feat: IPv6 support for standalone challenge config#1267
Merged
Conversation
Standalone ACME HTTP challenge configs generated by add_standalone_configuration only emitted `listen 80;`, so HTTP-01 validation failed on IPv6-only / dual-stack hosts (nginx-proxy#710). Add a conditional `listen [::]:80;`, gated on a new ENABLE_IPV6 toggle (same variable name as nginx-proxy) so hosts without IPv6 are unaffected. - app/functions.sh: append `listen [::]:80;` when parse_true ENABLE_IPV6. - docs/Container-configuration.md: document ENABLE_IPV6. - test/tests/standalone_ipv6: deterministic test asserting the IPv6 listener is present only when ENABLE_IPV6 is enabled; registered in test/config.sh + CI matrix. Closes nginx-proxy#710 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
buchdag
changed the title
buchdag
changed the title
buchdag
reviewed
Jun 18, 2026
Drop the explanatory comment in add_standalone_configuration and trim the standalone_ipv6 test header, per maintainer feedback on PR nginx-proxy#1267. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds opt-in IPv6 support for the standalone HTTP-01 challenge nginx config generated by add_standalone_configuration, addressing IPv6 validation failures on dual-stack / IPv6-reachable hosts (revives/addresses #710).
Changes:
- Add
ENABLE_IPV6toggle to includelisten [::]:80;in standalone challenge configs. - Document
ENABLE_IPV6in container configuration docs. - Add a deterministic integration test (
standalone_ipv6) and register it in the test suite + CI matrix.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
app/functions.sh |
Conditionally appends an IPv6 listen directive to standalone HTTP-01 challenge server blocks when ENABLE_IPV6 is truthy. |
docs/Container-configuration.md |
Documents the new ENABLE_IPV6 env var and clarifies scope/risks (standalone-only, opt-in). |
test/tests/standalone_ipv6/run.sh |
New test that generates standalone configs under ENABLE_IPV6=true/false/unset and prints them for comparison. |
test/tests/standalone_ipv6/expected-std-out.txt |
Expected output asserting IPv6 listener presence only when enabled. |
test/config.sh |
Registers standalone_ipv6 in the global test list. |
.github/workflows/test.yml |
Adds standalone_ipv6 to the GitHub Actions integration test matrix. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
buchdag
approved these changes
Jun 18, 2026
buchdag
pushed a commit
that referenced
this pull request
Jun 18, 2026
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Add an
ENABLE_IPV6toggle that makes the standalone ACME HTTP-01 challenge configuration also listen over IPv6 (listen [::]:80;), in addition to IPv4.Why
Standalone challenge configs are generated by acme-companion's
add_standalone_configuration(not by docker-gen), and they only emittedlisten 80;. On IPv6-only / dual-stack hosts the HTTP-01 challenge was therefore unreachable over IPv6, so validation failed.This revives #710 (open since 2020), which @buchdag endorsed in-thread.
How
app/functions.sh—add_standalone_configurationappendslisten [::]:80;whenENABLE_IPV6is truthy (gated via the existingparse_truehelper). It is opt-in, so hosts without IPv6 are unaffected (nginx won't try to bind an IPv6 socket) — this addresses @buchdag's concern about enabling it by default.ENABLE_IPV6, so the same value can be set on both containers. (Of the two options discussed in the issue — auto-detecting nginx-proxy's setting vs. our own env var — this implements the env-var option, which is self-contained and deterministic.)docs/Container-configuration.md— documentsENABLE_IPV6.test/tests/standalone_ipv6/— deterministic test asserting the IPv6 listener is present only whenENABLE_IPV6is enabled; registered intest/config.shand the CI matrix.Only the standalone config is affected; challenges served through nginx-proxy already follow nginx-proxy's own IPv6 setting.
Testing
standalone_ipv6test passes: assertslisten [::]:80;is present withENABLE_IPV6=trueand absent whenfalse/unset.shellcheckclean on the modified script and the new test.Closes #710
🤖 Generated with Claude Code