Closed vintury closed 1 year ago
Meant as contribution to issue: as an idea for how to check, since curl
is often installed by default in linux systems, maybe:
$ curl -6 https://passbolt.com
curl: (6) Couldn't resolve host 'passbolt.com'
Could be checked before starting supervisor? Maybe also a new env variable like PASSBOLT_HOST_IPV6_DISABLED
(boolean, default is FALSE).
EDIT: Docker compose file already seems to be overwriting with ipv4 only for 443. (But not 80?) https://github.com/passbolt/passbolt_docker/blob/e51a518db14d0254d4a4747084eee124fcb1bdbc/debian/Dockerfile#L35
Hello everyone!
Thanks for the feedback @vintury! I think the best would be to mount a specific nginx configuration file disabling ipv6 to support your use case.
@garrettboone The line you posted is not overwriting it is adding ipv4 to the SSL snippet (note the /a command of sed). /etc/nginx/sites-enabled/nginx-passbolt.conf
contains the listen for the default port 80 that supports ipv4 and ipv6. I'm saying it is the best to do it but I don't remember the reason behind it at the moment.
We try to accommodate all use cases supporting ipv6 and ipv4 on HTTPS/HTTP using /etc/nginx/snippets/passbolt-ssl.conf
and /etc/nginx/sites-enabled/nginx-passbolt.conf
. This way people can do full SSL to the container or do SSL offloading if they wish.
I'm not very enthusiastic about doing the ipv6 detection. Especially when users could mount the nginx configuration files they want to support their use cases.
@dlen You're right, missed that. I think certbot maybe needs ipv6?
@vintury Here's a related forum post: https://community.passbolt.com/t/cannot-run-passbolt-from-docker/4310/3 If you look for the post in the thread that is the solution, it is suggested to mount an external nginx config file with the settings you need.
@dlen You're right, missed that. I think certbot maybe needs ipv6?
If I'm not wrong support for ipv6 was a user request a long time ago.
Thank you. This workaround help me. May be you can fix this in your image?
I'm closing this we are not likely to include this on the passbolt images unless there is a significant demand.
How to reproduce: Disable ipv6 on boot:
Installation:
Logs: