eCommons/docs.coopcloud.tech
0
0
Fork 0
forked from toolshed/docs.coopcloud.tech
Code Pull Requests Activity

Compare commits

base: eCommons:main
Branches Tags
eCommons:main eCommons:docs-ipv6 eCommons:fix/780 eCommons:feat/v013 eCommons:val-patch-1-offline eCommons:push-yypzsxomtvss eCommons:feature/bytesGeneration eCommons:doc-local-recipes eCommons:docker-cli-fork eCommons:docs/stack-name-note eCommons:annotated-tags eCommons:update-mir eCommons:operator-tutorial-fix eCommons:R32 eCommons:lambdabundesverband-patch-1 eCommons:auto-menu eCommons:migrate-021 eCommons:resolutions-march eCommons:add/karrot-joining-resolution eCommons:decap-cms eCommons:010-budget-format eCommons:translation toolshed:main toolshed:fix/780 toolshed:feat/v013 toolshed:val-patch-1-offline toolshed:push-yypzsxomtvss toolshed:feature/bytesGeneration toolshed:doc-local-recipes toolshed:docker-cli-fork toolshed:docs/stack-name-note toolshed:annotated-tags toolshed:update-mir toolshed:operator-tutorial-fix toolshed:R32 toolshed:lambdabundesverband-patch-1 toolshed:auto-menu toolshed:migrate-021 toolshed:resolutions-march toolshed:add/karrot-joining-resolution toolshed:decap-cms toolshed:010-budget-format toolshed:translation
..
compare: eCommons:docs-ipv6
Branches Tags
eCommons:docs-ipv6 eCommons:main eCommons:fix/780 eCommons:feat/v013 eCommons:val-patch-1-offline eCommons:push-yypzsxomtvss eCommons:feature/bytesGeneration eCommons:doc-local-recipes eCommons:docker-cli-fork eCommons:docs/stack-name-note eCommons:annotated-tags eCommons:update-mir eCommons:operator-tutorial-fix eCommons:R32 eCommons:lambdabundesverband-patch-1 eCommons:auto-menu eCommons:migrate-021 eCommons:resolutions-march eCommons:add/karrot-joining-resolution eCommons:decap-cms eCommons:010-budget-format eCommons:translation toolshed:main toolshed:fix/780 toolshed:feat/v013 toolshed:val-patch-1-offline toolshed:push-yypzsxomtvss toolshed:feature/bytesGeneration toolshed:doc-local-recipes toolshed:docker-cli-fork toolshed:docs/stack-name-note toolshed:annotated-tags toolshed:update-mir toolshed:operator-tutorial-fix toolshed:R32 toolshed:lambdabundesverband-patch-1 toolshed:auto-menu toolshed:migrate-021 toolshed:resolutions-march toolshed:add/karrot-joining-resolution toolshed:decap-cms toolshed:010-budget-format toolshed:translation

1 Commits
main ... docs-ipv6

Author SHA1 Message Date
Danny Groenewegen
22eb68de8f docs: Add instructions for enabling IPv6 on docker_gwbridge for client IP preservation and link to it from the tutorial. 2026-03-06 11:02:14 +01:00
2 changed files with 32 additions and 1 deletions
Expand all files Collapse all files

31
docs/operators/handbook.md
View File

@ -219,6 +219,37 @@ By convention, the main `app` service is wired up to the "global" traefik overla
To deal with this, we make an additional "internal" network for each app which is namespaced to that app. So, if you deploy a Wordpress instance called `my_wordpress_blog` then there will be a network called `my_wordpress_blog_internal` created. This allows all the services in an app to speak to each other but not be reachable on the public internet. To deal with this, we make an additional "internal" network for each app which is namespaced to that app. So, if you deploy a Wordpress instance called `my_wordpress_blog` then there will be a network called `my_wordpress_blog_internal` created. This allows all the services in an app to speak to each other but not be reachable on the public internet.
### IPv6 Client IP Detection in Docker Swarm
With Traefik using host-mode networking, you may notice that preserving the real Client IP works fine for IPv4, but fails for IPv6. Instead of the actual remote IPv6 address, the application receives a local IPv4 address (typically from the `172.18.0.x` range).
When a Docker Swarm is initialized, it automatically creates a default bridge network called `docker_gwbridge` to handle external communications for swarm containers. By default, this network does not have IPv6 enabled.
When an IPv6 connection arrives at a host-published port, Docker must translate this into an IPv4 connection to reach Traefik on the IPv4 only network. This effectively masks the original client's IPv6 address behind the gateway's internal IPv4 address on the `docker_gwbridge` network.
**Enable IPv6 on `docker_gwbridge`**
To preserve the real IPv6 Client IP, the `docker_gwbridge` network must be created with IPv6 enabled **before** initializing Swarm. This allows traffic to be routed correctly without loosing the original client's IPv6 address.
```bash
# 1. Enable IPv6 in the Docker daemon
# Add "ipv6": true to /etc/docker/daemon.json
mkdir -p /etc/docker
if [ -s /etc/docker/daemon.json ]; then
contents="$(jq '.ipv6 = true' /etc/docker/daemon.json)" && echo -E "${contents}" > /etc/docker/daemon.json
else
echo '{
"ipv6": true
}' > /etc/docker/daemon.json
fi
# 2. Restart the Docker service to apply the daemon configuration
systemctl restart docker
# 3. Create the IPv6-enabled docker_gwbridge
docker network create --ipv6 \
--opt com.docker.network.bridge.name=docker_gwbridge \
--opt com.docker.network.bridge.enable_ip_forwarding=true \
--opt com.docker.network.bridge.enable_ip_masquerade=true \
docker_gwbridge
# 4. Initialize the swarm (it will adopt the existing docker_gwbridge)
docker swarm init
```
## Multiple apps on the same domain? ## Multiple apps on the same domain?
At time of writing (Jan 2022), we think there is a limitation in our design which doesn't support multiple apps sharing the same domain (e.g. `example.com/app1/` & `example.com/app2/`). `abra` treats each domain as unique and as the single reference for a single app. At time of writing (Jan 2022), we think there is a limitation in our design which doesn't support multiple apps sharing the same domain (e.g. `example.com/app1/` & `example.com/app2/`). `abra` treats each domain as unique and as the single reference for a single app.

2
docs/operators/tutorial.md
View File

@ -27,7 +27,7 @@ Assuming you've got a running server, it's now time to configure it.
Co-op Cloud has very few system requirements. You only need to worry about the system resource usage of your apps and the overhead of running containers with the docker runtime (often negligible. If you want to know more, see [this FAQ entry](/intro/faq/#isnt-running-everything-in-containers-inefficient)). Co-op Cloud has very few system requirements. You only need to worry about the system resource usage of your apps and the overhead of running containers with the docker runtime (often negligible. If you want to know more, see [this FAQ entry](/intro/faq/#isnt-running-everything-in-containers-inefficient)).
To get started, you'll need to install Docker, add your user to the Docker group & setup swarm mode. Many hosting providers support [cloud-init](https://cloudinit.readthedocs.io/en/latest/index.html), which allows you to automate the steps in this section. If that applies to you, you can use [our cloud-init file](https://git.coopcloud.tech/toolshed/abra/raw/branch/main/scripts/cloud-init/cloud-init.yaml). To get started, you'll need to install Docker, add your user to the Docker group & setup swarm mode. Many hosting providers support [cloud-init](https://cloudinit.readthedocs.io/en/latest/index.html), which allows you to automate the steps in this section. If that applies to you, you can use [our cloud-init file](https://git.coopcloud.tech/toolshed/abra/raw/branch/main/scripts/cloud-init/cloud-init.yaml). If your server has a public IPv6 address, you'll need to enable IPv6 on `docker_gwbridge` as well. See [this handbook entry](/operators/handbook/#enable-ipv6-on-docker_gwbridge) for more information.
Otherwise, here are the step required: Otherwise, here are the step required: