Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation clairification #66

Open
Motophan opened this issue Dec 28, 2020 · 3 comments
Open

Documentation clairification #66

Motophan opened this issue Dec 28, 2020 · 3 comments

Comments

@Motophan
Copy link

Motophan commented Dec 28, 2020

/etc/docker/daemon.json

{
  "ipv6": true,
  "fixed-cidr-v6": "fd00:dead:beef::/48"
}

Is this what you mean by "make sure your Docker daemon is started with --ipv6 and specifies a ULA range with --fixed-cidr-v6 (e.g. --fixed-cidr-v6 fd00:dead:beef::/48)"

My docker daemon on debian 10 with docker network inspect bridge showed

    {
        "Name": "bridge",
        "Id": "2e95b4c4edbc6c298bf3eebc436b0be6b5ee9681da58dddd3c4b7721bb764295",
        "Created": "2020-12-28T03:11:11.061086556Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
...

If so, could you make an example container compose stanza to bring up a your container and a nginx container with dual stack?

version: '2.4'

networks:
  mynetwork:
    driver: bridge

services:
  nginx: 
    image: nginx:latest
    container_name: nginx
    volumes:
      - /home/username/nginx/:/etc/nginx/
    ports:
      - 80:80
      - 443:443
  ipv6nat: 
    image: robbertkl/ipv6nat:latest
    container_name: ipv6nat
    privileged: True
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /lib/modules:/lib/modules:ro

My issue with compose is

1- docker-compose down removes the user defined network
2- unsure how to instruct compose to create the network docker network create --ipv6 --subnet fd00:dead:beef::/48 mynetwork

notes: my setup wont show ipv6 enabled for bridge for some reason. I dont know what to do to trigger it. I would like to have a user defined bridge as ipv6 and have that bridge created in compose.

Assuming my public IP (I have a /64, but my adapter assigns 2001:0db8:85a3:0000:0000:8a2e:0370:7334 (example address) as my host's IP. I want to put that in the DNS as a AAAA record and I want containers to be able to open ports on this IP address, specifically nginx container on port 80,443.

Unfortunatally, my containers can reach ipv6 space if I run docker network create --ipv6 --subnet fd00:dead:beef::/48 mynetwork and docker run --network mynetwork busybox ping ipv6.google.com it will ping google on ipv6 space. However, if I run a webserver it will not expose the port if I pass -p 443:443 to both ipv6 and ipv4. It will expose the port to ipv4 space, but will remained closed on ipv6 space. This is a data center server, and has no firewall whatsoever. I am assigned publicly routable ipv6 netblocks. What am I doing wrong?
docker ps
shows your container running and webserver running.

@Motophan
Copy link
Author

Motophan commented Dec 28, 2020

I would like to semi-close this issue as I have figured it out, but I ask that hopefully some of this info can hit your README.md

networks:
  yeetmaster:
    driver: bridge
    enable_ipv6: true
    ipam:
      config:
        - subnet: 172.20.0.0/16
        - subnet: fd00:dead:beef::/48

services:
  nginx: 
    image: nginx:latest
    container_name: nginx
    volumes:
      - /home/username/nginx/:/etc/nginx/
    ports:
      - 80:80
      - 443:443
  ipv6nat: 
    image: robbertkl/ipv6nat:latest
    container_name: ipv6nat
    privileged: True
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /lib/modules:/lib/modules:ro

If this does not work for you

1- docker-compose down will remove the network if nothing else is on it. You need to make sure the network is spun up by compose, so you may need to remove straggling containers and then docker network remove mynetwork
2- check host ipv6 connectivity, check docker run --network mynetwork busybox ping ipv6.google.com this will show if the containers can reach the ipv6 world.
3- check sysctl flags, especially ones mentioned previously. Make sure you dont have something blocking ipv6

@robbertkl
Copy link
Owner

Hi, you can submit a PR with README changes and I'll be happy to consider incorporating them. I'd leave out the bottom lines, as most of that's already mentioned in the (already too long) README, but a working docker-compose example would be a good addition. Please be sure to include the right version at the top of the YAML.

@Motophan
Copy link
Author

Motophan commented Dec 28, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants