search

linuxserver / docker-baseimage-alpine-nginx

GNU General Public License v3.0
43 stars 37 forks source link

[BUG] templating resolvers fails in ipv6 only environments #148

Closed ellisgeek closed 9 months ago

ellisgeek commented 1 year ago

Is there an existing issue for this?

Current Behavior

Nginx stalls with the message nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3 when /etc/resolv.conf contains only ipv6 dns servers.

Expected Behavior

/config/nginx/resolver.conf should be templated correctly with the IPv6 DNS servers enclosed in [].

Steps To Reproduce

  1. run a container based on this image in an environment with no IPv4 nameservers. (Ex. fly.io)

Environment

- Platform: fly.io

`/etc/resolv.conf`

e82de31f055108:/# cat /etc/resolv.conf

nameserver      fdaa::3

### Docker creation

```bash
`fly deploy` with below docker file.

`fly.toml`

app = "snipeit-inventory"
primary_region = "ord"

[build]

[http_service]
  internal_port = 80
  force_https = true
  auto_stop_machines = true
  auto_start_machines = true
  min_machines_running = 1
  processes = ["app"]

[env]
  # Mysql Parameters
  MYSQL_PORT_3306_TCP_ADDR = ""   # Set in Secrets
  MYSQL_PORT_3306_TCP_PORT = 3306
  MYSQL_DATABASE = "snipeit"
  MYSQL_USER = ""    # Set in Secrets
  # MYSQL_PASSWORD = ""  # Set in Secrets
  DB_CONNECTION = "mysql"
  DB_SSL_IS_PAAS = true
  DB_SSL = true
  DB_SSL_CA_PATH = "/etc/ssl/cert.pem"

  # # Email Parameters
  # # - the hostname/IP address of your mailserver
  # MAIL_PORT_587_TCP_ADDR=smtp.whatever.com
  # #the port for the mailserver (probably 587, could be another)
  # MAIL_PORT_587_TCP_PORT=587
  # # the default from address, and from name for emails
  # MAIL_ENV_FROM_ADDR=youremail@yourdomain.com
  # MAIL_ENV_FROM_NAME=Your Full Email Name
  # # - pick 'tls' for SMTP-over-SSL, 'tcp' for unencrypted
  # MAIL_ENV_ENCRYPTION=tcp
  # # SMTP username and password
  # MAIL_ENV_USERNAME=your_email_username
  # MAIL_ENV_PASSWORD=your_email_password

  # Snipe-IT Settings
  APP_ENV = "production"
  APP_DEBUG = false
  APP_URL = "https://snipeit-inventory.fly.dev"
  APP_TIMEZONE = "America/Chicago"
  APP_LOCALE = "en"
  APP_TRUSTED_PROXIES="*"
  APP_ALLOW_INSECURE_HOSTS = true

  # Docker-specific variables
  PHP_UPLOAD_LIMIT = 100

  CACHE_DRIVER="file"
  SESSION_DRIVER="file"
  QUEUE_DRIVER="sync"
  CACHE_PREFIX="snipeit"

`Dockerfile`
```dockerfile
FROM lscr.io/linuxserver/snipe-it:latest

# workaround for no PID 1 in fly.io
RUN apk add --no-cache perl 
RUN mv /init /s6-init
ENTRYPOINT [ \
    "unshare", "--pid", "--fork", "--mount-proc", \
    "perl", "-e", "$SIG{INT}=''; $SIG{TERM}=''; exec @ARGV;", "--", \
    "/s6-init" ]

### Container logs

```bash
2023-09-04T21:40:48.560 runner[e82de31f055108] ord [info] Pulling container image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J

2023-09-04T21:40:50.084 runner[e82de31f055108] ord [info] Successfully prepared image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J (1.524273714s)

2023-09-04T21:40:50.458 runner[e82de31f055108] ord [info] Configuring firecracker

2023-09-04T21:40:50.705 app[e82de31f055108] ord [info] [ 0.041247] PCI: Fatal: No config space access function found

2023-09-04T21:40:50.931 app[e82de31f055108] ord [info] INFO Starting init (commit: 5293a085)...

2023-09-04T21:40:50.954 app[e82de31f055108] ord [info] INFO Preparing to run: `unshare --pid --fork --mount-proc perl -e $SIG{INT}=''; $SIG{TERM}=''; exec @ARGV; -- /s6-init` as root

2023-09-04T21:40:50.964 app[e82de31f055108] ord [info] INFO [fly api proxy] listening at /.fly/api

2023-09-04T21:40:50.968 app[e82de31f055108] ord [info] 2023/09/04 21:40:50 listening on [fdaa:2:f158:a7b:195:a39c:9682:2]:22 (DNS: [fdaa::3]:53)

2023-09-04T21:40:51.078 app[e82de31f055108] ord [info] [migrations] started

2023-09-04T21:40:51.089 app[e82de31f055108] ord [info] [migrations] 01-nginx-site-confs-default: executing...

2023-09-04T21:40:51.094 app[e82de31f055108] ord [info] [migrations] 01-nginx-site-confs-default: succeeded

2023-09-04T21:40:51.096 app[e82de31f055108] ord [info] [migrations] 02-default-location: executing...

2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] grep: /config/nginx/site-confs/default.conf: No such file or directory

2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] [migrations] 02-default-location: succeeded

2023-09-04T21:40:51.100 app[e82de31f055108] ord [info] [migrations] done

2023-09-04T21:40:51.108 app[e82de31f055108] ord [info] usermod: no changes

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██╗ ███████╗██╗ ██████╗

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ██╔════╝██║██╔═══██╗

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ███████╗██║██║ ██║

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ██║ ╚════██║██║██║ ██║

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ███████╗███████║██║╚██████╔╝

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ╚══════╝╚══════╝╚═╝ ╚═════╝

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] Brought to you by linuxserver.io

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.109 app[e82de31f055108] ord [info] To support the app dev(s) visit:

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] Snipe-IT: https://snipeitapp.com/donate

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] To support LSIO projects visit:

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] https://www.linuxserver.io/donate/

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] GID/UID

2023-09-04T21:40:51.110 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] User UID: 911

2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] User GID: 911

2023-09-04T21:40:51.112 app[e82de31f055108] ord [info] ───────────────────────────────────────

2023-09-04T21:40:51.141 app[e82de31f055108] ord [info] Setting resolver to fdaa::3

2023-09-04T21:40:51.143 app[e82de31f055108] ord [info] Setting worker_processes to 1

2023-09-04T21:40:51.151 app[e82de31f055108] ord [info] generating self-signed keys in /config/keys, you can replace these with your own keys if required

2023-09-04T21:40:51.294 app[e82de31f055108] ord [info] .....+..+.......+.....+.+..+......+............+....+...+...............+..+......+.............+...........+...+.+..+...+....+......+.........+...+..+.............+..+.+..............+......+.+...........+.......+..+......+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+............+.+..+............+.+..+....+...+............+.....+....+.....+.......+...+.....+......+.........+......+......+.......+..+..................+...+...+..........+..+....+......+........+.+...........+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:40:51.547 app[e82de31f055108] ord [info] ........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.........+..........+...+...+.....+......+...+..........+...............+...+..+.+............+...+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+......+................+..............+.+............+..+.+..+..........+......+......+...........+..........+..+......+.........+.+..+.........+......+...+.+.....+.........+....+........+.........+...+.+.................+....+.....+.+..+.......+.........+......+...+............+...+..+.+........+....+..+......+....+...+.....+..........+...+...+..+...+.+......+...+.....+.........+..........+...+..+......+.+...+...+..............+......+.......+........+...+.........+...+....+......+..+.+...........+......+.......+...+..+...+....+.........+...........+....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:40:51.551 app[e82de31f055108] ord [info] -----

2023-09-04T21:40:51.592 app[e82de31f055108] ord [info] Generating SnipeIT app key for first run

2023-09-04T21:40:52.180 app[e82de31f055108] ord [info] App Key set to base64:fN7eOiPl40DbemzYW1nwsJdsBCrdq7xOZQQDwa6SkXc= you can modify the file to update /config/SNIPE_IT_APP_KEY.txt

2023-09-04T21:40:52.204 app[e82de31f055108] ord [info] [custom-init] No custom files found, skipping...

2023-09-04T21:40:52.215 app[e82de31f055108] ord [info] crond[265]: crond (busybox 1.35.0) started, log level 5

2023-09-04T21:40:52.225 app[e82de31f055108] ord [info] [ls.io-init] done.

2023-09-04T21:40:52.249 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:53.258 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:54.266 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:55.275 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:56.286 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:57.295 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:58.304 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:40:59.312 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:00.218 app[e82de31f055108] ord [info] crond[265]: USER abc pid 325 cmd php /app/www/artisan schedule:run >> /dev/null 2>&1

2023-09-04T21:41:00.324 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:01.338 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:01.441 runner[7811004c515d08] ord [info] Pulling container image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J

2023-09-04T21:41:02.346 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:02.873 runner[7811004c515d08] ord [info] Successfully prepared image registry.fly.io/rootwerk-inventory:deployment-01H9H27WDHZEJT566F5WSRXX9J (1.431601465s)

2023-09-04T21:41:03.212 runner[7811004c515d08] ord [info] Configuring firecracker

2023-09-04T21:41:03.356 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:03.447 app[7811004c515d08] ord [info] [ 0.040560] PCI: Fatal: No config space access function found

2023-09-04T21:41:03.691 app[7811004c515d08] ord [info] INFO Starting init (commit: 5293a085)...

2023-09-04T21:41:03.720 app[7811004c515d08] ord [info] INFO Preparing to run: `unshare --pid --fork --mount-proc perl -e $SIG{INT}=''; $SIG{TERM}=''; exec @ARGV; -- /s6-init` as root

2023-09-04T21:41:03.730 app[7811004c515d08] ord [info] INFO [fly api proxy] listening at /.fly/api

2023-09-04T21:41:03.735 app[7811004c515d08] ord [info] 2023/09/04 21:41:03 listening on [fdaa:2:f158:a7b:17a:f909:57f:2]:22 (DNS: [fdaa::3]:53)

2023-09-04T21:41:03.847 app[7811004c515d08] ord [info] [migrations] started

2023-09-04T21:41:03.854 app[7811004c515d08] ord [info] [migrations] 01-nginx-site-confs-default: executing...

2023-09-04T21:41:03.860 app[7811004c515d08] ord [info] [migrations] 01-nginx-site-confs-default: succeeded

2023-09-04T21:41:03.863 app[7811004c515d08] ord [info] [migrations] 02-default-location: executing...

2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] grep: /config/nginx/site-confs/default.conf: No such file or directory

2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] [migrations] 02-default-location: succeeded

2023-09-04T21:41:03.867 app[7811004c515d08] ord [info] [migrations] done

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] usermod: no changes

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██╗ ███████╗██╗ ██████╗

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ██╔════╝██║██╔═══██╗

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ███████╗██║██║ ██║

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ██║ ╚════██║██║██║ ██║

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ███████╗███████║██║╚██████╔╝

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ╚══════╝╚══════╝╚═╝ ╚═════╝

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] Brought to you by linuxserver.io

2023-09-04T21:41:03.876 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.877 app[7811004c515d08] ord [info] To support the app dev(s) visit:

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] Snipe-IT: https://snipeitapp.com/donate

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] To support LSIO projects visit:

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] https://www.linuxserver.io/donate/

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] GID/UID

2023-09-04T21:41:03.878 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] User UID: 911

2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] User GID: 911

2023-09-04T21:41:03.879 app[7811004c515d08] ord [info] ───────────────────────────────────────

2023-09-04T21:41:03.912 app[7811004c515d08] ord [info] Setting resolver to fdaa::3

2023-09-04T21:41:03.914 app[7811004c515d08] ord [info] Setting worker_processes to 1

2023-09-04T21:41:03.923 app[7811004c515d08] ord [info] generating self-signed keys in /config/keys, you can replace these with your own keys if required

2023-09-04T21:41:04.031 app[7811004c515d08] ord [info] ...+......+.....+.+..+...+...+.+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+.+..+.........................+.....+.+..............+......+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+............+....+..+...................+...+..+....+..+.........+.+..+..........+......+......+...+...+........+.+...+...........+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:41:04.220 app[7811004c515d08] ord [info] ..........+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+...............+......+..+.+..+.......+..+.........+......+......+...+....+...+........+......+.........+.........+...+.......+..+.............+......+......+......+..+............+.+.....+.......+...+........+....+...+...+..+...+..........+......+.........+..+.......+..................+........+..........+..............+.......+...+..+....+...........+...+.+..+.........+......+....+........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2023-09-04T21:41:04.224 app[7811004c515d08] ord [info] -----

2023-09-04T21:41:04.264 app[7811004c515d08] ord [info] Generating SnipeIT app key for first run

2023-09-04T21:41:04.365 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:04.848 app[7811004c515d08] ord [info] App Key set to base64:NJ4B0oa2+//A5Pc8SbidKQeJmBy9Ir6I8Q9pYav2r10= you can modify the file to update /config/SNIPE_IT_APP_KEY.txt

2023-09-04T21:41:04.872 app[7811004c515d08] ord [info] [custom-init] No custom files found, skipping...

2023-09-04T21:41:04.884 app[7811004c515d08] ord [info] crond[266]: crond (busybox 1.35.0) started, log level 5

2023-09-04T21:41:04.895 app[7811004c515d08] ord [info] [ls.io-init] done.

2023-09-04T21:41:04.918 app[7811004c515d08] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:05.374 app[e82de31f055108] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3

2023-09-04T21:41:05.928 app[7811004c515d08] ord [info] nginx: [emerg] invalid port in resolver "fdaa::3" in /config/nginx/resolver.conf:3
github-actions[bot] commented 1 year ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

aptalca commented 1 year ago

https://github.com/linuxserver/docker-baseimage-alpine-nginx/blob/master/root/etc/s6-overlay/s6-rc.d/init-nginx/run#L38

For ipv6, you'll have to manually update/edit your resolver.conf

ellisgeek commented 1 year ago

nginx-proxy/nginx-proxy uses the below expression to handle ipv6 resolvers. I was able to patch init-nginx.run to handle it.

RESOLVERS=$(awk '$1 == "nameserver" {print ($2 ~ ":")? "["$2"]": $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g')

Below is a working patch.

--- init-nginx.run.orig 2023-09-04 17:43:42.729804394 -0500
+++ init-nginx.run.sh   2023-09-04 17:53:42.569749584 -0500
@@ -38,18 +38,19 @@
 # Set resolver, ignore ipv6 addresses
 touch /config/nginx/resolver.conf
 if ! grep -q 'resolver' /config/nginx/resolver.conf; then
-    RESOLVERRAW=$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf)
-    for i in ${RESOLVERRAW}; do
-        if [[ "$(awk -F ':' '{print NF-1}' <<<"${i}")" -le 2 ]]; then
-            RESOLVER="${RESOLVER} ${i}"
-        fi
-    done
-    if [[ -z "${RESOLVER}" ]]; then
-        RESOLVER="127.0.0.11"
+    RESOLVERS=$(awk '$1 == "nameserver" {print ($2 ~ ":")? "["$2"]": $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g')
+
+    if [[ -z "${RESOLVERS}" ]]; then
+        RESOLVERS="127.0.0.11"
     fi
-    echo "Setting resolver to ${RESOLVER}"
-    RESOLVEROUTPUT="# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\nresolver ${RESOLVER} valid=30s;"
-    echo -e "${RESOLVEROUTPUT}" >/config/nginx/resolver.conf
+    echo "Setting resolvers to ${RESOLVERS}"
+    RESOLVEROUTPUT="# This file is auto-generated only on first start, based on the container's /etc/resolv.conf file. Feel free to modify it as you wish.\n\n"
+    echo -e "${RESOLVEROUTPUT}" > /config/nginx/resolver.conf
+    for RESOLVER in ${RESOLVERS}; do
+        echo -e "resolver ${RESOLVER} valid=30s;" >> /config/nginx/resolver.conf
+    done
+    echo -e ""
+
 fi

 # Set worker_processes

I can open an PR to implement this if you'd approve it.

nemchik commented 1 year ago

The recommendation doesn't work if an ipv6 resolver with a port is supplied. ex:

nameserver      [fdaa::3]:53

results in

[[fdaa::3]:53]

I'm not opposed to considering a working solution for ipv6, but if we're going to change what we have it would be best to have a fairly comprehensive replacement.

LinuxServer-CI commented 11 months ago

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] commented 8 months ago

This issue is locked due to inactivity