Documentation clairification
Motophan opened this issue · comments
/etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "fd00:dead:beef::/48"
}
Is this what you mean by "make sure your Docker daemon is started with --ipv6 and specifies a ULA range with --fixed-cidr-v6 (e.g. --fixed-cidr-v6 fd00:dead:beef::/48)"
My docker daemon on debian 10 with docker network inspect bridge showed
{
"Name": "bridge",
"Id": "2e95b4c4edbc6c298bf3eebc436b0be6b5ee9681da58dddd3c4b7721bb764295",
"Created": "2020-12-28T03:11:11.061086556Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
...
If so, could you make an example container compose stanza to bring up a your container and a nginx container with dual stack?
version: '2.4'
networks:
mynetwork:
driver: bridge
services:
nginx:
image: nginx:latest
container_name: nginx
volumes:
- /home/username/nginx/:/etc/nginx/
ports:
- 80:80
- 443:443
ipv6nat:
image: robbertkl/ipv6nat:latest
container_name: ipv6nat
privileged: True
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /lib/modules:/lib/modules:ro
My issue with compose is
1- docker-compose down removes the user defined network
2- unsure how to instruct compose to create the network docker network create --ipv6 --subnet fd00:dead:beef::/48 mynetwork
notes: my setup wont show ipv6 enabled for bridge for some reason. I dont know what to do to trigger it. I would like to have a user defined bridge as ipv6 and have that bridge created in compose.
Assuming my public IP (I have a /64, but my adapter assigns 2001:0db8:85a3:0000:0000:8a2e:0370:7334 (example address) as my host's IP. I want to put that in the DNS as a AAAA record and I want containers to be able to open ports on this IP address, specifically nginx container on port 80,443.
Unfortunatally, my containers can reach ipv6 space if I run docker network create --ipv6 --subnet fd00:dead:beef::/48 mynetwork and docker run --network mynetwork busybox ping ipv6.google.com it will ping google on ipv6 space. However, if I run a webserver it will not expose the port if I pass -p 443:443 to both ipv6 and ipv4. It will expose the port to ipv4 space, but will remained closed on ipv6 space. This is a data center server, and has no firewall whatsoever. I am assigned publicly routable ipv6 netblocks. What am I doing wrong?
docker ps
shows your container running and webserver running.
I would like to semi-close this issue as I have figured it out, but I ask that hopefully some of this info can hit your README.md
networks:
yeetmaster:
driver: bridge
enable_ipv6: true
ipam:
config:
- subnet: 172.20.0.0/16
- subnet: fd00:dead:beef::/48
services:
nginx:
image: nginx:latest
container_name: nginx
volumes:
- /home/username/nginx/:/etc/nginx/
ports:
- 80:80
- 443:443
ipv6nat:
image: robbertkl/ipv6nat:latest
container_name: ipv6nat
privileged: True
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /lib/modules:/lib/modules:ro
If this does not work for you
1- docker-compose down will remove the network if nothing else is on it. You need to make sure the network is spun up by compose, so you may need to remove straggling containers and then docker network remove mynetwork
2- check host ipv6 connectivity, check docker run --network mynetwork busybox ping ipv6.google.com this will show if the containers can reach the ipv6 world.
3- check sysctl flags, especially ones mentioned previously. Make sure you dont have something blocking ipv6
Hi, you can submit a PR with README changes and I'll be happy to consider incorporating them. I'd leave out the bottom lines, as most of that's already mentioned in the (already too long) README, but a working docker-compose example would be a good addition. Please be sure to include the right version at the top of the YAML.