CODEWITHSUNDEEP
dockerdocker-composeportipv6
Matthias Holzapfel
Matthias Holzapfel

Reputation: 540

Docker-compose expose Port on IPv6

I'm trying to run a docker Container with a number of exposed ports on IPv6. I don't want the containers to have IPv6 addresses of their own. All I want is for them to be reachable under the IPv6 address of the host (using port forwarding).

I enabled IPv6 in the docker daemon (http://docs.docker.oeynet.com/engine/userguide/networking/default_network/ipv6/).

I tried

ports:
  # The HTTP port
  - ":::80:80"

in the docker-compose.yaml for the container but that seems to mess up the configuration completely:

CONTAINER ID   IMAGE                    COMMAND                  CREATED        STATUS                  PORTS                                                                                  NAMES
9774a1a6322c   traefik:latest           "/entrypoint.sh --ap…"   1 second ago   Up Less than a second   80/tcp                                                                                 traefik

With another container (that is not under my control an I can't seem to find out how it's started), the ports were forwarded correctly:

a04b40299a8f   portainer/portainer-ce   "/portainer"             7 days ago     Up 3 minutes            0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp   portainer

This one is also reachable using the IPv6 address of the host (as expected). How can I achieve this for the first container?

Upvotes: 6

Views: 18073

Answers (2)

Steve Foerster
Steve Foerster

Reputation: 521

Quick addition here: the IPv6 syntax uses brackets [::]

ports:
  # The HTTP port
  - "[::]:80:80"

Upvotes: 7

Ovsyanka
Ovsyanka

Reputation: 418

In short

You have to manually select some ipv6 capable network in the docker-compose.yml file, for example:

services:
    serviceName:
        networks:
            - traefik

networks:
    traefik:
        enable_ipv6: true
        ipam:
            config:
                - subnet: "fd12:3456:789a:1::/64"

Be aware that some outdated docker-compose versions doesn't support enable_ipv6 option. It is fixed somewhere between 1.26.2 (doesn't support) and 1.27.4 (does support).

Explanation

When you start Docker, a default bridge network (also called bridge) is created automatically, and newly-started containers connect to it unless otherwise specified. src

But when you use docker-compose it creates a network for you if you didn't specify one. Looks like that in the log:

Creating network "traefik_default" with the default driver

And this default network hasn't ipv6 enabled:

$ docker network inspect traefik_default | grep EnableIPv6
    "EnableIPv6": false,

So, you should define a custom network with ipv6 enabled. Subnet parameter is mandatory if I am not mistaken and you can use some private ipv6 subnet like in my example above.

Be aware that the actual name of the network in my example will be <projectName>_traefik. You can create an external network instead with completely user-defined name (traefik in this case):

docker network create --ipv6 --subnet=fd12:3456:789a:2::/64 traefik

Upvotes: 6

Related Questions