Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Whitelisting 0.0.0.0/0 means people who use whitelisting won't have problems when using acme over ipv4, but guarantees that people will have problems when using acme over ipv6 (see nginx rule below). I've added ::0/0 to the whitelist, which seems to solve the problem I've been having today.
Without ::0/0 in this filter, IPv6 acme requests are blocked with error 403.
You can tell this is happening when the nginx logs show the pattern of returning 200 for a challenge requests coming from one of your cluster nodes, followed by a 403 response to a request with the Let's Encrypt user agent from an IPv6 address. On the log entries with a 200 response you will see the container address where the request is forwarded to, but on the 403 log entries you will not.
Which issue this PR fixes: none that I know of
Special notes for your reviewer:
Release note: