create docker networks with ipv6 enabled by default or make in an option #5557
Replies: 1 comment
-
|
@the-leonat in regards to obtaining the X-Forwarded-For header, it acts as a NAT for all ipv4 networks, like you say, but you just have to tell traefik to trust the forwarded header, see below. I was under the impression, that you would need globally routable containers (not good) if you use the private ipv6 range then you still have to pass through a gateway, and thus trust the gateway ip to get the headers, i guess if you say you don't need to do this i am wrong on this then. One solution is to run the proxy on the host network , coolify isn't set up to do this, plus it breaks service name networking unless you add container names to hosts file so this isn't recommended However the other option is to trust the gateway ip so the headers are forwarded to the proxy and not ignored https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers --entryPoints.http.proxyProtocol.trustedIPs=172.17.0.1
--entryPoints.http.forwardedHeaders.trustedIPs=172.17.0.1you might need to expand the above using a subnet as even tho the main proxy is probably running on that network, it's also running on the otehrs too, and i'm not sure if all external requests always go through the first network ip |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
docker networks created by coolify dont have ipv6 enabled by default.
why is that a problem?
You can't reliably retrieve the clients ip-adress in your applications:
if you have ipv6 dns setup, docker acts as a nat and routes ipv6 adress into the ipv4 docker network.
this messes up traefiks
X-Forwarded-Forheaders which in turn contains the ipv4 of the proxy server itself.Current solution: Create a separate docker network with ipv6 enabled, and attach your resource to that network.
docker network create --ipv6 --subnet 2001:db8::/64 [networkname]In the spirit of coolify this shouldn't be necessary: ipv6 should be enabled by default or be on global option for example in the server tab.
Beta Was this translation helpful? Give feedback.
All reactions