frappe · cogk · Sep 10, 2024 · Sep 24, 2024 · Sep 27, 2024
@@ -176,6 +176,7 @@ usermod -aG frappe www-data
 ```nginx
 echo "server {
     listen 80;
+    listen [::]:80;
     server_name packages.frappe.cloud;
 
     location / {

@@ -9,13 +9,15 @@ upstream frappe-bench-socketio-server {
 
 
 server {
-	listen      80 default_server;
+	listen 80 default_server;
+	listen [::]:80 default_server;
 	server_name "";
 	return      444;
 }
 
 server {
 	listen 443 ssl http2 default_server;
+	listen [::]:443 ssl http2 default_server;
 	server_name "";
 
 	ssl on;
@@ -42,6 +44,7 @@ map $host $site_name_sxjfjnv {
 server {
 
 	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
 
 
 	server_name
@@ -75,6 +78,7 @@ server {
         return 301 https://$host$request_uri;
     } # managed by Certbot
 		listen 80;
+		listen [::]:80;
 		server_name
 			frappe.cloud
 			;
@@ -88,6 +92,7 @@ proxy_cache_path /var/cache/nginx/assets keys_zone=assets_cache:10m loader_thres
 server {
 
 	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
 
 
 	server_name
@@ -431,6 +436,7 @@ server {
 
 
 		listen 80;
+		listen [::]:80;
 		server_name
 			frappecloud.com
 			;

@@ -1615,6 +1615,37 @@ def check_dns_a(name, domain):
 	return result
 
 
+def check_dns_aaaa(name, domain):
+	result = {"type": "AAAA", "matched": False, "answer": ""}
+	try:
+		resolver = Resolver(configure=False)
+		resolver.nameservers = NAMESERVERS
+		answer = resolver.query(domain, "AAAA")
+		domain_ip = answer[0].to_text()
+		site_ip = resolver.query(name, "AAAA")[0].to_text()
+		result["answer"] = answer.rrset.to_text()
+		if domain_ip == site_ip:
+			result["matched"] = True
+		elif site_ip:
+			# We can issue certificates even if the domain points to the secondary proxies
+			server = frappe.db.get_value("Site", name, "server")
+			proxy = frappe.db.get_value("Server", server, "proxy_server")
+			secondary_ips = frappe.get_all(
+				"Proxy Server",
+				{"status": "Active", "primary": proxy, "is_replication_setup": True},
+				pluck="ip6",
+			)
+			if domain_ip in secondary_ips:
+				result["matched"] = True
+	except dns.exception.DNSException as e:
+		result["answer"] = str(e)
+	except Exception as e:
+		result["answer"] = str(e)
+		log_error("DNS Query Exception - AAAA", site=name, domain=domain, exception=e)
+	finally:
+		return result
+
+
 def ensure_dns_aaaa_record_doesnt_exist(domain: str):
 	"""
 	Ensure that the domain doesn't have an AAAA record
@@ -1639,7 +1670,7 @@ def ensure_dns_aaaa_record_doesnt_exist(domain: str):
 
 def check_dns_cname_a(name, domain):
 	check_domain_allows_letsencrypt_certs(domain)
-	ensure_dns_aaaa_record_doesnt_exist(domain)
+	# ensure_dns_aaaa_record_doesnt_exist(domain)
 	cname = check_dns_cname(name, domain)
 	result = {"CNAME": cname}
 	result.update(cname)
@@ -1651,6 +1682,15 @@ def check_dns_cname_a(name, domain):
 	result.update({"A": a})
 	result.update(a)
 
+	# Check that both A and AAAA records match a proxy
+	aaaa = check_dns_aaaa(name, domain)
+	result.update({"AAAA": aaaa})
+	a_found = a["answer"] and "does not contain an answer" not in a["answer"]
+	aaaa_found = aaaa["answer"] and "does not contain an answer" not in aaaa["answer"]
+	if a_found and aaaa_found and a["matched"] != aaaa["matched"]:
+		# There is both records but one does not match.
+		result["matched"] = False
+
 	return result
 
 

@@ -17,6 +17,7 @@ map $upstream_http_docker_distribution_api_version $docker_distribution_api_vers
 
 server {
     listen 443 ssl;
+    listen [::]:443 ssl;
     server_name registry.frappe.cloud;
 
     # SSL

@@ -1,5 +1,6 @@
 server {
 	listen 80;
+	listen [::]:80;
 	server_name {{ domain }};
 
 	location ^~ /.well-known/acme-challenge/ {

@@ -14,6 +14,7 @@
   "is_server_setup",
   "networking_section",
   "ip",
+  "ip6",
   "column_break_10",
   "private_ip",
   "private_mac_address",
@@ -107,6 +108,13 @@
    "reqd": 1,
    "set_only_once": 1
   },
+  {
+   "fetch_from": "virtual_machine.public_ip6_address",
+   "fieldname": "ip6",
+   "fieldtype": "Data",
+   "label": "IPv6",
+   "set_only_once": 1
+  },
   {
    "fieldname": "column_break_10",
    "fieldtype": "Column Break"
@@ -252,7 +260,7 @@
    "link_fieldname": "server"
   }
  ],
- "modified": "2023-12-13 15:09:40.978998",
+ "modified": "2024-10-15 15:28:10.193273",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Analytics Server",

@@ -28,6 +28,7 @@ class AnalyticsServer(BaseServer):
 		google_client_secret: DF.Password | None
 		hostname: DF.Data
 		ip: DF.Data
+		ip6: DF.Data | None
 		is_server_setup: DF.Check
 		monitoring_password: DF.Password | None
 		plausible_mail_login: DF.Data | None

@@ -10,6 +10,7 @@ docker run -it -p 127.0.0.1:8021:8080 \
 ```
 server {
     listen 80;
+    listen [::]:80;
     server_name code.staging.frappe.cloud;
     location / {
         proxy_pass                          http://127.0.0.1:8021;

@@ -28,6 +28,7 @@
   "auto_add_storage_max",
   "networking_section",
   "ip",
+  "ip6",
   "column_break_10",
   "private_ip",
   "private_mac_address",
@@ -104,6 +105,13 @@
    "label": "IP",
    "set_only_once": 1
   },
+  {
+   "fetch_from": "virtual_machine.public_ip6_address",
+   "fieldname": "ip6",
+   "fieldtype": "Data",
+   "label": "IPv6",
+   "set_only_once": 1
+  },
   {
    "fetch_from": "virtual_machine.private_ip_address",
    "fieldname": "private_ip",
@@ -521,7 +529,7 @@
  ],
  "index_web_pages_for_search": 1,
  "links": [],
- "modified": "2024-08-13 11:02:07.399141",
+ "modified": "2024-10-15 15:28:10.193273",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Database Server",

@@ -42,6 +42,7 @@ class DatabaseServer(BaseServer):
 		hostname: DF.Data
 		hostname_abbreviation: DF.Data | None
 		ip: DF.Data | None
+		ip6: DF.Data | None
 		is_performance_schema_enabled: DF.Check
 		is_primary: DF.Check
 		is_replication_setup: DF.Check

@@ -15,6 +15,7 @@
   "is_server_setup",
   "networking_section",
   "ip",
+  "ip6",
   "column_break_9",
   "private_ip",
   "private_mac_address",
@@ -90,6 +91,13 @@
    "label": "IP",
    "set_only_once": 1
   },
+  {
+   "fetch_from": "virtual_machine.public_ip6_address",
+   "fieldname": "ip6",
+   "fieldtype": "Data",
+   "label": "IPv6",
+   "set_only_once": 1
+  },
   {
    "fieldname": "column_break_9",
    "fieldtype": "Column Break"
@@ -198,7 +206,7 @@
    "link_fieldname": "server"
   }
  ],
- "modified": "2023-12-13 15:09:14.473225",
+ "modified": "2024-10-15 15:28:10.193273",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Log Server",

@@ -24,6 +24,7 @@ class LogServer(BaseServer):
 		frappe_user_password: DF.Password | None
 		hostname: DF.Data
 		ip: DF.Data | None
+		ip6: DF.Data | None
 		is_server_setup: DF.Check
 		kibana_password: DF.Password | None
 		monitoring_password: DF.Password | None

@@ -15,6 +15,7 @@
   "is_server_setup",
   "networking_section",
   "ip",
+  "ip6",
   "column_break_9",
   "private_ip",
   "private_mac_address",
@@ -92,6 +93,13 @@
    "label": "IP",
    "set_only_once": 1
   },
+  {
+   "fetch_from": "virtual_machine.public_ip6_address",
+   "fieldname": "ip6",
+   "fieldtype": "Data",
+   "label": "IPv6",
+   "set_only_once": 1
+  },
   {
    "fieldname": "column_break_9",
    "fieldtype": "Column Break"
@@ -212,7 +220,7 @@
    "link_fieldname": "server"
   }
  ],
- "modified": "2024-02-05 20:07:19.024804",
+ "modified": "2024-10-15 15:28:10.193273",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Monitor Server",

@@ -28,6 +28,7 @@ class MonitorServer(BaseServer):
 		grafana_password: DF.Password | None
 		hostname: DF.Data
 		ip: DF.Data | None
+		ip6: DF.Data | None
 		is_server_setup: DF.Check
 		monitoring_password: DF.Password | None
 		private_ip: DF.Data

@@ -20,6 +20,7 @@
   "public",
   "section_break_8",
   "ip",
+  "ip6",
   "enabled_default_routing",
   "column_break_10",
   "private_ip",
@@ -70,6 +71,13 @@
    "label": "IP",
    "set_only_once": 1
   },
+  {
+   "fetch_from": "virtual_machine.public_ip6_address",
+   "fieldname": "ip6",
+   "fieldtype": "Data",
+   "label": "IPv6",
+   "set_only_once": 1
+  },
   {
    "fetch_from": "virtual_machine.private_ip_address",
    "fieldname": "private_ip",
@@ -400,7 +408,7 @@
   }
  ],
  "links": [],
- "modified": "2024-09-10 15:44:10.989216",
+ "modified": "2024-10-15 15:28:10.193273",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Proxy Server",

@@ -41,6 +41,7 @@ class ProxyServer(BaseServer):
 		hostname: DF.Data
 		hostname_abbreviation: DF.Data | None
 		ip: DF.Data | None
+		ip6: DF.Data | None
 		is_primary: DF.Check
 		is_proxysql_setup: DF.Check
 		is_replication_setup: DF.Check

@@ -14,6 +14,7 @@
   "is_server_setup",
   "networking_section",
   "ip",
+  "ip6",
   "column_break_9",
   "private_ip",
   "private_mac_address",
@@ -75,6 +76,13 @@
    "reqd": 1,
    "set_only_once": 1
   },
+  {
+   "fetch_from": "virtual_machine.public_ip6_address",
+   "fieldname": "ip6",
+   "fieldtype": "Data",
+   "label": "IPv6",
+   "set_only_once": 1
+  },
   {
    "fetch_from": "virtual_machine.private_ip_address",
    "fieldname": "private_ip",
@@ -204,7 +212,7 @@
    "link_fieldname": "server"
   }
  ],
- "modified": "2023-12-13 15:09:46.909110",
+ "modified": "2024-10-15 15:28:10.193273",
  "modified_by": "Administrator",
  "module": "Press",
  "name": "Registry Server",

@@ -26,6 +26,7 @@ class RegistryServer(BaseServer):
 		frappe_user_password: DF.Password | None
 		hostname: DF.Data
 		ip: DF.Data
+		ip6: DF.Data | None
 		is_server_setup: DF.Check
 		monitoring_password: DF.Password | None
 		private_ip: DF.Data