Просмотр исходного кода

Merge pull request #1557 from joe-p/remove_scoped

Remove scoped IPv6 addresses from resolvers (fix #1424)
Nicolas Duchon 4 лет назад
Родитель
Сommit
fa3962e54f
2 измененных файлов с 17 добавлено и 2 удалено
  1. 8 0
      README.md
  2. 9 2
      docker-entrypoint.sh

+ 8 - 0
README.md

@@ -74,6 +74,14 @@ You can activate the IPv6 support for the nginx-proxy container by passing the v
 
     $ docker run -d -p 80:80 -e ENABLE_IPV6=true -v /var/run/docker.sock:/tmp/docker.sock:ro nginxproxy/nginx-proxy
 
+#### Scoped IPv6 Resolvers
+
+NginX does not support scoped IPv6 resolvers. In [docker-entrypoint.sh](./docker-entrypoint.sh) the resolvers are parsed from resolv.conf, but any scoped IPv6 addreses will be removed. 
+
+#### IPv6 NAT
+
+By default, docker uses IPv6-to-IPv4 NAT. This means all client connections from IPv6 addresses will show docker's internal IPv4 host address. To see true IPv6 client IP addresses, you must [enable IPv6](https://docs.docker.com/config/daemon/ipv6/) and use [ipv6nat](https://github.com/robbertkl/docker-ipv6nat). You must also disable the userland proxy by adding `"userland-proxy": false` to `/etc/docker/daemon.json` and restarting the daemon.
+
 ### Multiple Ports
 
 If your container exposes multiple ports, nginx-proxy will default to the service running on port 80.  If you need to specify a different port, you can set a VIRTUAL_PORT env var to select a different one.  If your container only exposes one port and it has a VIRTUAL_HOST env var set, that port will be selected.

+ 9 - 2
docker-entrypoint.sh

@@ -19,9 +19,16 @@ fi
 
 # Compute the DNS resolvers for use in the templates - if the IP contains ":", it's IPv6 and must be enclosed in []
 RESOLVERS=$(awk '$1 == "nameserver" {print ($2 ~ ":")? "["$2"]": $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g'); export RESOLVERS
+
+SCOPED_IPV6_REGEX="\[fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\]"
+
 if [ "$RESOLVERS" = "" ]; then
-    echo "Warning: unable to determine DNS resolvers for nginx" >&2
-    unset RESOLVERS
+	echo "Warning: unable to determine DNS resolvers for nginx" >&2
+	unset RESOLVERS
+elif [[ $RESOLVERS =~ $SCOPED_IPV6_REGEX ]]; then
+	echo -n "Warning: Scoped IPv6 addresses removed from resolvers: " >&2
+	echo "$RESOLVERS" | grep -Eo "$SCOPED_IPV6_REGEX" | paste -s -d ' ' >&2
+	RESOLVERS=$(echo "$RESOLVERS" | sed -r "s/$SCOPED_IPV6_REGEX//g" | xargs echo -n); export RESOLVERS
 fi
 
 # If the user has run the default command and the socket doesn't exist, fail