Search code examples
dockerdocker-composeportipv6

Docker-compose expose Port on IPv6

I'm trying to run a docker Container with a number of exposed ports on IPv6. I don't want the containers to have IPv6 addresses of their own. All I want is for them to be reachable under the IPv6 address of the host (using port forwarding).

I enabled IPv6 in the docker daemon (http://docs.docker.oeynet.com/engine/userguide/networking/default_network/ipv6/).

I tried

ports:
  # The HTTP port
  - ":::80:80"

in the docker-compose.yaml for the container but that seems to mess up the configuration completely:

CONTAINER ID   IMAGE                    COMMAND                  CREATED        STATUS                  PORTS                                                                                  NAMES
9774a1a6322c   traefik:latest           "/entrypoint.sh --ap…"   1 second ago   Up Less than a second   80/tcp                                                                                 traefik

With another container (that is not under my control an I can't seem to find out how it's started), the ports were forwarded correctly:

a04b40299a8f   portainer/portainer-ce   "/portainer"             7 days ago     Up 3 minutes            0.0.0.0:8000->8000/tcp, :::8000->8000/tcp, 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp   portainer

This one is also reachable using the IPv6 address of the host (as expected). How can I achieve this for the first container?

Solution

  • In short

    You have to manually select some ipv6 capable network in the docker-compose.yml file, for example:

    services:
    serviceName:
        networks:
            - traefik

networks:
    traefik:
        enable_ipv6: true
        ipam:
            config:
                - subnet: "fd12:3456:789a:1::/64"

    Be aware that some outdated docker-compose versions doesn't support enable_ipv6 option. It is fixed somewhere between 1.26.2 (doesn't support) and 1.27.4 (does support).

    Explanation

    When you start Docker, a default bridge network (also called bridge) is created automatically, and newly-started containers connect to it unless otherwise specified. src

    But when you use docker-compose it creates a network for you if you didn't specify one. Looks like that in the log:

    Creating network "traefik_default" with the default driver

    And this default network hasn't ipv6 enabled:

    $ docker network inspect traefik_default | grep EnableIPv6
    "EnableIPv6": false,

    So, you should define a custom network with ipv6 enabled. Subnet parameter is mandatory if I am not mistaken and you can use some private ipv6 subnet like in my example above.

    Be aware that the actual name of the network in my example will be <projectName>_traefik. You can create an external network instead with completely user-defined name (traefik in this case):

    docker network create --ipv6 --subnet=fd12:3456:789a:2::/64 traefik