ca83deb761
Docker's initial IPv6 support is based on allocating public IPv6 to containers. This approach has many issues: * The server may not get a block of IPv6 assigned to it * It's complicated to allocate a block of IPv6 to cloudron server on home setups * It's unclear how dynamic IPv6 is. If it's dynamic, then should containers be recreated? * DNS setup is complicated * Not a issue for Cloudron itself, but with -P, it just exposed the full container into the world Given these issues, IPv6 NAT is being considered. Even though NAT is not a security mechanism as such, it does offer benefits that we care about: * We can allocate some private IPv6 to containers * Have docker NAT66 the exposed ports * Works similar to IPv4 Currently, the IPv6 ports are always mapped and exposed. The "Enable IPv6" config option is only whether to automate AAAA records or not. This way, user can enable it and 'sync' dns and we don't need to re-create containers etc. There is no inherent benefit is not exposing IPv6 at all everywhere unless we find it unstable. Fixes #264
8.4 KiB
Executable File
8.4 KiB
Executable File