NGINX Ports are not opened for ipv6

[dflvunoooooo]

The problem

The Ports I set in the NGINX-Addon are only opened for ipv4 but not for ipv4, but I am using the ipv6 address to reach HA from the internet.

Environment

• Add-on with the issue: NGINX Home Assistant SSL proxy
• Add-on release with the issue: 3.0.1
• Last working add-on release (if known): Not sure, two weeks ago it worked.
• Operating environment (OS/Supervised): Arch Linux and HA in docker installed with the official installation script.

Problem-relevant configuration

NGINX conf

domain: jarvis.martinwesthoff.de
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

configuration.yaml

…
http:
  use_x_forwarded_for: true            # To ensure HA understands that client requests come via reverse proxy
  trusted_proxies:
    - 172.30.0.0/16                           # In Hass.io Subnetz
    - 172.30.32.0/23                         # Deconz
    - 172.30.32.1
    - 172.17.0.0/23                           # Docker Subnetz
    - 192.168.0.0/23                         # locales Netzwerk zulassen
    - 127.0.0.1                                  # Add the localhost IPv4 address
    - ::1                                             # Add the localhost IPv6 address
  ip_ban_enabled: true                   # Sperrt IPs nach unter login_attempts_threshold festgelegten Versuchen. 
  login_attempts_threshold: 8
…

Traceback/Error logs

No errors or warnings reported from HA or NGINX.

Additional information

After restoring a shapshot I was unable to reach HA from the internet. After fumbling around I noticed that the ports 80 and 443 are only opend after hassio start for the ipv4 address on the host and not for the ipv6 address.
Here is the result from sudo nmap -nP 192.168.0.15

Nmap scan report for 192.168.0.15
Host is up (0.0074s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8081/tcp open  blackice-icecap
MAC Address: 52:54:00:1C:47:C0 (QEMU virtual NIC)

Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds

Here is the result from nmap -6 -nP 2a02:908:896:3fc0:xxxx:xxxx:xxxx:xxxx

Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-07 15:04 CET
Nmap scan report for 2a02:908:896:3fc0:xxxx:xxxx:xxxx:xxxx
Host is up (0.0065s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds

Is there a way to allow ipv6 again. I noticed that that with version 2.6 ipv6 listener has been removed. Or is there a possibility to downgrade, I am curious if it would work with 2.5 for example.

Edit: Somehow it is not working if I reverse the changes in nginx_proxy/data/nginx.conf as described here nginx_proxy: Remove IPv6 Listen statements from nginx.conf. Maybe I am missing something?

[pvizeli]

Right, we have an RFC open: home-assistant/supervisor#2133

If that is not implemented, IPv6 will not work correctly with Home Assistant.

[dflvunoooooo]

Ah! Thank you very much for the hint. I was beginning to despair. But I don't understand why it did work a few weeks ago, what did change?

Do you per chance know if it is possible to install docker-ipv6nat as a workaround?

[pvizeli]

See at my RFC

[dflvunoooooo]

I read it but I don't understand why it did work until two weeks ago. And I see no workaround which I could do until in is officially fixed, or maybe I missed something.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.