Doooooo0o commented 4 years ago

description

Subspace's docker container have no documented option to disable ipv6. Default values on a host with explicitely disabled ipv6 are making the container crash:

+ ip addr add fd00::10:97:1/112 dev wg0
RTNETLINK answers: Permission denied

Reproduce

sysctl -w net.ipv6.conf.all.disable_ipv6=1

Then run community docker with those environment variable:

SUBSPACE_HTTP_HOST="subspace.example.com"
SUBSPACE_HTTP_ADDR="127.0.0.1"
SUBSPACE_LETSENCRYPT=false
SUBSPACE_HTTP_INSECURE=true
SUBSPACE_NAMESERVER="1.1.1.1"
SUBSPACE_LISTENPORT="51820" 
SUBSPACE_IPV4_POOL="192.168.123.0/24"
SUBSPACE_IPV4_GW="192.168.123.1"
SUBSPACE_IPV6_NAT_ENABLED=0

Expected behavior

ipv6 not being enabled

jack1902 commented 4 years ago

Can you show what command you use to run docker? The reproduce section you have provided leaves alot of room for guessing what you have used to deploy your subspace

Doooooo0o commented 4 years ago

Started by ansible via docker_container:

- name: Subspace
  tags: docker
  docker_container:
    name: subspace
    restart_policy: always
    recreate: yes
    image: subspacecommunity/subspace:latest
    network_mode: host
    capabilities: 
      - NET_ADMIN
    volumes:
      - /usr/bin/wg:/usr/bin/wg
      - /data:/data
    env:
      SUBSPACE_HTTP_HOST="subspace.example.com"
      SUBSPACE_HTTP_ADDR="127.0.0.1"
      SUBSPACE_LETSENCRYPT=false
      SUBSPACE_HTTP_INSECURE=true
      SUBSPACE_NAMESERVER="1.1.1.1"
      SUBSPACE_LISTENPORT="51820" 
      SUBSPACE_IPV4_POOL="192.168.123.0/24"
      SUBSPACE_IPV4_GW="192.168.123.1"
      SUBSPACE_IPV6_NAT_ENABLED=0

Doooooo0o commented 4 years ago

Related to #77, the endgame here is to use http only on subspace, and delegate SSL offloading to a reverse proxy.

subspacecommunity / subspace

Impossible to disable ipv6 on docker #78

description

Reproduce

Expected behavior