diff --git a/scripts/cloudron-support b/scripts/cloudron-support index 05ee67f79..adbfdbc8d 100755 --- a/scripts/cloudron-support +++ b/scripts/cloudron-support @@ -361,14 +361,46 @@ function check_node() { success "node version is correct" } +function print_ipv6_disable_howto() { + echo "Instead of disabling IPv6 globally, you can disable it at an interface level." + for iface in $(ls /sys/class/net | grep -vE '^(lo|veth|docker|virbr|br|vmnet|tun|tap|wl|we)'); do + echo -e "\tsysctl -w net.ipv6.conf.${iface}.disable_ipv6=1" + done + + echo "For above configuration to persist reboots, you have to add below to /etc/sysctl.conf" + for iface in $(ls /sys/class/net | grep -vE '^(lo|veth|docker|virbr|br|vmnet|tun|tap|wl|we)'); do + echo -e "\tnet.ipv6.conf.${iface}.disable_ipv6=1" + done +} + function check_ipv6() { ipv6_disable=$(cat /sys/module/ipv6/parameters/disable) if [[ "${ipv6_disable}" == "1" ]]; then fail "IPv6 is disabled in kernel. Cloudron requires IPv6 in kernel" - echo "Instead of disabling IPv6 globally, you can disable it at an interface level using 'net.ipv6.conf..disable_ipv6 = 1'" + print_ipv6_disable_howto + exit 1 fi - success "IPv6 is enabled" + # check if server has IPv6 address + has_ipv6_address=0 + for iface in $(ls /sys/class/net | grep -vE '^(lo|veth|docker|virbr|br|vmnet|tun|tap|wl|we)'); do + if ipv6=$(ip -6 addr show dev ${iface} | grep -o 'inet6 [^ ]*' | awk '{print $2}' | grep -v '^fe80'); then + [[ -n "${ipv6}" ]] && has_ipv6_address=1 + fi + done + + if [[ "${has_ipv6_address}" == "0" ]]; then + success "IPv6 is enabled. No public IPv6 address" + return + fi + + if ! ping6 -q -c 1 api.cloudron.io; then + fail "Server has an IPv6 address but api.cloudron.io is unreachable via IPv6" + print_ipv6_disable_howto + exit 1 + fi + + success "IPv6 is enabled and public IPv6 address is working" } function check_docker() {