twellck opened a new issue, #12828: URL: https://github.com/apache/apisix/issues/12828
### Current Behavior When running APISIX in an IPv6 environment (e.g., K8s IPv6 SingleStack) with enable_ipv6: true, the standard node_listen and SSL ports correctly bind to [::]. However, ports defined under proxy_protocol (e.g., listen_https_port) fail to create an IPv6 listener and default to IPv4 (0.0.0.0) only. This causes connection failures for IPv6-only load balancers (like AWS NLB in IPv6 mode) trying to connect via Proxy Protocol. ### Expected Behavior When `apisix.enable_ipv6` is set to `true` in `config.yaml`, **all** listening ports configured in APISIX (including `proxy_protocol` ports) should bind to both IPv4 (`0.0.0.0`) and IPv6 (`[::]`) interfaces. For a configuration defining `proxy_protocol.listen_https_port: 9443`, the generated `nginx.conf` should contain the IPv6 listener directive alongside the IPv4 one: ```nginx # Expected output in nginx.conf listen 9443 ssl default_server proxy_protocol; listen [::]:9443 ssl default_server proxy_protocol; <-- Missing ``` **Technical Details:** The issue appears to be located in `ngx_tpl.lua` & `apisix/cli/ops.lua`. While `node_listen` and `ssl.listen` are processed via the `listen_table_insert` helper function (which correctly injects the `[::]` entry when `enable_ipv6` is true), the `proxy_protocol` configuration does not follow the same pre-processing steps. As a result, the raw port number is passed to `ngx_tpl.lua`, which generates a bare `listen <port>` directive, breaking connectivity in IPv6-only environments. ### Error Logs N/A ### Steps to Reproduce 1. In `config.yaml`, set `enable_ipv6: true`. 2. Enable `proxy_protocol` and set `listen_https_port: 9443` (or any valid port). 3. Generate the config/start APISIX. 4. Check the generated `nginx.conf` for the missing `[::]` listener. ### Environment - APISIX version (run `apisix version`): 3.14.1 - Operating system (run `uname -a`): 6.12.58-82.121.amzn2023.aarch64 - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): 1.27.1.2 - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
