Problem
getIP in internal/cli/utils.go detects the server's public IP by querying a single hardcoded endpoint:
req, err := http.NewRequest(http.MethodGet, "https://ifconfig.co", nil)
This is used by mtg access (to print proxy links) and by the SNI-DNS check in mtg doctor / proxy startup. If ifconfig.co is down, rate-limiting, or blocked from the server's network, detection silently returns nil — mtg access then can't render links, and the SNI-DNS check reports "cannot detect public IP address" even though the server is perfectly fine.
public-ipv4 / public-ipv6 in config are the manual escape hatch, but most users never set them, so a single third-party endpoint is effectively a single point of failure for two user-facing features.
Options
- Hardcoded fallback chain — try
ifconfig.co, then e.g. icanhazip.com, ifconfig.me, first success wins. No config surface, no new docs, just resilience. ~15 lines.
- Configurable list — add
network.public-ip-endpoints so operators can point at their own endpoint (useful in restricted networks or for those who don't want to depend on third parties at all). More flexible, but it's new config surface.
I have working code for both (it was bundled into the now-closed #474). I'd rather not ship config surface you didn't ask for, so: do you want (1), (2), or neither? If (1), I'll send a small PR; if (2), I'll send it with the config option + docs.
Problem
getIPininternal/cli/utils.godetects the server's public IP by querying a single hardcoded endpoint:This is used by
mtg access(to print proxy links) and by the SNI-DNS check inmtg doctor/ proxy startup. Ififconfig.cois down, rate-limiting, or blocked from the server's network, detection silently returnsnil—mtg accessthen can't render links, and the SNI-DNS check reports "cannot detect public IP address" even though the server is perfectly fine.public-ipv4/public-ipv6in config are the manual escape hatch, but most users never set them, so a single third-party endpoint is effectively a single point of failure for two user-facing features.Options
ifconfig.co, then e.g.icanhazip.com,ifconfig.me, first success wins. No config surface, no new docs, just resilience. ~15 lines.network.public-ip-endpointsso operators can point at their own endpoint (useful in restricted networks or for those who don't want to depend on third parties at all). More flexible, but it's new config surface.I have working code for both (it was bundled into the now-closed #474). I'd rather not ship config surface you didn't ask for, so: do you want (1), (2), or neither? If (1), I'll send a small PR; if (2), I'll send it with the config option + docs.