On 17.02.26 09:29, Stephen J. Turnbull wrote:
Gerald Vogt writes:
Why would you double book port 80? That's really a bad idea and causes issues like the one you see...
When I read that I assumed that nginx would resolve in favor of the narrower interface:port declaration.
But IPv6 is still a different interface and ::1 would always go into that "EXTERNAL" server as that's also the default_server. You cannot connect with IPv6 into the other "INTERNAL" server.
And I think beyond that there is no "narrow" measure for interface:ports declarations. If two server blocks use the same interface and port, the server will use the server_name to determine which block to use (named-based virtual-host) and if none matches either the declared "default_server" or if no default server has been declared it's using the first matching block.
If double-booking is happening, nginx should be issuing an error, or (nginx being pretty picky in my experience) even refusing to start.
Maybe I have used the wrong term "double-booking", but most often, you have full overlap on your servers (i.e. server name virtual hosts, listening to all your interfaces on ports 80 and/or 443).
Anyway, OP should look for messages about problems binding to ports in the nginx and uwsgi logs.
Your "INTERNAL" server binds to 127.0.0.1 port 80, only.
That's not quite true. Normally the WSGI service will bind to another port for Postorius/HyperKitty, typically 8000.
I am only referring to the nginx config posted. That is listening to 127.0.0.1:80 specifically which means it is not listening to [::1]:80.
The "INTERNAL" server overlaps on 127.0.0.1:80 with the other block. i.e. on 127.0.0.1:80 it will use the server_name to determine which block to use and only "localhost" will go into the "INTERNAL" block.
So only connections to 127.0.0.1:80 or localhost:80 using IPv4 will go into the "INTERNAL" block.
Any other network connection to port 80 will always go into the other block including [::1]:80 or localhost:80 using IPv6.
As I have suggested, it would be better to use a different port number for the "INTERNAL" block.
-Gerald