AIO not accepting an IPv6 only domain

[beckerj]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

1. Setup Server with public IPv6
2. Run install process from Readme up until AIO is accessible
3. Acces AIO Interface (even works with letsencrypt auto enroll)
4. Enter domain in domain field & click submit

Expected behavior

Domain should be usable as AAAA Record ist properly set

Actual behavior

DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '')

Host OS

Ubuntu 22.04

Nextcloud AIO version

Nextcloud AIO v1.4.2

Current channel

latest

Other valuable info

Could be caused by [all-in-one/php/src/Data/ConfigurationManager.php] $dnsRecordIP = gethostbyname($domain); if ($dnsRecordIP === $domain) { $dnsRecordIP = ''; }

// Validate IP
if(!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");

-->afaik gethostbyname will not properly return IPv6 (AF_INET6) Adresses

[szaimen]

Hi, thanks for your report!

@beckerj do you think https://github.com/nextcloud/all-in-one/pull/874 will fix it? :)

[beckerj]

I'm not an expert but it looks good to me. Thanks for the quick fix. I will try it out as soon as it's released and let you know.

[szaimen]

Thanks! I will let you know as soon as it is released! :)

[szaimen]

Hello, this was just released with 1.5.0 Beta. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel

[beckerj]

It sort of seems to work, however I now get another error: The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port. Portchecker.co however reports the port as open, as does ss -ln:

[szaimen]

Can you test if the ss -ln command works from inside the mastercontainer? (You may need to install the utility first).

[beckerj]

It's listening to IPv4 only, but I believe thats always the case with docker and it would translate the IPv6 outside socket to an IPv4 inside socket, would it not?

[szaimen]

I believe thats always the case with docker and it would translate the IPv6 outside socket to an IPv4 inside socket, would it not?

I don't know. Does the command work from inside the container? If not, is probably the translation not working...

[beckerj]

the last screenshot was from inside the container, there is a listening socket on :443 , it is plain http (no ssl), but it is bound. Also, the curl response is the same from inside the master container:

bash-5.1# curl -v http://localhost:443
*   Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443 (#0)
> GET / HTTP/1.1
> Host: localhost:443
> User-Agent: curl/7.80.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: text/html
< ETag: "3103561244"
< Last-Modified: Mon, 04 Jul 2022 15:28:18 GMT
< Content-Length: 49
< Accept-Ranges: bytes
< Date: Mon, 04 Jul 2022 18:23:37 GMT
< Server: lighttpd/1.4.64
< 
48e813a3818e6051a06152e24f1ac838333482104303c7e5
* Connection #0 to host localhost left intact

as from the outside:

curl -v http://nextcloud-aio-872:443
*   Trying <redcatedipv6>:443...
* Connected to nextcloud-aio-872 (<redcatedipv6>) port 443 (#0)
> GET / HTTP/1.1
> Host: nextcloud-aio-872:443
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: text/html
< ETag: "3103561244"
< Last-Modified: Mon, 04 Jul 2022 15:28:18 GMT
< Content-Length: 49
< Accept-Ranges: bytes
< Date: Mon, 04 Jul 2022 18:27:36 GMT
< Server: lighttpd/1.4.64
< 
48e813a3818e6051a06152e24f1ac838333482104303c7e5
* Connection #0 to host nextcloud-aio-872 left intact

[beckerj]

Strike my last comment, I was actually mistakenly trying from inside the domaincheck container, not the master-container. Sorry for the confusion. It seems the master-container has problems connecting to the domaincheck container because it cannot assign an address:

curl -v http://nextcloud-aio-872:443
*   Trying <redcatedipv6>:443...
* Immediate connect fail for <redcatedipv6>: Cannot assign requested address
* Closing connection 0
curl: (7) Couldn't connect to server

I guess I'll look into IPv6 addressing for docker a bit...

[beckerj]

Alright, got the missing IPv6 in docker sorted out by configuring according to https://docs.docker.com/config/daemon/ipv6/

Now onto the next problem, please tell me if I should open a different issue for it: The domaincheck container is forwarding the IPv4 and IPv6 socket for port 443, but is internally only listening to IPv4. Since it now has an IPv6, it will not fallback to IPv4. Adding something like this: $SERVER["socket"] == "[::]:443" { } or possibly $SERVER["socket"] == "[::]:env.APACHE_PORT" { } to lighttpd.conf might solve it.

[beckerj]

@szaimen are you still looking into this here or should I open a seperate issue?

[szaimen]

Sorry, I was not working the last days. I've created https://github.com/nextcloud/all-in-one/pull/898 and hope that it solves the lighttpd problem... as for the usual docker ipv6 problem, I guess we need to document this in the readme...

[szaimen]

This is now released with 1.6.0 Beta. Testing and feedback is welcome! See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel

[beckerj]

Thanks for the great work, the new beta works without problems regarding the domaincheck. If there are any further problems with IPv6 only with any of the other containers, I will open a seperate issue. However, there doesn't seem to be any issues at all so far, containers are all up and runnning.

[szaimen]

Perfect! Thanks for testing and verifying!