hardcoded ip's make it unusable for meย #7013
Description
Contribution guidelines
- I've read the contribution guidelines and wholeheartedly agree
Checklist prior issue creation
- I understand that failure to follow below instructions may cause this issue to be closed.
- I understand that vague, incomplete or inaccurate information may cause this issue to be closed.
- I understand that this form is intended solely for reporting software bugs and not for support-related inquiries.
- I understand that all responses are voluntary and community-driven, and do not constitute commercial support.
- I confirm that I have reviewed previous issues to ensure this matter has not already been addressed.
- I confirm that my environment meets all prerequisite requirements as specified in the official documentation.
Description
I keep running into hardcoded ip's on docker and cannot get around it. like issue 5444.
Can you please reconsider and make it variable?
Steps to reproduce:
reproduce by installing on ipvlan and custom docker compose file and have all custom ip's. I'm running this in an environment with many other containers
Making the sogo_trusted_ip.conf file readonly crashed the startup.
Creating a symbolic link and including a customer file from dovecot.conf resports duplicate values and crashes the setup.
There seems no way around then using the hardcoded ip's.
Logs:
doveconf: Fatal: Error in configuration file /etc/dovecot/sogo_trusted_ip.conf line 2: gethostbyname(.248) failed: Name does not resolve
or similar 10.122.5.248 but it always wants to add 248
Which branch are you using?
master (stable)
Which architecture are you using?
x86_64
Operating System:
Ubuntu 24.04.1 LTS
Server/VM specifications:
64GB, 8 cores
Is Apparmor, SELinux or similar active?
no
Virtualization technology:
KVM
Docker version:
29.1.5
docker-compose version or docker compose version:
custom
mailcow version:
latest
Reverse proxy:
haproxy
Logs of git diff:
Logs of iptables -L -vn:
iptables -L -vn
Chain INPUT (policy ACCEPT 19388 packets, 6146K bytes)
pkts bytes target prot opt in out source destination
47813 3540K MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
307K 21M ACCEPT 6 -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 2997 packets, 179K bytes)
pkts bytes target prot opt in out source destination
304 18240 MAILCOW 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* mailcow */
4784 4105K DOCKER-USER 0 -- * * 0.0.0.0/0 0.0.0.0/0
4784 4105K DOCKER-FORWARD 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 183K packets, 22M bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- !docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * docker0 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
1222 3893K ACCEPT 0 -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
4784 4105K DOCKER-CT 0 -- * * 0.0.0.0/0 0.0.0.0/0
3562 212K DOCKER-INTERNAL 0 -- * * 0.0.0.0/0 0.0.0.0/0
3562 212K DOCKER-BRIDGE 0 -- * * 0.0.0.0/0 0.0.0.0/0
593 34171 ACCEPT 0 -- docker0 * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-INTERNAL (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
Chain MAILCOW (2 references)
pkts bytes target prot opt in out source destination
Logs of ip6tables -L -vn:
ip6tables -L -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MAILCOW 0 -- * * ::/0 ::/0 /* mailcow */
0 0 DOCKER-USER 0 -- * * ::/0 ::/0
0 0 DOCKER-FORWARD 0 -- * * ::/0 ::/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (0 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-BRIDGE (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-CT (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-CT 0 -- * * ::/0 ::/0
0 0 DOCKER-INTERNAL 0 -- * * ::/0 ::/0
0 0 DOCKER-BRIDGE 0 -- * * ::/0 ::/0
Chain DOCKER-INTERNAL (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
Chain MAILCOW (1 references)
pkts bytes target prot opt in out source destination
root@steltix:/docker/compose_files#
Logs of iptables -L -vn -t nat:
iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 30954 packets, 156M bytes)
pkts bytes target prot opt in out source destination
3 192 DOCKER 0 -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 6558 packets, 415K bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 8066 packets, 506K bytes)
pkts bytes target prot opt in out source destination
2 128 MASQUERADE 0 -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE 0 -- * !br-22019bfc30a2 172.20.0.0/16 0.0.0.0/0
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
Logs of ip6tables -L -vn -t nat:
ip6tables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * ::/0 ::/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER 0 -- * * ::/0 !::1 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
root@steltix:/docker/compose_files#
DNS check:
docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254
;; communications error to 172.22.1.254#53: timed out
;; communications error to 172.22.1.254#53: timed out