Fixes #193: use strict IPv4 regex in nginx resolver to prevent crash#194
Fixes #193: use strict IPv4 regex in nginx resolver to prevent crash#194thespad merged 1 commit intolinuxserver:3.23from
Conversation
### Problem
The current logic filters IPv6 addresses by counting colons (NF-1 <= 2). However, compressed IPv6 addresses like `fd00::1` contain only two colons, causing them to be incorrectly identified as IPv4. This leads to an invalid `resolver.conf` and Nginx fails to start with:
`[emerg] invalid port in resolver "fd00::1"`
Solution
Replaced the unreliable colon-counting logic with a strict IPv4 regex: ^[0-9]{1,3}(\.[0-9]{1,3}){3}$. This ensures only valid IPv4 addresses are added, maintaining the script's intent to "ignore ipv6 addresses" without crashing Nginx.
Impact
Fixes container startup failure on hosts with IPv6 ULA or compressed addresses in /etc/resolv.conf.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Thanks for opening this pull request! Be sure to follow the pull request template!
|
I am a bot, here are the test results for this PR:
|
d4c00
changed the title
|
I am a bot, here are the test results for this PR:
|
3 participants
Description:
Fixes #193. This PR addresses a critical Nginx startup failure in the /etc/s6-overlay/s6-rc.d/init-nginx/run script.
The previous logic used
awk -F ':' '{print NF-1}'to filter IPv6 addresses from/etc/resolv.conf. However, this method fails to account for compressed IPv6 addresses (e.g., fd00::1), which only contain two colons and thus bypass the filter. This results in an unformatted IPv6 address being written to/config/nginx/resolver.confwithout brackets [], causing the Nginx error:[emerg] invalid port in resolver "fd00::1".The fix implements a declarative regex to strictly validate IPv4 addresses, ensuring only valid IPv4 entries are passed to the resolver configuration.
Benefits of this PR and context:
In dual-stack environments (common in RHEL/Podman setups), both IPv4 and IPv6 nameservers are automatically passed into the container's
/etc/resolv.conf.This PR prevents the container from entering a crash loop by ensuring that compressed IPv6 addresses are correctly ignored rather than being misinterpreted as IPv4. By switching to a declarative regex validation
^[0-9]{1,3}(\.[0-9]{1,3}){3}$, we eliminate the edge cases inherent in the previous colon-counting approach, providing a more robust and predictable initialization process.How Has This Been Tested?
Environment: RHEL 10.1 with dual-stack networking and Podman.
Test Case: Added nameserver
10.0.0.1andfd00::1to the host's/etc/resolv.conf.Source / References: