lighttpd-maintainers mailing list