onedev/server

#453 Whether onedev supports ipv6？

Closed

Activities

alex opened 2 years ago

No description

Robin Shen commented 2 years ago

OneDev does not have any special requirement on ipv4/ipv6. Please test and report any issues if there is.

alex commented 2 years ago

docker run --name onedev -d --restart always -v $(pwd)/onedev:/opt/onedev -p 6610:6610 -p 6611:6611 1dev/server

docker inspect onedev

       "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "6610/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "6610"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "6610"
                    }
                ],
                "6611/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "6611"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "6611"
                    }
                ]
            },

IPV4

ssh -Tv -p 6611 192.168.1.2
OpenSSH_8.4p1 Ubuntu-5ubuntu1.1, OpenSSL 1.1.1j  16 Feb 2021
debug1: Reading configuration data /home/myname/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.1.2 [192.168.1.2] port 6611.
debug1: Connection established.
debug1: identity file /home/myname/.ssh/id_rsa type -1
debug1: identity file /home/myname/.ssh/id_rsa-cert type -1
debug1: identity file /home/myname/.ssh/id_dsa type -1
debug1: identity file /home/myname/.ssh/id_dsa-cert type -1
debug1: identity file /home/myname/.ssh/id_ecdsa type -1
debug1: identity file /home/myname/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/myname/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/myname/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/myname/.ssh/id_ed25519 type -1
debug1: identity file /home/myname/.ssh/id_ed25519-cert type -1
debug1: identity file /home/myname/.ssh/id_ed25519_sk type -1
debug1: identity file /home/myname/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/myname/.ssh/id_xmss type -1
debug1: identity file /home/myname/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Ubuntu-5ubuntu1.1
debug1: Remote protocol version 2.0, remote software version APACHE-SSHD-2.7.0
debug1: no match: APACHE-SSHD-2.7.0
debug1: Authenticating to 192.168.1.2:6611 as 'myname'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: checking without port identifier
debug1: Host '[192.168.1.2]:6611' is known and matches the RSA host key.
debug1: Found key in /home/myname/.ssh/known_hosts:6
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /home/myname/.ssh/id_rsa 
debug1: Will attempt key: /home/myname/.ssh/id_dsa 
debug1: Will attempt key: /home/myname/.ssh/id_ecdsa 
debug1: Will attempt key: /home/myname/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/myname/.ssh/id_ed25519 
debug1: Will attempt key: /home/myname/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/myname/.ssh/id_xmss 
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/myname/.ssh/id_rsa
debug1: Trying private key: /home/myname/.ssh/id_dsa
debug1: Trying private key: /home/myname/.ssh/id_ecdsa
debug1: Trying private key: /home/myname/.ssh/id_ecdsa_sk
debug1: Trying private key: /home/myname/.ssh/id_ed25519
debug1: Trying private key: /home/myname/.ssh/id_ed25519_sk
debug1: Trying private key: /home/myname/.ssh/id_xmss
debug1: No more authentication methods to try.
myname@192.168.1.2: Permission denied (publickey).

debug1: Connection established. .... debug1: Authenticating to 192.168.1.2:6611 as 'myname'

IPV6

ssh -Tv -p 6611 xxxx:xxxx::xxxx
OpenSSH_8.4p1 Ubuntu-5ubuntu1.1, OpenSSL 1.1.1j  16 Feb 2021
debug1: Reading configuration data /home/myname/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to xxxx:xxxx::xxxx [xxxx:xxxx::xxxx] port 6611.
debug1: Connection established.
debug1: identity file /home/myname/.ssh/id_rsa type -1
debug1: identity file /home/myname/.ssh/id_rsa-cert type -1
debug1: identity file /home/myname/.ssh/id_dsa type -1
debug1: identity file /home/myname/.ssh/id_dsa-cert type -1
debug1: identity file /home/myname/.ssh/id_ecdsa type -1
debug1: identity file /home/myname/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/myname/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/myname/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/myname/.ssh/id_ed25519 type -1
debug1: identity file /home/myname/.ssh/id_ed25519-cert type -1
debug1: identity file /home/myname/.ssh/id_ed25519_sk type -1
debug1: identity file /home/myname/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/myname/.ssh/id_xmss type -1
debug1: identity file /home/myname/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Ubuntu-5ubuntu1.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by xxxx:xxxx::xxxx port 6611

debug1: Connection established. ... kex_exchange_identification: read: Connection reset by peer

https://serverfault.com/questions/827034/apache-web-server-is-listening-on-ipv6-type

alex commented 2 years ago

OneDev.java

			if (Bootstrap.isInDocker()) {
				host = "localhost";  // This line of code needs to be changed to  “0.0.0.0”
			} else try {

Robin Shen commented 2 years ago

Thanks for investigation. 👍

Robin Shen commented 2 years ago

This line of code guesses server url and uses the value "0.0.0.0" is not an appropriate default here.

If localhost does not work for your case, just change the serverUrl property in administration/system setting menu.

Let me know if you encounter any other ipv6 issues.

alex commented 2 years ago

I didn't analyze the code in detail. jetty needs to bind the port to 0.0.0.0 when it starts. The host has set net.ipv4.ip_forward. When the request is accessed from the host node's IPv6 address, it is forwarded to the in-container ipv4 address. If in-container jetty is bound port to Loopback Address, the address is not reachable.

Robin Shen commented 2 years ago

Got time to test ipv6 and everything works fine including ssh clone. What I am doing:

Set up two EC2 instances with ipv6 address assigned
Run OneDev in docker on one instance
Login to another instance, and I can clone the repository using ipv6 address of the other instance without any issues, both via http and ssh protocol

This is expected, as when running as docker container, the port 6610/6611 will bind to all addresses, including ipv6 address. And docker daemon also has no problem forwarding ipv6 traffic to Jetty running inside the container.

Robin Shen changed state to 'Closed' 2 years ago

Previous Value	Current Value
Open	Closed

Robin Shen commented 2 years ago

Closing. Feel free to reopen if you have other concerns.

Type	Question
Priority	Normal
Assignee	Robin Shen

Issue Votes (0)

Watchers (3)

Reference

onedev/server#453