Closed sowinski closed 4 weeks ago
sowinski
commented
4 weeks ago https://github.com/mholt/caddy-ratelimit/issues/54
Hi, it would be interesting how you handle this case. Do you activate ipv6 for the container or do you extract the ipv6 from the NAT solution which ships with docker?
sowinski
commented
4 weeks ago So from what I found in the internet, most auf the users try to activate ipv6 instead of extracting the ipv6 addresses from the header coming from the NAT.
Because of this I also try to run caddy with activated ipv6. (With no success).
What have I done?
created /etc/docker/daemon.json
with:
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64",
"experimental": true,
"ip6tables": true
}and restarted docker:
sudo systemctl restart docker
`docker-compose.yml
...
networks:
caddy:
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1450
external: true
enable_ipv6: true
ipam:
config:
- subnet: 2001:0DB8::/112
...We need to remove the old caddy network and create a new one with:
docker create --ipv6 --subnet 2001:0DB8::/112 caddy
If I run docker network inspect caddy then I can see that ipv6 is enabled.
docker network inspect caddy
[
{
...
"EnableIPv6": true,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.24.0.0/16",
"Gateway": "172.24.0.1"
},
{
"Subnet": "2001:0DB8::/112",
"Gateway": "2001:db8::1"
}
]
},
...
"Containers": {
"1baf849ff58c74cccf8fbbf4a696cbd2fa0a417c5b4b8fcf787b0d5b33ee18c5": {
"Name": "whoami-whoami-1",
"EndpointID": "1a5f403d864e26922f383ce64e6d64716766d265efc5007baf70d7d145ae5ea0",
"MacAddress": "02:42:ac:18:00:03",
"IPv4Address": "172.24.0.3/16",
"IPv6Address": "2001:db8::3/112"
},
"566ca3ed4950b476fd9fec341fc7eb5fa97e6926abed965cacc04f187e66f642": {
"Name": "caddy-caddy-1",
"EndpointID": "dd0bcf84f05d3592e3b158cda10dda8f88d039b8faa2a65fd092fc584da11d01",
"MacAddress": "02:42:ac:18:00:02",
"IPv4Address": "172.24.0.2/16",
"IPv6Address": "2001:db8::2/112"
}
},
"Options": {},
"Labels": {}
}
]Create a simple response in the Caddyfile
:80 {
respond "Hello, World!"
}And check with curl if I get a response over the ipv6 address:
curl -6 http://[2001:db8::2]
Hello, World!And I can also see my ipv6 address in the caddy logs:
caddy-1 | {
"level":"info",
"ts":1717685556.944723,
"logger":"http.log.access",
"msg":"handled request",
"request":{
"remote_ip":"2001:db8::1",
"remote_port":"60414",
"client_ip":"2001:db8::1",
"proto":"HTTP/1.1",
"method":"GET",
"host":"[2001:db8::2]",
"uri":"/",
"headers":{
"User-Agent":[
"curl/7.81.0"
],
"Accept":[
"*/*"
]
}
},
"bytes_read":0,
"user_id":"",
"duration":0.000006885,
"size":13,
"status":200,
"resp_headers":{
"Server":[
"Caddy"
],
"Content-Type":[
"text/plain; charset=utf-8"
]
}
}
Hi,
this is my caddy docker compose file:
The network supports only ipv4. (DNS is externally configured for ipv4 and ipv6).
If I open my website with:
curl https://mywebsite.comI see in the caddy log my ipv4 address.If i open my website with ipv6:
curl -6 https://mywebsite.comI see in the caddy log an internal docker ip.I guess docker is translating my ipv6 address to an ipv4 address. Which is nice but I loose the ipv6 address in my logging.
What would be the correct way to make the ipv6 adress visible in the logs? Also I want to forward this ipv6 later to my django/guncorn container.
Can I forward somehow the address or do I have to change all my docker networks and enable ipv6?
I would prefer to keep my docker networks and forward somehow the ipv6 address. Is this possible?