From 6be0577638ec384d21776cb30e2d868b6abdcca2 Mon Sep 17 00:00:00 2001 From: "andre.peters" Date: Thu, 1 Feb 2018 21:45:49 +0100 Subject: [PATCH] [Compose] Allow to disable IPv6 --- docker-compose.yml | 30 ++++++++++++++++++++++++++++++ generate_config.sh | 5 +++++ update.sh | 10 ++++++++++ 3 files changed, 45 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 4d4a926c..69624805 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,8 @@ services: volumes: - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro restart: always + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} networks: mailcow-network: ipv4_address: ${IPV4_NETWORK}.254 @@ -30,6 +32,8 @@ services: restart: always dns: - ${IPV4_NETWORK}.254 + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} networks: mailcow-network: aliases: @@ -44,6 +48,8 @@ services: - TZ=${TZ} dns: - ${IPV4_NETWORK}.254 + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} networks: mailcow-network: ipv4_address: ${IPV4_NETWORK}.249 @@ -61,6 +67,8 @@ services: - ./data/conf/clamav/:/etc/clamav/ dns: - ${IPV4_NETWORK}.254 + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} networks: mailcow-network: aliases: @@ -82,6 +90,8 @@ services: - dkim-vol-1:/data/dkim - rspamd-vol-1:/var/lib/rspamd restart: always + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} dns: - ${IPV4_NETWORK}.254 hostname: rspamd @@ -121,6 +131,8 @@ services: - SMTPS_PORT=${SMTPS_PORT:-465} - SMTP_PORT=${SMTP_PORT:-25} restart: always + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} dns: - ${IPV4_NETWORK}.254 networks: @@ -141,6 +153,8 @@ services: volumes: - ./data/conf/sogo/:/etc/sogo/ restart: always + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} dns: - ${IPV4_NETWORK}.254 networks: @@ -180,6 +194,8 @@ services: hard: 40000 dns: - ${IPV4_NETWORK}.254 + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} hostname: ${MAILCOW_HOSTNAME} networks: mailcow-network: @@ -209,6 +225,8 @@ services: restart: always dns: - ${IPV4_NETWORK}.254 + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} hostname: ${MAILCOW_HOSTNAME} networks: mailcow-network: @@ -218,6 +236,8 @@ services: memcached-mailcow: image: memcached:alpine restart: always + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} dns: - ${IPV4_NETWORK}.254 networks: @@ -253,6 +273,8 @@ services: - "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}" - "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}" restart: always + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} dns: - ${IPV4_NETWORK}.254 networks: @@ -266,6 +288,8 @@ services: - mysql-mailcow image: mailcow/acme:1.28 build: ./data/Dockerfiles/acme + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} dns: - ${IPV4_NETWORK}.254 environment: @@ -304,6 +328,8 @@ services: - IPV4_NETWORK=${IPV4_NETWORK} - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n} network_mode: "host" + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} dns: - ${IPV4_NETWORK}.254 volumes: @@ -314,6 +340,8 @@ services: # Debug #command: /watchdog.sh build: ./data/Dockerfiles/watchdog + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} volumes: - vmail-vol-1:/vmail:ro restart: always @@ -335,6 +363,8 @@ services: image: mailcow/dockerapi:1.7 restart: always build: ./data/Dockerfiles/dockerapi + sysctls: + - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} oom_score_adj: -10 environment: - TZ=${TZ} diff --git a/generate_config.sh b/generate_config.sh index 280d66c7..b3a71f2c 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -108,6 +108,11 @@ IPV4_NETWORK=172.22.1 # Internal IPv6 subnet in fc00::/7 IPV6_NETWORK=fd4d:6169:6c63:6f77::/64 +# Disable IPv6 +# mailcow-network will still be created as IPv6 enabled, all containers will be created +# without IPv6 support. +# Use 1 for disabled, 0 for enabled +SYSCTL_IPV6_DISABLED=0 EOF diff --git a/update.sh b/update.sh index 335566bf..788b9e82 100755 --- a/update.sh +++ b/update.sh @@ -46,6 +46,7 @@ CONFIG_ARRAY=( "IPV6_NETWORK" "LOG_LINES" "SNAT_TO_SOURCE" + "SYSCTL_IPV6_DISABLED" ) sed -i '$a\' mailcow.conf @@ -55,6 +56,15 @@ for option in ${CONFIG_ARRAY[@]}; do echo "Adding new option \"${option}\" to mailcow.conf" echo "${option}=" >> mailcow.conf fi + if [[ ${option} == "SYSCTL_IPV6_DISABLED" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo "# Disable IPv6" >> mailcow.conf + echo "# mailcow-network will still be created as IPv6 enabled, all containers will be created" >> mailcow.conf + echo "# without IPv6 support." >> mailcow.conf + echo "# Use 1 for disabled, 0 for enabled" >> mailcow.conf + echo "SYSCTL_IPV6_DISABLED=0" >> mailcow.conf + fi elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then if ! grep -q ${option} mailcow.conf; then echo "Adding new option \"${option}\" to mailcow.conf"