Comments (6)
Thanks for the information @bari86
Do you mean a load balancer IP address? Are you suggesting we add a new option in ss-config
to save that value, for example something like LOAD_BALANCER_IPV4
perhaps?
I'm not sure overwriting the IPv4 detected by the operating system is a good idea, we may need that in the future. It would be better to keep options more specific I think.
This probably also begs the question if SlickStack should support load balancing in general, and yes it would be great although I'm not sure of all the things we would need to consider for that to happen just yet.
Theoretically, another option like LOAD_BALANCER="true"
would probably also need to be added. We are maybe putting the cart before horse discussing IP addresses first, but for a quick fix we could probably do something like above.
from slickstack.
An update on how SlickStack determines public IP addresses:
SYSTEM_NETWORK_INTERFACE_IPV4=$(ip route get 1.1.1.1 | head -n1 | awk '{print $5}')
SYSTEM_NETWORK_INTERFACE_IPV6=$(ip -6 route get 2606:4700:4700::1111 | head -n1 | awk '{print $5}')
And then:
## ipv4 depends on how network interface is setup (ip vs nickname) ##
if [[ "${SYSTEM_NETWORK_INTERFACE_IPV4}" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
SYSTEM_IPV4_ADDRESS="${SYSTEM_NETWORK_INTERFACE_IPV4}"
else
SYSTEM_IPV4_ADDRESS=$(ip addr show "${SYSTEM_NETWORK_INTERFACE_IPV4}" | grep "inet " | awk '{ print $2;exit }' | cut -d/ -f1)
fi
## ipv6 depends on how network interface is setup (ip vs nickname) ##
if [[ "${SYSTEM_NETWORK_INTERFACE_IPV6}" =~ ^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$ ]]; then
SYSTEM_IPV6_ADDRESS="${SYSTEM_NETWORK_INTERFACE_IPV6}"
else
SYSTEM_IPV6_ADDRESS=$(ip addr show "${SYSTEM_NETWORK_INTERFACE_IPV6}" | grep "inet6 " | awk '{ print $2;exit }' | cut -d/ -f1)
fi
Ref: https://github.com/littlebizzy/slickstack/blob/master/bash/ss-functions.txt
The purpose of retrieving these values is really just to help the user be more aware of them during installation and yes, inside the WP Admin SlickStack dashboard.
SlickStack's OpenSSL script does self-sign a certificate for the detected IP address too.
But none of this is really required for SlickStack to function.
Therefore perhaps @bari86 idea to allow for hardcoding the IPs in ss-config
could be acceptable, but it just seems like more cruft you have to worry about fixing in case of server migration, etc.
from slickstack.
Not sure if these tweaks to our code helped resolve the issue please let me know @bari86
Checking common solutions for the past several years, many devs have been usually private websites to check their VPC public address like described here:
https://stackoverflow.com/questions/14594151/methods-to-detect-public-ip-address-in-bash
E.g.
Also a new answer there that includes some dig
methods like:
dig +short txt ch whoami.cloudflare @1.0.0.1
dig +short txt o-o.myaddr.l.google.com @ns1.google.com
dig +short txt o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{print $2}'
Those last 2 return IPv6 addresses.
Anyway most of these solutions were before IPv6 got popular and before Cloudflare's 1.1.1.1 service... I think our current method using ip route
to Cloudflare's direct DNS server is pretty solid.
from slickstack.
These might also be simpler methods I tried, but rely on TLDs:
IPv4: dig whoami.cloudflare ch txt @1.1.1.1 +short | awk -F'"' '{print $2}'
IPv6: dig whoami.cloudflare ch txt @2606:4700:4700::1111 +short | awk -F'"' '{print $2}'
Ref: https://gist.github.com/rkalkani/7428a8769f7cc6710c58680938dc5833
from slickstack.
SYSTEM_DIG_IPV4_ADDRESS=$(dig whoami.cloudflare ch txt @1.1.1.1 +short | awk -F'"' '{print $2}')
SYSTEM_DIG_IPV6_ADDRESS=$(dig whoami.cloudflare ch txt @2606:4700:4700::1111 +short | awk -F'"' '{print $2}')
SYSTEM_NETWORK_INTERFACE_IPV4=$(ip route get 1.1.1.1 | head -n1 | awk '{print $5}')
SYSTEM_NETWORK_INTERFACE_IPV6=$(ip -6 route get 2606:4700:4700::1111 | head -n1 | awk '{print $5}')
SYSTEM_NETWORK_INTERFACE_IPV4_SHOW=$(ip addr show "${SYSTEM_NETWORK_INTERFACE_IPV4}" | grep "inet " | awk '{ print $2;exit }' | cut -d/ -f1)
SYSTEM_NETWORK_INTERFACE_IPV6_SHOW=$(ip addr show "${SYSTEM_NETWORK_INTERFACE_IPV6}" | grep "inet6 " | awk '{ print $2;exit }' | cut -d/ -f1)
Here's an update list of variables we are testing... will probably use the DIG
ones primarily.
from slickstack.
Update:
The new dig
method + Cloudflare DNS works very well. For now we are going to use these only:
SYSTEM_DIG_IPV4_ADDRESS=$(dig whoami.cloudflare ch txt @1.1.1.1 +short | awk -F'"' '{print $2}')
SYSTEM_DIG_IPV6_ADDRESS=$(dig whoami.cloudflare ch txt @2606:4700:4700::1111 +short | awk -F'"' '{print $2}')
This should help support complex environments better @bari86
I don't think hardcoding/overwriting is necessary with this improvement, and probably isn't a good idea anyways, because that detection mechanism should ideally remain dynamic to avoid confusion.
On a side note, our OpenSSL cert generator now supports IPV6 addresses along with IPV4:
https://github.com/littlebizzy/slickstack/blob/master/bash/ss-encrypt-openssl.txt
If any comments or questions feel free to respond below, but for now I'm going to close this out --
from slickstack.
Related Issues (20)
- Consider replacing UFW firewall with basic iptables rules HOT 2
- Auto restart MySQL service if it went down HOT 2
- MySQL and/or Redis crashing sometimes on Ubuntu 20.04 HOT 4
- Consider replacing Nginx with Caddy HOT 7
- Exiting ss-update-config: There is a version mismatch between this script and public mirrors.. HOT 1
- Migration slickstack between VPS to VPS HOT 1
- change php version and Install ioncube loader HOT 4
- Install freeze on Running ss-install-redis-packages... HOT 3
- Website very slow loading inside apps ios HOT 3
- CERT_AUTHORITY_INVALID After install HOT 1
- SUDO_USER and SFTP_USER validation check to avoid conflicts? HOT 2
- Perform custom tasks during certain SlickStack scripts HOT 1
- Invalid user mysql:mysql error when using remote database
- Ensure more privacy for openssl cert generation. HOT 11
- SS_ADMINER_PUBLIC="false" does not work as intended. HOT 9
- Allow tuning of PHP8 JIT settings (opcache.jit options in php.ini) HOT 4
- Cloudflare real visitor IP support in Nginx config HOT 18
- Option to allow only Cloudflare IPs to connect to origin server HOT 2
- OpenVZ PHP-FPM "Unable to set priority for the master process: Permission denied" HOT 8
- Support for custom Permissions Policy HTTP header in Nginx HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slickstack.