The original post: /r/selfhosted by /u/Rxunique on 2024-12-22 09:58:49.

I’ve been at this IPv6 journey and finally got it all working. With benefit of hindsight, its actually pretty simple.

I’m sure this would be trivial for IT professionals, but for everyone else, there are lots of pit falls along the way due to lack of detailed documentation.

Just sharing my experience here

  1. you need Cloudflare Proxy to patch in IPv4, and remember to set SSL/TLS mode to FULL or FULL(strict) otherwise will run into too many redirect error with traefik
  2. create AAAA record pointing to VM’s IPv6, must be proxied
  3. create firewall rules on your gate way allowing the VM’s IPv6
  4. In ubuntu, you may need to change netplan muanlly to assign IPv6, or let it auto assign one with EUI64 (based on MAC)
  5. In ubuntu, edit /etc/docker/daemon.json to manully assign fixed-cidr-v6 to the same ipv6 /64 subnet
  6. from here on now, its all IPv4, create traefik container (or proxy network) exactly the same way as you would with IPv4

You should be able to google details about each step easily, I tested this with UB22 & 24 ISO install, docker 27, traefik 3.2

Below are where I got caught

No need to set any IPv6 to proxmox

If you run Unifi, best to have a syslog server to troubleshoot firewall.

Don’t bother with docker macvlan network, I wasted most of time there. It will make IPv6 routing easier, but not friendly with traefik

Don’t create another bridge network in docker for IPv6, which is first thing you will see in official docker documentation. I find that need manually ipv6 routing, too much headache

In Summary

If in proxmox the NIC MAC is aa:bb:cc:11:22:33

Your VM should have IPv6 of 2222:aaaa:3333:bbbb:aabb:ccff:fe11:2233

And /etc/docker/daemon.json should be

    {
      "ipv6": true,
      "fixed-cidr-v6": "2222:aaaa:3333:bbbb::/64"
    }

Traefik proxy will run on “proxy” network with ip like 172.18.0.2, and everything from here are IPv4

That’s all there’re to configure, plus some firewalls

I’m pretty sure there are many other ways to do this, and if docker doc did not put create ipv6 network as the first solution, it would all be much simpler