fix: split-horizon DNS zone uses WireGuard IP, not Docker bridge IP
Unit Tests / test (push) Successful in 7m31s
Unit Tests / test (push) Successful in 7m31s
VPN peers can reach Caddy via the host's WireGuard interface (10.0.0.1), not via the Docker bridge IP (172.20.0.2) which is unreachable outside the container network. _bootstrap_dns now calls _get_wg_server_ip() instead of ip_utils.get_service_ips() so the internal zone returns a routable address for service subdomains. Also log config save failures instead of silently swallowing them — the silent PermissionError/OSError was masking write failures and making it impossible to diagnose why installed services disappeared after container restarts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+4
-2
@@ -436,8 +436,10 @@ def _bootstrap_dns():
|
||||
# Never call apply_ip_range here — it would pollute the DDNS parent zone.
|
||||
effective_domain = config_manager.get_effective_domain()
|
||||
if effective_domain and effective_domain != domain:
|
||||
import ip_utils
|
||||
caddy_ip = ip_utils.get_service_ips(ip_range).get('caddy', '172.20.0.2')
|
||||
# Use the WireGuard server IP so VPN peers can reach Caddy via the tunnel.
|
||||
# The Docker bridge IP (172.20.x.x) is only reachable inside the Docker
|
||||
# network; WireGuard peers need the host's WG interface IP (e.g. 10.0.0.1).
|
||||
caddy_ip = network_manager._get_wg_server_ip()
|
||||
# update_split_horizon_zone writes both the zone file and the Corefile
|
||||
# (with the split-horizon block included). No separate apply_all_dns_rules
|
||||
# call needed — that would overwrite the Corefile and drop the split-horizon block.
|
||||
|
||||
Reference in New Issue
Block a user