Docker Help IPv6 Nginx-Proxy

Hey everyone,

I am looking for a little help. I’ve been trying to get nginx-proxy: GitHub - jwilder/nginx-proxy: Automated nginx proxy for Docker containers using docker-gen working with IPv6. It works but the IP address is an IPv4 address from the docker server. I don’t want this… I want it to show my actual IPv6 client address. I use this for some of my apps.

X-Real-IP X-Forward-For is showing the wrong IP address as well.

The problem is that the below give me a fix that breaks the lets-encrypt companion.

Convos about it:

Alas, any help would be appreciated. Even a different proxy would work for me.

1 Like

I’m not sure there’s an easy way to do that without using DNAT, as docker sets up masquerade by default for all containers. Try launching with -P to expose the port, or use KVM as GOD and COUNTRY intended.

I think I might have figured it out, and -P doesn’t work just as an FYI.

Huh. Surprised that it doesn’t, but assigning an IPv6 address should just work.

I thought nginx-proxy was abandoned. traefik is a far more useful and elegant front-end proxy for docker containers IMHO. At least for my use cases.

I tried Traefik before, it was a mess to setup. Half the documentation wasn’t accurate or valid for the current release.

I spent a few days trying to set it up, only to find out that it wasn’t supported unless you bought the premium package.

Do you have a docker-compose with a working let’s encrypt bundle?

Also, it looks like nginx-proxy is being maintained to me:

Let’s encrypt certs support is built in to traefik, so that helps.

Here’s some relevant files. Maybe I should have PM’d them?

my docker-compose for traefik:

version: '2'

services:
  reverse-proxy:
    image: traefik # The official Traefik docker image
    restart: always
    ports:
      # - "80:80"     # The HTTP port
      - "443:443"   # HTTPS
      - "10.25.99.123:1880:8080" # The Web UI exposed to my vpn (enabled by --api)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /home/me/docker/traefik/acme.json:/acme.json
      - /home/me/docker/traefik/traefik.toml:/traefik.toml
      - /home/me/docker/traefik/logs:/var/log
    networks:
      - proxy

networks:
  proxy:
    external: true

… and the traefik.toml:

defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "my-domain.com"
watch = true
exposedByDefault = false

[api]

[acme]
email = "my-email@aol.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true

then in a docker-compose for a container that’s going to be exposed…

services:
  service-name:
    ...
    labels:
    - traefik.enable=true
    - traefik.backend=<service-name>
    - traefik.frontend.rule=Host:service.my-domain.com
    - traefik.docker.network=proxy
    - traefik.port=80
    networks:
    - default
    - proxy
    ...

the acme.json file is created and maintained by traefik. It holds certs and other info from Let’s Encrypt.

[Edit] And actually your IPv6 issues have been discussed (and solved I think) with traefik here.

3 Likes

Thank you and Thank you!

And the IPv6 fix is what I did with Nginx-proxy. Exact same fix to be honest.

There is also GitHub - Neilpang/nginx-proxy: nginx proxy with free ssl cert by acme.sh which is a cleaner setup IMO. I’ve only messed around with it a bit in testing and for a low usage test case but it works well for that.

Did you get it to work with IPv6. I tried it a few days ago, and it failed to work with IPv6.