search

dappnode / DNP_HTTPS

A fully automated HTTPS server powered by Nginx, Let's Encrypt and Docker.
2 stars 5 forks source link

Local proxy does not support ipv6 #59

Closed simplysoft closed 2 years ago

simplysoft commented 2 years ago

When dappnode is accessible via both legacy ip (ipv4) and ip (ipv6), nginx returns forbidden error when accessed

The nginx.conf only enables local legacy ip subnet resulting in forbidden due to deny all

server {
        server_name   dappnode.local;
        listen        80;
        resolver 172.33.1.2;
        allow 192.168.X.X/24;
        deny all;
        location      / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_pass http://my.dappnode;
        }
    }

https://github.com/dappnode/DNP_HTTPS/blob/master/fs_overlay/var/lib/nginx-conf/nginx.conf.erb#L120

3alpha commented 2 years ago

Hi,

Thanks for the heads up. This is something that flew under our radar and we'll deal with it.

3alpha commented 2 years ago

So my current idea is to just allow there all ipv4 and ipv6 private IP ranges. Any thoughts there?

simplysoft commented 2 years ago

Makes sense, further restricting it to the exact range that is in use will be more challenging for ipv6. An other option could be to make it configurable and offload that complexity to the user