Description
Describe the bug
On IPv6 enabled systems, IPv6 is expected to be automagically configured via docker-entrypoint.d/10-listen-on-ipv6-by-default.sh which is triggerd by docker-entrypoint.sh [2] if the nginx default configuration is not touched.
However, as the checksums already differ in the image, this step is skipped although the nginx configuration has not been modified by the user.
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: /etc/nginx/conf.d/default.conf differs from the packaged version
nginx@nginx-dual-stack:/$ dpkg-query --show --showformat='${Conffiles}\n' nginx | grep etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf 25c02145e4a2e1d2bc6da5d585cddd32
nginx@nginx-dual-stack:/$ md5sum /etc/nginx/conf.d/default.conf
2167fa14b9297b5c861371c2b9f8a8df /etc/nginx/conf.d/default.conf
nginx@nginx-dual-stack:/$ cat etc/nginx/conf.d/default.conf
server {
listen 8080;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
nginx@nginx-dual-stack:/$
To reproduce
Steps to reproduce the behavior:
- Deploy NGINX Unprivileged Docker image
- View output/logs/configuration
- See error
also can reproduce locally:
➜ docker pull nginxinc/nginx-unprivileged
[...]
➜ docker run -it nginxinc/nginx-unprivileged bash
nginx@606af34307b0:/$ dpkg-query --show --showformat='${Conffiles}\n' nginx | grep etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf 25c02145e4a2e1d2bc6da5d585cddd32
nginx@606af34307b0:/$ md5sum /etc/nginx/conf.d/default.conf
2167fa14b9297b5c861371c2b9f8a8df /etc/nginx/conf.d/default.conf
nginx@606af34307b0:/$
Testing the same with https://github.com/nginxinc/docker-nginx works.
➜ docker pull nginx
[...]
➜ docker run -it nginx bash
root@ca73e3a9b590:/# dpkg-query --show --showformat='${Conffiles}\n' nginx | grep etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf 25c02145e4a2e1d2bc6da5d585cddd32
root@ca73e3a9b590:/# md5sum /etc/nginx/conf.d/default.conf
25c02145e4a2e1d2bc6da5d585cddd32 /etc/nginx/conf.d/default.conf
Expected behavior
If the nginx configuration is not modified, the checksums are expected to match by default in the image which would lead to proper configuration of IPv6.
Your environment
- Version of Docker and method of installation (e.g. Docker Desktop / Docker Server)
-
➜ docker --version Docker version 27.0.3, build 7d4bcd8
-
- Version/tag of the NGINX Unprivileged Docker image (e.g.
nginxinc/nginx-unprivileged:alpine)- happens untagged
- also tested tag
mainline
- Target deployment environment/platform (e.g. OpenShift / Kubernetes / Docker Compose / etc...)
- Kubernetes v1.29 with containerd as CRI (version 1.7.19)
Additional context
Add any other context about the problem here.
[1] https://github.com/nginxinc/docker-nginx-unprivileged/blob/d9407a04766e8e383d85aa6823f87879835d6a7b/entrypoint/10-listen-on-ipv6-by-default.sh
[2] https://github.com/nginxinc/docker-nginx-unprivileged/blob/d9407a04766e8e383d85aa6823f87879835d6a7b/entrypoint/docker-entrypoint.sh