服务器以前一直是使用 Docker CLI 创建的网络,robbertkl/docker-ipv6nat
这个项目维护的 NAT,容器能通过 https 服务器公网 IPv6 地址 :8000 访问。最近开了 userns-remap,改用 Docker Compose 部署,发现怎么也无法通过 IPv6 访问,请大家帮忙看看。
Docker IPv6 配置方法:
sudo su
echo '{
"userns-remap": "default",
"ipv6": true,
"fixed-cidr-v6": "fd00:0:0::/48"
}' > /etc/docker/daemon.json
exit
sudo systemctl restart docker
sudo ip6tables -t nat -A POSTROUTING -s fd00:0:0::/48 ! -o docker0 -j MASQUERADE
sudo docker run --rm -t busybox ping6 -c 2 google.com
sudo docker run -d --userns=host --name ipv6nat --privileged --network host --restart always -v /var/run/docker.sock:/var/run/docker.sock:ro -v /lib/modules:/lib/modules:ro robbertkl/ipv6nat
docker-compose.yml 写法 1 (容器能访问外网 IPv6,外网不能通过主机 IPv6 访问容器,官网看到的写法,有人说 v3 不支持 IPv6 所以用了 v2 的配置)
version: '2.1'
services:
caddy:
image: caddy
restart: always
ports:
- 80:80
- 8000:443
volumes:
- /var/volumes/caddy/configs:/etc/caddy
- /var/volumes/caddy/data:/data/caddy
- /var/volumes/caddy/certs:/etc/ssl/certs/caddy
- /var/volumes/caddy/private:/etc/ssl/private/caddy
- /var/volumes/caddy/logs:/var/log/caddy
- /mnt/sda1/var/volumes/caddy/storage:/storage
networks:
app_net:
ipv6_address: fd00:0:1::10
networks:
app_net:
enable_ipv6: true
driver: bridge
ipam:
driver: default
config:
- subnet: fd00:0:1::/48
gateway: fd00:0:1::1
docker-compose.yml 写法 2 (容器不能访问外网 IPv6,外网不能通过主机 IPv6 访问容器,社区看到的写法)
version: '3.8'
services:
caddy:
image: caddy
restart: always
ports:
- 80:80
- 8000:443
volumes:
- /var/volumes/caddy/configs:/etc/caddy
- /var/volumes/caddy/data:/data/caddy
- /var/volumes/caddy/certs:/etc/ssl/certs/caddy
- /var/volumes/caddy/private:/etc/ssl/private/caddy
- /var/volumes/caddy/logs:/var/log/caddy
- /var/volumes/caddy/storage:/storage
networks:
app_net:
network:
app_net:
ipam:
driver: default
config:
- subnet: "10.0.1.0/24"
- subnet: "fd00:0:1::/48"
期望效果:容器能访问外网 IPv6,外网能通过主机 IPv6+端口访问容器。 折腾三天还没实现,请问有大佬有思路吗,谢谢。
1
pierreorz 2020-12-09 16:05:50 +08:00
我也遇到同样的问题。。哎。感觉只监听了 IPv4 的端口
|
2
naoh1000 OP 我好像选错节点了...
|