The IPv6 situation on Docker is good now!
Good news, everyone! Doing IPv6 networking stuff on Docker is actually good now!
I’ve recently started reworking my home server setup to be more IPv6 compatible, and as part of that I learned that during the summer of 2024 Docker shipped an update that eliminated a lot of the configuration and tweaking previously necessary to support IPv6.
There is no need to change the daemon configuration any longer, it just works on Docker Engine v27 and later.
Examples
If your host has a working IPv6 setup and you want to listen to port 80 on both IPv4 and IPv6, then you don’t
have to do anything special. However, the container will only have an IPv4 address internally.
You can verify it by listing all the Docker networks via sudo docker network ls and running
sudo docker network inspect network-name-here for the one associated with your container.
For services like nginx that log the source IP address, this is problematic, as every incoming IPv6 request will be
logged with the Docker network gateway IP address, such as 10.88.0.1.
name: nginx
services:
nginx:
container_name: nginx
ports:
- 80:80
image: docker.io/library/nginx
restart: always
If you want the container to have an IPv4 and an IPv6 address within the Docker network, you can create a new network and enable IPv6 in it.
name: nginx
services:
nginx:
container_name: nginx
networks:
- nginx-network
ports:
- 80:80
image: docker.io/library/nginx
restart: always
networks:
nginx-network:
enable_ipv6: true
There are situations where it’s handy to have a static IP address for a container within the Docker network. If you need help coming up with an unique local IPv6 address range, you can use this tool.
name: nginx
services:
nginx:
container_name: nginx
networks:
nginx-network
ipv4_address: 10.69.42.5
ipv6_address: fdec:cc68:5178::abba
ports:
- 80:80
image: docker.io/library/nginx
restart: always
networks:
nginx-network:
enable_ipv6: true
ipam:
driver: default
config:
- subnet: "10.69.42.0/24"
- subnet: "fdec:cc68:5178::/64"
If you choose the host network driver, your container will operate within the same networking space as your container host. If the host handles both IPv4 and IPv6 networking, then your container will happily operate with both. However, due to reduced network isolation, this has some security implications that you must take into account.
name: nginx
services:
nginx:
container_name: nginx
network_mode: host
# ports are not relevant with host network mode
image: docker.io/library/nginx
restart: always
If you want your container to only accept connections on select interfaces, such as a Wireguard connection, then you will need
to specify the IP addresses in the ports section. Here’s one example with both IPv4 and IPv6.
name: nginx
services:
nginx:
container_name: nginx
networks:
- nginx-network
ports:
- 10.69.42.5:80:80
- "[fdec:cc68:5178::beef]:80:80"
image: docker.io/library/nginx
restart: always
networks:
nginx-network:
enable_ipv6: true
What about Podman?
I’ve given up on Podman. Before doing things the IPv6 way, Podman was functional for the most part, requiring a few tweaks to get things working.
I have not managed to get Podman to play fair with IPv6. No matter what I did, I could not get it to listen to certain ports and access my services, the ports would always be filtered out.
Conclusion
I’m genuinely happy to see that the IPv6 support has gotten better with Docker, and I hope that this short introduction helps those out there looking to do things the IPv6 way with containers.
Subscribe to new posts via the RSS feed.
Not sure what RSS is, or how to get started? Check this guide!
You can reach me via e-mail or LinkedIn.
If you liked this post, consider sharing it!