Docker swarm, traefik 2.0 and IPv6 issue

Hi !

When I try to use traefik with "docker run" in a single container it works like a charm, but it does not work the same using a stack in swarm mode (docker composer file).

I would like to be able to serve IPv6 as well as IPv4 requests. I need this because I'd like to use IPv6 to be able to use port 80 for let's encrypt HTTP-01 challenge (the port 80 of my IPv4 public address is already taken...).

The thing is when I use docker stack deploy (swarm mode), I can't access http://[::1]:80 (timeout), whereas I have a clear 404 error when I try

Do you know where could be the problem ? Is it related to the "overlay" driver used in swarm mode ?

What is surprising is that the process docker is listenning to port 80 both ipv4 and ipv6...

Thanks a lot for you help :slight_smile:

Hello @quentindavid,

Can you please provide us with your compose file, and the debug logs from when Traefik starts up? (want to see the loaded configuration).

This will help us debug what is going on.

Thanks a lot for your answer.

So from what I've found, it seems when you use docker swarm, the overlay network driver does not work the same way for IPv4 and IPv6.
With IPv4, it automatically NAT every exposed port behind the IP of the machine.
With IPv6, the NAT is not performed.

What is a real pain is that docker is listening to both IPv4 and IPv6 sockets, although it performs only NAT with IPv4.

So what I've done is I configured traefik to listen on ports 81 and 444.

Then I installed systemd services unit files running socat like:

Description=Socat Greeting Service port 443

ExecStart=/usr/bin/socat TCP6-LISTEN:443,fork TCP4:


Then I configured NAT on my router, so that ports 443 and 80 are NATed to 444 and 81.

This way, IPv6 work and IPv4 works as well, which leads Let's Encrypt certificates to work properly !

If you know a cleaner way to do, please tell me :slight_smile: