We have a Discourse installation, carried forward for several years but currently on the latest version (2.4.0beta2) using the latest Docker image, on a public IP address, no proxy or other things in front, LetsEncrypt certs.
Sometimes user registration IP and last IP works perfectly, sometimes it does not. I see no rhyme or reason. For example, here is a user created 7h ago, with nonsense addresses:
And so it goes, on some users it’s cool on some others it isn’t. Any ideas what’s going on here?
One thing that strikes me now that I look at it is that it could be that these users are coming in via IPv6, as I’ve never seen an IPv6 address in these fields. Does Discourse not understand IPv6? Does the Docker proxy not understand/pass through the relevant information? Something else?
IPv6 is very functional, and using the recommended Docker images setup with the web + data templates. There is nothing else in front. What is there we should tweak?
Mind you, out container yml has been around for a few years, although it includes the latest templates and the images themselves are rebuilt frequently. Is this something that might have changed along the way?
Hard to say. I just audited the last ~8 new users who signed up at talk.commonmark.org which is a very default standard install and they all had valid IPv4 addresses for Last IP and Registration IP (sometimes the two differed, as well).
I know if user accounts come in through SSO or other unusual avenues that can affect the IPs reported there. Are all these users you are referring to regular signups through the standard new user signup dialog in Discourse?
Problem doesn’t exist on Discourse official hosting, at least, and that’s IPv6 capable. Nor do I see problems on a vanilla install at a random colocation host. Not sure what else to tell you, other than you didn’t answer my rather important question
I don’t doubt that it works in your hosting, but you don’t use the “standard” Docker setup that most users do, I think? I mean, I’m sure it’s possible for it to work given a proxy setting the right headers etc, the question is just if the default setup is doing that and, if not, if we can make it do so.
I’m pretty sure that you need to add a bit to your app.yml that tells nginx to recognize your ipv6 address and pass through the client address. I haven’t figured out how to do that yet myself, though. The topics about running a reverse proxy have ipv6 examples, which provide hints.
This is on my list of things to figure out, but I have a rather long list. I ended up disabling ipv6, I think because of this problem, but maybe due to some other ignorance of ipv6.
(Jeff you can get an ipv6 block routed, but you have to ask for it and then configure your hosts to use it.)
I think the external reverse proxy is the key - I don’t think this is solvable at all, or at least not easily, from just within the Docker container.
I’ve solved it now by having the Discourse Docker listen on a Unix socket and front it with a Caddy on the same machine (outside Docker). The Caddy setup is trivial, includes Let’s Encrypt, and now it works as expected for IPv6 as well.