IPv6 only Cloudron
-
So I spun up a local virtual machine at my home which has an IPv4 (NAT) and an IPv6 address too. The firewall is set to allow traffic via port 80 and 443 to this box but only for IPv6 because I have no public IPv4 available.
The install was going well until it got to the section where it creates a certificate, it seems like this only works via IPv4 as the log showed the ACME challenge (or whatever its called) failing over and over again.
-
So I spun up a local virtual machine at my home which has an IPv4 (NAT) and an IPv6 address too. The firewall is set to allow traffic via port 80 and 443 to this box but only for IPv6 because I have no public IPv4 available.
The install was going well until it got to the section where it creates a certificate, it seems like this only works via IPv4 as the log showed the ACME challenge (or whatever its called) failing over and over again.
-
@dimtar To clarify: the VM can make connections to IPv4, but is not accessible inboud from IPv4, only from IPv6?
Could you post the logs regarding ACME? I remember having had issues with that and IPv6 as well (not on Cloudron, but that shouldn't matter...).
@jk said in IPv6 only Cloudron:
@dimtar To clarify: the VM can make connections to IPv4, but is not accessible inboud from IPv4, only from IPv6?
That's correct, this is just at home with a VM that has IPv4 connection to the internet but is behind a NAT as per standard residential connections. IPv6 is open on the inbound yes.
Spun up a new VM, Cloudron was happy to get the certs but it didn't set any AAAA records only the A record which for NAT reasons isn't correct.
So far its letting me proceed so I will see what I can do. Thank you -
Greetings. Apparently I just fell into same rabbit hole. Im using Cloudron to set up Hetzner VPS with only IPv6 connectivity. Download of
cloudron-setupworked well - but execution fails:############################################## Cloudron Setup (latest) ############################################## Follow setup logs in a second terminal with: $ tail -f /var/log/cloudron-setup.log Join us at https://forum.cloudron.io for any questions. => Updating apt and installing script dependencies => Validating setup token Could not reach https://api.cloudron.io to complete setupIs there any reasonable possibilty to work around that? No worries otherwise - then I will buy additional IPv4 from Hetzner, no big deal. Thanks in advance.
-
Given our experience with Ipv6, it is not advised to only rely on it. So for a production Cloudron you should also use ipv4.
That being said, it is always good to venture further into ipv6 territory, so given that you apparently can't reach api.cloudron.io I saw that our api server missed the AAAA record. We will set this up to fix this issue at least. But even if that works, as mentioned for the moment make sure to have ipv4 as fallback still.
-
I have tried this a few months ago as well.
The next blocker is that the setup code does some domain IP validation, and refuses to continue of there are no IPv4 addresses available. I worked around it in the setup code of the box project on my machine, but that is of course highly discouraged
. Sadly, I lost that code (it wasn't too bad). I'm not entirely sure whether it works with a private IPv4. I haven't tested that. I don't think so though.Once the box supports primary IPv6, then the rest will more or less work. Because it support IPv6 mostly fine after setup. Thinks like the web front-end, and mail all work with IPv6.
Individual apps may or may not work if they do something other than standard HTTP(S). The OpenVPN app for example does not work correctly yet. At least it does not route IPv6 through the tunnel, possibly because the Docker containers are all IPv4-only.
-
I have tried this a few months ago as well.
The next blocker is that the setup code does some domain IP validation, and refuses to continue of there are no IPv4 addresses available. I worked around it in the setup code of the box project on my machine, but that is of course highly discouraged
. Sadly, I lost that code (it wasn't too bad). I'm not entirely sure whether it works with a private IPv4. I haven't tested that. I don't think so though.Once the box supports primary IPv6, then the rest will more or less work. Because it support IPv6 mostly fine after setup. Thinks like the web front-end, and mail all work with IPv6.
Individual apps may or may not work if they do something other than standard HTTP(S). The OpenVPN app for example does not work correctly yet. At least it does not route IPv6 through the tunnel, possibly because the Docker containers are all IPv4-only.
@jk said in IPv6 only Cloudron:
possibly because the Docker containers are all IPv4-only.
internally, IPv6 is enabled for containers. Could be some other issue though.
Previously, the biggest blocker was both npm and docker hub not supporting ipv6. Both of these support ipv6 now. I think the biggest blocker is really the UX at this point. Practically all public wifis (cafes, airports) and most home networks still have only IPv4. This makes the server unreachable... I have been working out of a co-working space which doesn't have IPv6 either!
-
G girish moved this topic from Discuss on
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
