tubesync icon indicating copy to clipboard operation
tubesync copied to clipboard
verified publisher icon meeb

Docker container fails when IPv6 is disabled at kernel level

Open R-Sommer opened this issue 2 years ago • 9 comments

Describe the bug

TubeSync started as docker container fails to bind local port when IPv6 is disabled on the host machine. docker logs report 2023/08/20 19:32:52 [emerg] 325#325: socket() [::]:4848 failed (97: Address family not supported by protocol) every second.

To Reproduce

  1. Add GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1" to /etc/default/grub (or any file in *.d)
  2. run update-grub
  3. run docker container
  4. run docker logs tubesync

Your Environment

  • Debian 11
  • Docker version 24.0.5, build ced0996
  • Docker image: ghcr.io/meeb/tubesync:latest (created 7 days ago)

R-Sommer avatar Aug 20 '23 17:08 R-Sommer

I'll look at potentially making this override-able with an env var, however this isn't going to be very high up my task list. I'm happy to accept a PR to fix it, alternatively you can drop into the container shell, edit the /etc/nginx/nginx.conf file and comment out the listen [::]:4848; line.

meeb avatar Aug 21 '23 04:08 meeb

Oh, thanks for your quick response. The work around with modifying nginx.conf is ok, however, needs additional work for docker compose. Unfortunately, I don't know what to do to realize a PR and I've very low knowledge about nginx.

For me it's no longer import as I've realized this morning that TubeSync is not what I'm looking for. But thanks anyway.

R-Sommer avatar Aug 21 '23 12:08 R-Sommer

Can you try to bind the ports like ... -p 127.0.0.1:4848:4848 on your compose file or your docker command.

My way to disable v6 >

/etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

apply the changes: sysctl -p

iamsilvio avatar Sep 05 '23 15:09 iamsilvio

@iamsilvio alas that won't work, the error @R-Sommer is facing is because the internal loopback nginx web server inside the tubesync container listens on :: which throws a hard error (97: Address family not supported by protocol) when you totally disable IPv6 support.

nginx is set up like this to transparently support both IPv4 and IPv6 container deployments, I didn't really consider people would totally disable IPv6 support.

meeb avatar Sep 06 '23 05:09 meeb

I see It's not an host issue, sry

@meeb Is there any reason why nginx is running inside the container, I don't see the need for it. Why is there v6 configured on the nginx inside the container, the docker internal default network is to my knowledge v4, v6 needs to be configured explicitly.

iamsilvio avatar Sep 06 '23 09:09 iamsilvio

It's not a fantastic idea to expose gunicorn directly to the browser, nginx serves all the static media, video downloads and thumbnails directly off disk without having each request processed through blocking Python. Generally it's the least-hassle setup for people unless they do something like kernel level disable IPv6. Without a full web server bundled you'd have the Python application server serving multi-gigabyte file downloads.

meeb avatar Sep 06 '23 09:09 meeb

thank you for the explanation. I understand why you chose it.

From an architecture and deployment perspective, the redis and nginx image should be separate containers in the deployment.

But that is not the point of this issue.

iamsilvio avatar Sep 06 '23 10:09 iamsilvio

The single process per container discussion is a philosophical viewpoint I don't always agree with. I agree with it for general production applications but for a self-contained home installed application it would be totally impractical to expect people to spin up and link 5 containers (web workers, beat worker, process worker, redis, web server) just to get tubesync to work vs running one container with a built in init system. Many tubesync installs are on single click to run GUIs like proprietary NAS systems which don't have the easy ability to run compose stacks outside of the command line, for example.

Ease of use is the argument. I could be pedantically correct, but only a fraction of the current userbase would bother to set up the application.

meeb avatar Sep 06 '23 10:09 meeb

The easiest way to do this is to overwrite the /etc/nginx/nginx.conf with your own custom one by mapping the file from your host. I do this to enable SSL; not that I recommend doing that for most use cases you should be using nginx or traefik reverse proxy for this.

Grab the file from https://github.com/meeb/tubesync/blob/main/config/root/etc/nginx/nginx.conf and edit for your needs.

Here is how I do it in Unraid. image

thecreativeone91 avatar Sep 14 '23 01:09 thecreativeone91

I'll close this for now. Anyone who wants to run tubesync with advanced configuration such as disabling or re-configuring the bundled nginx instance can follow @thecreativeone91 advice and overwrite the config files with docker volumes.

meeb avatar Aug 03 '24 10:08 meeb