Local proxy does not support ipv6

Question

Local proxy does not support ipv6

simplysoft opened this issue 3 years ago · comments

When dappnode is accessible via both legacy ip (ipv4) and ip (ipv6), nginx returns forbidden error when accessed

The nginx.conf only enables local legacy ip subnet resulting in forbidden due to deny all

server {
        server_name   dappnode.local;
        listen        80;
        resolver 172.33.1.2;
        allow 192.168.X.X/24;
        deny all;
        location      / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://my.dappnode;
        }
    }

https://github.com/dappnode/DNP_HTTPS/blob/master/fs_overlay/var/lib/nginx-conf/nginx.conf.erb#L120

3alpha · Answer 1 · Mon Jan 17 2022 05:08:07 GMT+0800 (China Standard Time)

Hi,

Thanks for the heads up. This is something that flew under our radar and we'll deal with it.

3alpha · Answer 2 · Mon Jan 17 2022 20:23:59 GMT+0800 (China Standard Time)

So my current idea is to just allow there all ipv4 and ipv6 private IP ranges. Any thoughts there?

simplysoft · Answer 3 · Tue Jan 18 2022 21:05:36 GMT+0800 (China Standard Time)

Makes sense, further restricting it to the exact range that is in use will be more challenging for ipv6. An other option could be to make it configurable and offload that complexity to the user