Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPv6 configuration fails as checksums differ although configuration is not modified #228

Open
sstrk opened this issue Jul 26, 2024 · 0 comments

Comments

@sstrk
Copy link

sstrk commented Jul 26, 2024

Describe the bug

On IPv6 enabled systems, IPv6 is expected to be automagically configured via docker-entrypoint.d/10-listen-on-ipv6-by-default.sh which is triggerd by docker-entrypoint.sh [2] if the nginx default configuration is not touched.

However, as the checksums already differ in the image, this step is skipped although the nginx configuration has not been modified by the user.

/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh                  
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf          
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx@nginx-dual-stack:/$ dpkg-query --show --showformat='${Conffiles}\n' nginx | grep etc/nginx/conf.d/default.conf
 /etc/nginx/conf.d/default.conf 25c02145e4a2e1d2bc6da5d585cddd32

nginx@nginx-dual-stack:/$ md5sum /etc/nginx/conf.d/default.conf
2167fa14b9297b5c861371c2b9f8a8df  /etc/nginx/conf.d/default.conf


nginx@nginx-dual-stack:/$ cat etc/nginx/conf.d/default.conf
server {
    listen       8080;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
nginx@nginx-dual-stack:/$ 

To reproduce

Steps to reproduce the behavior:

  1. Deploy NGINX Unprivileged Docker image
  2. View output/logs/configuration
  3. See error

also can reproduce locally:

➜ docker pull nginxinc/nginx-unprivileged
[...]

➜ docker run -it nginxinc/nginx-unprivileged bash
nginx@606af34307b0:/$ dpkg-query --show --showformat='${Conffiles}\n' nginx | grep etc/nginx/conf.d/default.conf
 /etc/nginx/conf.d/default.conf 25c02145e4a2e1d2bc6da5d585cddd32
nginx@606af34307b0:/$ md5sum /etc/nginx/conf.d/default.conf
2167fa14b9297b5c861371c2b9f8a8df  /etc/nginx/conf.d/default.conf
nginx@606af34307b0:/$ 

Testing the same with https://github.com/nginxinc/docker-nginx works.

➜ docker pull nginx  
[...]

➜ docker run -it nginx bash                      
root@ca73e3a9b590:/# dpkg-query --show --showformat='${Conffiles}\n' nginx | grep etc/nginx/conf.d/default.conf
 /etc/nginx/conf.d/default.conf 25c02145e4a2e1d2bc6da5d585cddd32
root@ca73e3a9b590:/# md5sum /etc/nginx/conf.d/default.conf
25c02145e4a2e1d2bc6da5d585cddd32  /etc/nginx/conf.d/default.conf

Expected behavior

If the nginx configuration is not modified, the checksums are expected to match by default in the image which would lead to proper configuration of IPv6.

Your environment

  • Version of Docker and method of installation (e.g. Docker Desktop / Docker Server)
    • ➜ docker --version         
      Docker version 27.0.3, build 7d4bcd8
      
  • Version/tag of the NGINX Unprivileged Docker image (e.g. nginxinc/nginx-unprivileged:alpine)
    • happens untagged
    • also tested tag mainline
  • Target deployment environment/platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...)
    • Kubernetes v1.29 with containerd as CRI (version 1.7.19)

Additional context

Add any other context about the problem here.


[1] https://github.com/nginxinc/docker-nginx-unprivileged/blob/d9407a04766e8e383d85aa6823f87879835d6a7b/entrypoint/10-listen-on-ipv6-by-default.sh
[2] https://github.com/nginxinc/docker-nginx-unprivileged/blob/d9407a04766e8e383d85aa6823f87879835d6a7b/entrypoint/docker-entrypoint.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant