IPv6 toggle or specifying distinct listening address

Jigsaw-Code / outline-server

Outline Server, developed by Jigsaw. The Outline Server is a proxy server that runs a Shadowsocks instance and provides a REST API for access key management.

https://getoutline.org/

Apache License 2.0

5.85k stars 788 forks source link

IPv6 toggle or specifying distinct listening address #1601

Open krangm opened 2 months ago

krangm commented 2 months ago

Since today, Outline server docker image enforce using IPv6 for some reason. IPv6 is disabled in my kernel, so enforcing IPv6 does not let server to start with the following error:

ERR Server failed to start. Aborting. err="failed to configure server: unable to create stream listener for [::]:11111: listen tcp [::]:11111: socket: address family not supported by protocol"

Currently I have to downgrade to this image, which has no IPv6 enforcing: quay.io/outline/shadowbox:v1.9.0

It would be nice to have an ability to specify desired listening address which will determine protocol to use. This will allow to leave both protocols enabled by default. Or whatever else to toggle IPv6.

FAR747 commented 2 months ago

How do you downgrade the server version?

krangm commented 2 months ago

Recreate server container with same properties, but edit the image tag. From quay.io/outline/shadowbox:stable to quay.io/outline/shadowbox:v1.9.0

NosikovSergey commented 2 months ago

It's work for me too. I edited script /opt/outline/persisted-state/start_container.sh. Replaced quay.io/outline/shadowbox:stable to quay.io/outline/shadowbox:v1.9.0 how wrote @krangm It seems like the latest release broke

FAR747 commented 2 months ago

I created a bash script

#!/bin/bash

export SB_IMAGE=quay.io/outline/shadowbox:v1.9.0 # version 
export WATCHTOWER_REFRESH_SECONDS=2592000 # Watchtower refresh 90 days

curl -sSL https://raw.githubusercontent.com/Jigsaw-Code/outline-server/master/src/server_manager/install_scripts/install_server.sh | bash

I didn't have a file /opt/outline/persisted-state/start_container.sh The downside is that you actually reinstall outline, but the old access keys are saved, except for the manager.

koshelevdk commented 2 months ago

Same thing here. I have ipv6 completely disabled on my machine and found this issue only after rolling back to v1.9.0 manually.

behrouzamiri commented 2 months ago

@NosikovSergey would you mind sharing /opt/outline/persisted-state/start_container.sh ? as @FAR747 mentioned, start_container.sh is not available in my installation, and I'm curious what options are specified there for running the container?

koshelevdk commented 2 months ago

@behrouzamiri here it is

https://github.com/Jigsaw-Code/outline-server/blob/master/src/server_manager/install_scripts/install_server.sh#L303

Image is controlled by watchtower, that's why it was updated without user interaction https://github.com/Jigsaw-Code/outline-server/blob/master/src/server_manager/install_scripts/install_server.sh#L367

behrouzamiri commented 2 months ago

Thanks, @koshelevdk ! That did the trick!

I saw in the Watchtower logs that it updated the Shadowbox image 4 hours ago, which led me here. The part of the install_server.sh script (start_shadowbox() function) that you pointed me to shed light on the issue and helped me. It actually generates the start_container.sh script and runs it.

I was able to simply downgrade the image to 1.9.0 and run a Docker command with the required arguments. It’s all good now!

I also set Watchtower to update every month for safety, thanks to @FAR747 for pointing that out.

notice that for outline manager to work, SB_API_PREFIX parameter must be set from the access file.

export SB_API_PREFIX=$(grep 'apiUrl' /opt/outline/access.txt | cut -d'/' -f4)

sbruens commented 1 month ago

Thanks for the report, folks. We're investigating and in the meantime are rolling back to v.1.9.0.

fortuna commented 1 month ago

This is the culprit: https://github.com/Jigsaw-Code/outline-ss-server/blob/cb5965fd1a6982b641c640067b55bcdb1ccca8eb/cmd/outline-ss-server/main.go#L215

Probably solvable by using an empty host instead so the address reads as :$PORT.

sbruens commented 1 month ago

Just a quick update that we believe we have fixed the regression, but have been having trouble reliably reproducing the original problem.

If anyone that ran into this issue on the previous version (the image with the bug is quay.io/outline/shadowbox:v1.10.0) is able to do a test run with the new release candidate to see if they are still running into the issue on the machines that have IPv6 disabled, that would help give us more confidence before releasing to a wider audience.

New release candidate image:

quay.io/outline/shadowbox:v1.10.1-rc1

Thanks for your help!

krangm commented 1 month ago

quay.io/outline/shadowbox:v1.10.1-rc1

Works for me. Server starts fine. IPv6 was disabled by booting with kernel parameter ipv6.disable=1

Thank you!

est0n14n commented 1 month ago

quay.io/outline/shadowbox:v1.10.1-rc1

Works for me. Thank you!

sbruens commented 1 month ago

We have released v1.10.1 that has the fix. Please do let us know if you run into further issues with this.

I'll leave this issue open to reflect the feature request to be able toggle it or specify distinct addresses.