From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH docs v2 1/3] pveproxy: add note about bindv6only sysctl
Date: Tue, 4 May 2021 19:00:30 +0200 [thread overview]
Message-ID: <20210504170032.8721-7-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20210504170032.8721-1-s.ivanov@proxmox.com>
Seems certain hosting environments (e.g. OVH) set net.ipv6.bindv6only
to 1, which caused problems for those users after the 6.4 upgrade.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
pveproxy.adoc | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/pveproxy.adoc b/pveproxy.adoc
index 8d02418..665e575 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -62,6 +62,9 @@ The default policy is `allow`.
Listening IP
------------
+By default the `pveproxy` and `spiceproxy` daemons listen on the wildcard
+address and accept connections from both IPv4 and IPv6 clients.
+
By setting `LISTEN_IP` in `/etc/default/pveproxy` you can control to which IP
address the `pveproxy` and `spiceproxy` daemons bind. The IP-address needs to
be configured on the system.
@@ -102,6 +105,12 @@ long-running worker processes, for example a running console or shell from a
virtual guest. So, please use a maintenance window to bring this change in
effect.
+NOTE: setting the `sysctl` `net.ipv6.bindv6only` to `1` will cause the daemons
+ to only accept connection from IPv6 clients. This non-default setting usually
+ also causes other issues. Either remove the `sysctl` setting, or set the
+ `LISTEN_IP` to `0.0.0.0` (which will only allow IPv4 clients).
+
+
SSL Cipher Suite
----------------
--
2.20.1
next prev parent reply other threads:[~2021-05-04 17:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-04 17:00 [pve-devel] [PATCH common/manager/http-server/docs] v2] improve binding, docs and access-control for pveproxy/spiceproxy Stoiko Ivanov
2021-05-04 17:00 ` [pve-devel] [PATCH common v2 1/2] daemon: drop Domain parameter from create_reusable_socket Stoiko Ivanov
2021-05-04 17:00 ` [pve-devel] [PATCH common v2 2/2] daemon: explicitly bind to wildcard address Stoiko Ivanov
2021-05-04 17:00 ` [pve-devel] [PATCH manager v2 1/1] proxy: fix wildcard address use Stoiko Ivanov
2021-05-04 17:00 ` [pve-devel] [PATCH http-server v2 1/2] access control: correctly match v4-mapped-v6 addresses Stoiko Ivanov
2021-05-04 17:00 ` [pve-devel] [PATCH http-server v2 2/2] access control: also include ipv6 in 'all' Stoiko Ivanov
2021-05-04 17:00 ` Stoiko Ivanov [this message]
2021-05-04 17:00 ` [pve-devel] [PATCH docs v2 2/3] pveproxy: update documentation on 'all' alias Stoiko Ivanov
2021-05-04 17:00 ` [pve-devel] [PATCH docs v2 3/3] network: shortly document disabling ipv6 support Stoiko Ivanov
2021-05-05 5:25 ` [pve-devel] [PATCH common/manager/http-server/docs] v2] improve binding, docs and access-control for pveproxy/spiceproxy Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210504170032.8721-7-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal