This is an automated email from the ASF dual-hosted git repository.
nic-6443 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new b86a273f4 fix(cli): simple add IPv6 listen support for PROXY Protocol
(#12859)
b86a273f4 is described below
commit b86a273f443cd23668efe75eb8a6372801112e1a
Author: Tim Wellbrock <[email protected]>
AuthorDate: Fri Jun 12 11:40:19 2026 +1000
fix(cli): simple add IPv6 listen support for PROXY Protocol (#12859)
---
apisix/cli/ngx_tpl.lua | 6 +++++
t/cli/test_main.sh | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 67 insertions(+)
diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua
index b02623aab..4712d8b17 100644
--- a/apisix/cli/ngx_tpl.lua
+++ b/apisix/cli/ngx_tpl.lua
@@ -721,9 +721,15 @@ http {
{% end %}
{% if proxy_protocol and proxy_protocol.listen_http_port then %}
listen {* proxy_protocol.listen_http_port *} default_server
proxy_protocol;
+ {% if enable_ipv6 then %}
+ listen [::]:{* proxy_protocol.listen_http_port *} default_server
proxy_protocol;
+ {% end %}
{% end %}
{% if proxy_protocol and proxy_protocol.listen_https_port then %}
listen {* proxy_protocol.listen_https_port *} ssl default_server
proxy_protocol;
+ {% if enable_ipv6 then %}
+ listen [::]:{* proxy_protocol.listen_https_port *} ssl default_server
proxy_protocol;
+ {% end %}
{% end %}
server_name _;
diff --git a/t/cli/test_main.sh b/t/cli/test_main.sh
index c4c3539c3..4dbd96ae5 100755
--- a/t/cli/test_main.sh
+++ b/t/cli/test_main.sh
@@ -1002,3 +1002,64 @@ if ! grep "access-tokens 2m;" conf/nginx.conf >
/dev/null; then
fi
echo "passed: found the http lua_shared_dict related parameter in nginx.conf"
+
+# check proxy_protocol IPv6 listen directives
+echo '
+apisix:
+ enable_ipv6: true
+ proxy_protocol:
+ listen_http_port: 9181
+ listen_https_port: 9182
+' > conf/config.yaml
+
+make init
+
+if ! grep "listen 9181 default_server proxy_protocol;" conf/nginx.conf >
/dev/null; then
+ echo "failed: proxy_protocol listen_http_port not in nginx.conf"
+ exit 1
+fi
+
+if ! grep "listen \[::\]:9181 default_server proxy_protocol;" conf/nginx.conf
> /dev/null; then
+ echo "failed: proxy_protocol IPv6 listen_http_port not in nginx.conf"
+ exit 1
+fi
+
+if ! grep "listen 9182 ssl default_server proxy_protocol;" conf/nginx.conf >
/dev/null; then
+ echo "failed: proxy_protocol listen_https_port not in nginx.conf"
+ exit 1
+fi
+
+if ! grep "listen \[::\]:9182 ssl default_server proxy_protocol;"
conf/nginx.conf > /dev/null; then
+ echo "failed: proxy_protocol IPv6 listen_https_port not in nginx.conf"
+ exit 1
+fi
+
+echo "passed: proxy_protocol IPv6 listen directives are correct"
+
+# check proxy_protocol without IPv6
+echo '
+apisix:
+ enable_ipv6: false
+ proxy_protocol:
+ listen_http_port: 9181
+ listen_https_port: 9182
+' > conf/config.yaml
+
+make init
+
+if ! grep "listen 9181 default_server proxy_protocol;" conf/nginx.conf >
/dev/null; then
+ echo "failed: proxy_protocol listen_http_port not in nginx.conf when ipv6
disabled"
+ exit 1
+fi
+
+if grep "listen \[::\]:9181 default_server proxy_protocol;" conf/nginx.conf >
/dev/null; then
+ echo "failed: proxy_protocol IPv6 listen_http_port should not be in
nginx.conf when ipv6 disabled"
+ exit 1
+fi
+
+if grep "listen \[::\]:9182 ssl default_server proxy_protocol;"
conf/nginx.conf > /dev/null; then
+ echo "failed: proxy_protocol IPv6 listen_https_port should not be in
nginx.conf when ipv6 disabled"
+ exit 1
+fi
+
+echo "passed: proxy_protocol without IPv6 is correct"
