ipv6 not working with NPM in Docker

[swoop124]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug
til now i only used ipv4 and npm was working fine, even with an Access List. Now i am beginning to switch to ipv6.
When no Acces List is set, NPM works fine with ipv6. But when i activate an Access List, i get a 403 Forbidden. Even when i allow my ipv6 Subnet in the Access List.

Nginx Proxy Manager Version
v2.9.12

To Reproduce
Steps to reproduce the behavior:

1. add your ipv6 and ipv4 to an access list
2. add this access list to a Website that is routed throug npm
3. open the Website, that is routed through npm and has an access list.
4. see 403 Forbidden

Expected behavior
open the Website even when coming from ipv6, only if in access list allowed

Screenshots

my Access List

Operating System
nmp is installed on a debian 10 (buster 10.10) in docker 20.10.8, build 3967b7d with enabled ipv6

Additional context
For testing i installed nmp on a alpine Proxmox LXC, with the same Access List. There it was working like a charme.

I found out, that when i am coming from a ipv6 subnet, then this ipv6 IP is natted to a Docker-Internal ipv4 address. Even within a internal ipv6 network it is natted to a internal ipv6-address.

[chaptergy]

#1105 (comment) might help

[swoop124]

hi an thanks for the suggession, but no, it isn't helping.

still same message in log:
[22/Nov/2021:08:24:02 +0000] - - 403 - GET https sub.domain.com "/" [Client 172.18.0.1] [Length 111] [Gzip 1.35] [Sent-to host] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
[22/Nov/2021:08:24:02 +0000] - - 403 - GET https sub.domain.com "/favicon.ico" [Client 172.18.0.1] [Length 111] [Gzip 1.35] [Sent-to host] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "https://sub.domain.com/"

I am coming from an ipv6 ip-address.

[swoop124]

no one else?

[Saik0Shinigami]

From my understanding the Docker gateway is converting IPv6 traffic to IPv4, thus why you see 172.18.0.1 as your client.

I'm in the same boat and have yet to find a functional solution.

(Aside from host mode networking that is.)

[swoop124]

yes you are right. why npm-docker is doing that, i dont know.

my solution is, i use an alpine linux VM/LXC. With that it is working and ipv4 and ipv6 are working.
as soon as i have my setup running, i can report.

regards

[swoop124]

ok.
i've installed a complet new alpine-lxc on my Proxmox Server and deployed npm.
now it is working as expected. even with ipv6.

the only problem was, that i had to configure all my domains an certificates once again, so it would be very goot, if there is a export and import funktionality.

regards

[Intenos]

I believe I have also an issue with jc21/nginx-proxy-manager and ipv6.

I have setup a reverse proxy for Nextcloud (besides others). Everything works well, except of the Nextcloud Android App used remotely, not via the local WIFI. I know that this is related to ipv6 as I already had an issue with it about one year ago which I fixed by properly setting up the ipv6 routing in my router (Fritz!Box). Any issue there I can exclude as route case and clearly link it to the Nginx-Proxy-Manager as everything works when disabling NPM and setting up a reverse proxy via the local Nginx of my openmediaVault system.

However, this I did only for testing as I there miss the auto-generated LetsEntscrypt certificate. Therefore I hope that anybody can help with a solution.

[Intenos]

I just found that it works with jlesage/nginx-proxy-manager.

[github-actions]

Issue is now considered stale. If you want to keep it open, please comment 👍

[github-actions]

Issue was closed due to inactivity.