Join Log in
Score:0
CADENTIC avatar Ubuntu

ufw is listening to tcp6 on OCI and cloudflare ssl certificate

by flag
CADENTIC 
    netstat -ntlp | grep LISTEN
tcp        0      0 127.0.0.xx:53           0.0.0.0:*               LISTEN      809/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      944/sshd: /usr/sbin
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1916/master
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
tcp6       0      0 127.0.0.1:9300          :::*                    LISTEN      2342/java
tcp6       0      0 :::22                   :::*                    LISTEN      944/sshd: /usr/sbin
tcp6       0      0 ::1:25                  :::*                    LISTEN      1916/master
tcp6       0      0 :::443                  :::*                    LISTEN      998/apache2
tcp6       0      0 :::2052                 :::*                    LISTEN      998/apache2
tcp6       0      0 :::2087                 :::*                    LISTEN      998/apache2
tcp6       0      0 :::111                  :::*                    LISTEN      1/init
tcp6       0      0 127.0.0.1:9200          :::*                    LISTEN      2342/java
tcp6       0      0 :::8080                 :::*                    LISTEN      998/apache2
tcp6       0      0 :::80                   :::*                    LISTEN      998/apache2

so I tried to refix with ufw all the options available eg. disable then enable fixing back that ipv6 in ufw file but none came out definitive.

lets sharing details:

  1. ssl / proxy clodflare
  2. compute is with OCI
  3. php v 7.4
  4. elsticsearch 7.6.0
  5. ubuntu 20.4
sudo lsof -i:443
COMMAND  PID        USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2  944        root   10u  IPv6  27489      0t0  TCP *:https (LISTEN)
apache2  945    www-data   10u  IPv6  27489      0t0  TCP *:https (LISTEN)
apache2  946    www-data   10u  IPv6  27489      0t0  TCP *:https (LISTEN)
apache2  947    www-data   10u  IPv6  27489      0t0  TCP *:https (LISTEN)
apache2  948    www-data   10u  IPv6  27489      0t0  TCP *:https (LISTEN)
apache2  949    www-data   10u  IPv6  27489      0t0  TCP *:https (LISTEN)
gomon   1987 snap_daemon   12u  IPv4  38550      0t0  TCP myhost.sub1234567890.someocivcn.oraclevcn.com:35072->someip:https

(ESTABLISHED)

I added ip6 lists in ufw https://www.cloudflare.com/ips/ but no luck. so I have no way to verify the certificate with Cloudflare whole HTTP and HTTPS are down.

thx sayantan

67
0 + 0
Score:0
CADENTIC avatar Ubuntu
by flag
CADENTIC

nowadays both should work with a webserver but

vi /etc/sysctl.d/Diableipv6.conf add these below mentioned system parameters

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

but I added ONLY net.ipv6.conf.default.disable_ipv6 = 1

it mostly worked in OCI based BMs or OCIs' ubuntu computes

ref: for further reading and more info you may consider this links

thx

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.