starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-26 09:55:51 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1606] ipv6 not working with NPM in Docker #1204

New issue
Closed
opened 2026-02-26 06:36:12 +03:00 by kerem · 10 comments
kerem commented 2026-02-26 06:36:12 +03:00
Owner
Copy link

Originally created by @swoop124 on GitHub (Nov 20, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1606

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug
til now i only used ipv4 and npm was working fine, even with an Access List. Now i am beginning to switch to ipv6.
When no Acces List is set, NPM works fine with ipv6. But when i activate an Access List, i get a 403 Forbidden. Even when i allow my ipv6 Subnet in the Access List.

Nginx Proxy Manager Version
v2.9.12

To Reproduce
Steps to reproduce the behavior:

  1. add your ipv6 and ipv4 to an access list
  2. add this access list to a Website that is routed throug npm
  3. open the Website, that is routed through npm and has an access list.
  4. see 403 Forbidden

Expected behavior
open the Website even when coming from ipv6, only if in access list allowed

Screenshots
grafik

my Access List
grafik

Operating System
nmp is installed on a debian 10 (buster 10.10) in docker 20.10.8, build 3967b7d with enabled ipv6

Additional context
For testing i installed nmp on a alpine Proxmox LXC, with the same Access List. There it was working like a charme.

I found out, that when i am coming from a ipv6 subnet, then this ipv6 IP is natted to a Docker-Internal ipv4 address. Even within a internal ipv6 network it is natted to a internal ipv6-address.

Originally created by @swoop124 on GitHub (Nov 20, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1606 **Checklist** - Have you pulled and found the error with `jc21/nginx-proxy-manager:latest` docker image? - Yes - Are you sure you're not using someone else's docker image? - Yes - Have you searched for similar issues (both open and closed)? - Yes **Describe the bug** til now i only used ipv4 and npm was working fine, even with an Access List. Now i am beginning to switch to ipv6. When no Acces List is set, NPM works fine with ipv6. But when i activate an Access List, i get a 403 Forbidden. Even when i allow my ipv6 Subnet in the Access List. **Nginx Proxy Manager Version** v2.9.12 **To Reproduce** Steps to reproduce the behavior: 1. add your ipv6 and ipv4 to an access list 2. add this access list to a Website that is routed throug npm 3. open the Website, that is routed through npm and has an access list. 4. see 403 Forbidden **Expected behavior** open the Website even when coming from ipv6, only if in access list allowed **Screenshots** ![grafik](https://user-images.githubusercontent.com/75502165/142739303-aa7cfa64-6d86-4579-8a3b-1cbf0583544c.png) my Access List ![grafik](https://user-images.githubusercontent.com/75502165/142739413-982d8e26-6c98-45e7-8a0b-30df00e4d470.png) **Operating System** nmp is installed on a debian 10 (buster 10.10) in docker 20.10.8, build 3967b7d with enabled ipv6 **Additional context** For testing i installed nmp on a alpine Proxmox LXC, with the same Access List. There it was working like a charme. I found out, that when i am coming from a ipv6 subnet, then this ipv6 IP is natted to a Docker-Internal ipv4 address. Even within a internal ipv6 network it is natted to a internal ipv6-address.
kerem 2026-02-26 06:36:12 +03:00
  • closed this issue
  • added the
    stale
    bug
         labels
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@chaptergy commented on GitHub (Nov 21, 2021):

https://github.com/jc21/nginx-proxy-manager/issues/1105#issuecomment-950384265 might help

<!-- gh-comment-id:974899177 --> @chaptergy commented on GitHub (Nov 21, 2021): https://github.com/jc21/nginx-proxy-manager/issues/1105#issuecomment-950384265 might help
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@swoop124 commented on GitHub (Nov 22, 2021):

hi an thanks for the suggession, but no, it isn't helping.

still same message in log:
[22/Nov/2021:08:24:02 +0000] - - 403 - GET https sub.domain.com "/" [Client 172.18.0.1] [Length 111] [Gzip 1.35] [Sent-to host] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-"
[22/Nov/2021:08:24:02 +0000] - - 403 - GET https sub.domain.com "/favicon.ico" [Client 172.18.0.1] [Length 111] [Gzip 1.35] [Sent-to host] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "https://sub.domain.com/"

I am coming from an ipv6 ip-address.

<!-- gh-comment-id:975259773 --> @swoop124 commented on GitHub (Nov 22, 2021): hi an thanks for the suggession, but no, it isn't helping. still same message in log: [22/Nov/2021:08:24:02 +0000] - - 403 - GET https sub.domain.com "/" [Client 172.18.0.1] [Length 111] [Gzip 1.35] [Sent-to host] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "-" [22/Nov/2021:08:24:02 +0000] - - 403 - GET https sub.domain.com "/favicon.ico" [Client 172.18.0.1] [Length 111] [Gzip 1.35] [Sent-to host] "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" "https://sub.domain.com/" I am coming from an ipv6 ip-address.
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@swoop124 commented on GitHub (Nov 27, 2021):

no one else?

<!-- gh-comment-id:980801589 --> @swoop124 commented on GitHub (Nov 27, 2021): no one else?
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@Saik0Shinigami commented on GitHub (Dec 10, 2021):

From my understanding the Docker gateway is converting IPv6 traffic to IPv4, thus why you see 172.18.0.1 as your client.

I'm in the same boat and have yet to find a functional solution.

(Aside from host mode networking that is.)

<!-- gh-comment-id:990591839 --> @Saik0Shinigami commented on GitHub (Dec 10, 2021): From my understanding the Docker gateway is converting IPv6 traffic to IPv4, thus why you see 172.18.0.1 as your client. I'm in the same boat and have yet to find a functional solution. (Aside from host mode networking that is.)
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@swoop124 commented on GitHub (Dec 10, 2021):

yes you are right. why npm-docker is doing that, i dont know.

my solution is, i use an alpine linux VM/LXC. With that it is working and ipv4 and ipv6 are working.
as soon as i have my setup running, i can report.

regards

<!-- gh-comment-id:990632361 --> @swoop124 commented on GitHub (Dec 10, 2021): yes you are right. why npm-docker is doing that, i dont know. my solution is, i use an alpine linux VM/LXC. With that it is working and ipv4 and ipv6 are working. as soon as i have my setup running, i can report. regards
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@swoop124 commented on GitHub (Dec 21, 2021):

ok.
i've installed a complet new alpine-lxc on my Proxmox Server and deployed npm.
now it is working as expected. even with ipv6.

the only problem was, that i had to configure all my domains an certificates once again, so it would be very goot, if there is a export and import funktionality.

regards

<!-- gh-comment-id:999122041 --> @swoop124 commented on GitHub (Dec 21, 2021): ok. i've installed a complet new alpine-lxc on my Proxmox Server and deployed npm. now it is working as expected. even with ipv6. the only problem was, that i had to configure all my domains an certificates once again, so it would be very goot, if there is a export and import funktionality. regards
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@Intenos commented on GitHub (Dec 27, 2021):

I believe I have also an issue with jc21/nginx-proxy-manager and ipv6.

I have setup a reverse proxy for Nextcloud (besides others). Everything works well, except of the Nextcloud Android App used remotely, not via the local WIFI. I know that this is related to ipv6 as I already had an issue with it about one year ago which I fixed by properly setting up the ipv6 routing in my router (Fritz!Box). Any issue there I can exclude as route case and clearly link it to the Nginx-Proxy-Manager as everything works when disabling NPM and setting up a reverse proxy via the local Nginx of my openmediaVault system.

However, this I did only for testing as I there miss the auto-generated LetsEntscrypt certificate. Therefore I hope that anybody can help with a solution.

<!-- gh-comment-id:1001435181 --> @Intenos commented on GitHub (Dec 27, 2021): I believe I have also an issue with jc21/nginx-proxy-manager and ipv6. I have setup a reverse proxy for Nextcloud (besides others). Everything works well, except of the Nextcloud Android App used remotely, not via the local WIFI. I know that this is related to ipv6 as I already had an issue with it about one year ago which I fixed by properly setting up the ipv6 routing in my router (Fritz!Box). Any issue there I can exclude as route case and clearly link it to the Nginx-Proxy-Manager as everything works when disabling NPM and setting up a reverse proxy via the local Nginx of my openmediaVault system. However, this I did only for testing as I there miss the auto-generated LetsEntscrypt certificate. Therefore I hope that anybody can help with a solution.
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@Intenos commented on GitHub (Dec 27, 2021):

I just found that it works with jlesage/nginx-proxy-manager.

<!-- gh-comment-id:1001440643 --> @Intenos commented on GitHub (Dec 27, 2021): I just found that it works with jlesage/nginx-proxy-manager.
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 1, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:1972305749 --> @github-actions[bot] commented on GitHub (Mar 1, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:36:13 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Apr 14, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2800302050 --> @github-actions[bot] commented on GitHub (Apr 14, 2025): Issue was closed due to inactivity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#1204
No description provided.