Hey there, let's work through this IPv6 issue with your Docker setup on CentOS 7. I’ve dealt with similar headaches before, so here’s a step-by-step solution tailored exactly to your environment (Docker 17.12, Compose 1.9.0):

CentOS 7 often ships with IPv6 disabled by default, so we need to flip that switch first:

• Edit /etc/sysctl.conf and add/update these lines:

  net.ipv6.conf.all.disable_ipv6 = 0
  net.ipv6.conf.default.disable_ipv6 = 0
  net.ipv6.conf.lo.disable_ipv6 = 0
  net.ipv6.conf.all.forwarding = 1
  

• Apply the changes immediately: sysctl -p
• Verify your host has an IPv6 address: run ip -6 addr—you should see at least one non-link-local address (either statically configured or assigned by your router).

Docker 17.12 doesn’t enable IPv6 out of the box, so we need to tweak its config:

• Create or edit /etc/docker/daemon.json with this content:

  {
    "ipv6": true,
    "fixed-cidr-v6": "fd00:dead:beef::/48",
    "experimental": false
  }
  

  Note: fd00:dead:beef::/48 is a private IPv6 range (per RFC 4193). If you need public IPv6 access, replace this with your assigned public IPv6 prefix.
• Restart Docker to apply changes: systemctl restart docker
• Confirm IPv6 is enabled: run docker info | grep IPv6—you should see IPv6: Enabled in the output.

Since your app container uses network_mode: service:postgres, it shares the postgres container’s network stack. That means we only need to ensure postgres has a valid IPv6 address and network access—your app will inherit it automatically.

Here’s the updated docker-compose.yml (note: Compose 1.9.0 uses version 2 syntax):

version: '2'
services:
  postgres:
    image: postgres:latest # Use your actual postgres image/tag
    ports:
      - "5432:5432"
      - "[::1]:5432:5432" # Bind to IPv6 loopback, or replace [::1] with your host's public IPv6
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.default.disable_ipv6=0
    networks:
      default:
        ipv6_address: fd00:dead:beef::1001 # Assign a fixed IPv6 in your daemon's subnet
  app:
    image: your-app-image:latest # Replace with your app's image
    network_mode: "service:postgres"
    depends_on:
      - postgres
    # No need for separate ports/IPv6 config here—shares postgres's network stack

networks:
  default:
    driver: bridge
    enable_ipv6: true
    ipam:
      config:
        - subnet: fd00:dead:beef::/48
          gateway: fd00:dead:beef::1

Key notes:

• The default network explicitly enables IPv6 with a subnet matching your Docker daemon’s fixed-cidr-v6
• We assign a fixed IPv6 address to postgres so it’s predictable
• The sysctls ensure IPv6 isn’t disabled inside the postgres container

CentOS 7’s firewalld will block IPv6 container traffic by default—let’s fix that:

• Allow traffic from your Docker IPv6 subnet:

  firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="fd00:dead:beef::/48" accept'
  

• Allow external access to postgres’s IPv6 port (adjust the port if you’re using a non-default one):

  firewall-cmd --permanent --add-port=5432/tcp --zone=public
  firewall-cmd --permanent --add-port=5432/tcp --zone=public --ipv6
  

• Restart firewalld to apply rules: systemctl restart firewalld

Let’s verify the setup works:

1. Start your containers: docker-compose up -d
2. Check postgres’s IPv6 address: docker exec -it $(docker-compose ps -q postgres) ip -6 addr—you should see the fixed address we configured
3. Ping the container from your host: ping6 fd00:dead:beef::1001—this should succeed
4. Test external access: From another machine, run nc -zv6 [your-host-ipv6] 5432—it should connect successfully
5. Test outbound IPv6 from your app: docker exec -it $(docker-compose ps -q app) ping6 google.com—this should resolve and ping successfully

• If containers can’t access external IPv6: Check your host’s IPv6 routing with ip -6 route—make sure there’s a default route. Also confirm you restarted Docker after updating daemon.json.
• If external machines can’t reach containers via IPv6: Double-check firewalld’s IPv6 rules, ensure postgres’s ports are bound to an IPv6 address, and confirm your host’s public IPv6 is reachable.
• Keep in mind: Docker 17.12 is an older version, so some IPv6 features might be limited. If you hit persistent issues, consider upgrading to a newer stable Docker release (though the above steps should work for your setup).

内容的提问来源于stack exchange，提问作者derek