Shaarli Docker unable to start in an IPv4-only environment

[immanuelfodor]

Extracted from #1983 (comment)

Actually, this PR breaks running Shaarli on an IPv4-only host. Docker output:

nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)
nginx: [emerg] socket() [::]:80 failed (97: Address family not supported by protocol)

It's a Ubuntu VM with these flags set for the kernel:
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
On the VM, it's containerd running RKE2 configured with IPv4-only pod CIDRs. Within the pods, there is no sign of IPv6 at all:

/var/www/shaarli # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0@if88: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP qlen 1000
    link/ether ca:91:e4:4c:38:f3 brd ff:ff:ff:ff:ff:ff
    inet 10.42.0.82/32 scope global eth0
       valid_lft forever preferred_lft forever

/var/www/shaarli # cat /proc/net/if_inet6
cat: can't open '/proc/net/if_inet6': No such file or directory

I have a temporary workaround with a custom Docker file based on the upstream Shaarli image to delete that line from the nginx config, but it should be configurable like other projects do such as Harbor, n8n, Healthchecks, the base Nginx image, etc.

They either offer a disable ipv6 env for the dockerfile (Harbor), allow setting a custom listen host/port (n8n, Healthchecks), or proactively check ipv6 availability (Nginx base image).

I opened a PR to fix Bento PDF yesterday, but it was easier, they are based on Nginx with an available internal way to execute custom logic at the entrypoint.

[nodiscc]

@immanuelfodor Hi, can you list the minimal steps needed to reproduce the problem?
I lost track.

[immanuelfodor]

@nodiscc Oh, it's as simple as starting Shaarli Docker in a Ubuntu VM with the sysctl values applied in eg. /etc/sysctl.d/99-ipv6.conf:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

Actually, I run Shaarli inside in this Ubuntu VM in an RKE2 Kubernetes cluster with an IPv4-only pod CIDR (no IPv6 dual-stack), but I suppose a plain docker/compose setup will also give the same results as IPv6 is turned off in the VM's kernel this way.

I created a custom Docker image to circumvent the problem, and added this to remove the IPv6 port line from the Nginx config as a temporary workaround:

# Fix IPv6 not available, @see: https://github.com/shaarli/Shaarli/pull/1983#issuecomment-3706524290
RUN set -x \
    && sed -i '/^[[:space:]]*listen[[:space:]]*\[::\]:[0-9]*/s/^/#/' /etc/nginx/nginx.conf

As the permanent solution, I think Shaarli should rely on an optional env var to be able to turn IPv6 off, meaning remove or not add the IPv6 port listener to Nginx. Since there is the s6 init system in place already, a small shell script should do the trick invoked by s6, similar to what I did for Bento PDF in their entrypoint script.

[nodiscc]

Hi, since I don't use the Docker image personally, I will not work on this issue, but would accept a patch (if it does not add too much complexity)