IPv6 only Cloudron
-
I am working on making Cloudron work on pure IPv6 servers i.e servers with no public IPv4. Thought I will put my notes here since it covers a bunch of technologies that might be interesting to others not using Cloudron as well.
-
First up, unbound. In our unbound config, we had disabled ip6 using the
do-ip6: nosetting. IIRC, we had this because unbound will not start up on servers with IPv6 disabled (in the kernel). Maybe this is a thing of the past by now. Removing the flag makes unbound start. -
We use
api.cloudron.ioto query the latest Cloudron release. This domain is IPv4 only. In Cloudron versions before 7.0, we used to usehttps://api.cloudron.io/api/v1/helper/public_ipto detect the IPv4 address of a server. Adding an IPv6 address toapi.cloudron.iowould have resulted in an incorrect detection. We usesuperagentfor http requests and afaict there is no way to force it to use IPv4. In versions >= 7.0, we have switched to usinghttps://ipv4.api.cloudron.io/api/v1/helper/public_ip. So, in the next releaseapi.cloudron.iowill also have an AAAA record (which also means pre 7.0 installations might break). -
Docker hub does not support IPv6 out of the box. The default registry is
registry-1.docker.iowhich is IPv4 only. Beta support for IPv6 was announced a while ago. Looks like we have to detect IPv6 only setup and change the registry toregistry.ipv6.docker.com.I have some code like this as a hack:
if ! curl -s --fail --connect-timeout 2 --max-time 2 https://ipv4.api.cloudron.io/api/v1/helper/public_ip; then docker_registry=registry.ipv6.docker.com else docker_registry=registry-1.docker.io fi ... docker pull "${docker_registry}/${image}"I think another solution might be to use
--registry-mirror mirror.gcr.ioin the docker daemon (have to find an alternative to gcr). Haven't tried this out. -
@girish Cloudron should know if it's ipv4, ipv6 or both and act accordingly, not play timeout games.
-
@robi right... except one can add and remove IPs to a server dynamically. Not sure how we can determine the current status. Maybe some guesses based on the interface configuration.
-
@girish if the network knows, the server can know.
-
Next issue I hit was that npm does not work on IPv6 only networks. https://github.com/npm/cli/issues/2519 , https://www.nico.schottelius.org/blog/nodejs-and-ipv6-only-networks/ and https://github.com/nodejs/node/pull/31567 have more info. Haven't found a solution to this one yet.
-
@girish send it through a 6to4 proxy. Usually the URLs are guessable in advance via a host or domain change.
-
The issue seems fixed in node 18. For node 16,
NODE_OPTIONS="--dns-result-order=verbatim" npm installdoes the trick. -
https://en.wikipedia.org/wiki/Happy_Eyeballs seems to be some sort of connectivity check standard.
-
Hello @girish
Is there any work planned in this direction. I have exactly the setup you've described. Dynamic IPv4 and only IPv6 static. I can assign AAAA DNS record to cloudron IPv6 address but the inhalation stops on waiting DNS of my.mydomain.com.
Could you suggest any workaround or tell me if you're going to continue working on this? -
@Plinsboorg Dynamic IPv6 and IPv6 static should already work. (This thread was about IPv6 only server, i.e no IPv4 at all). Can you check if your DNS has indeed propagated ? You can check this with
host my.mydomain.com. Does this point to your dynamic IPv4 ?
