Issue with Docker support of IPv6 on Fangtooth

TLDR:

  • I have to enter the IP instead of the hostname in NPM because I get random 502s in Docker Web Apps
  • curl -6 <dockerapp> fails, but curl -4 <dockerapp> works
  • Otherwise IPv6 is enabled and works everywhere else including Docker-Containers except when they go through NPM or when using curl without NPM, because the Networks prefers IPv6
  • I’m on Version: 25.04.1

So my case is:

  • I have an Affine docker container that works generally fine in the browser with <truenashost>:30169
  • When accessing it through Nginx Proxy Manager I noticed a lot of errors

I thought it was my NPM configurations fault, but then I tried the following commands from any device in my network:

  • curl -6 -vk http://<truenashost>:30169:
* Host <truenashost>:30169 was resolved.
* IPv6: 2a02:...:73c2, fd30:...:73c2
* IPv4: (none)
*   Trying [2a02:...:73c2]:30169...
* connect to 2a02:...:73c2 port 30169 from :: port 49423 failed: Connection refused
*   Trying [fd30:...:73c2]:30169...
* connect to fd30:...:73c2 port 30169 from :: port 49429 failed: Connection refused
* Failed to connect to <truenashost>port 30169 after 4099 ms: Could not connect to server
* closing connection #0
curl: (7) Failed to connect to <truenashost>port 30169 after 4099 ms: Could not connect to server
  • curl -4 -vk http://<truenashost>:30169
<normal and expected html response>

So from what I can tell this seems to be a fundamental issue and not an NPM configuration issue, DNS issue or HTTPS issue.
I have a Fritz.Box with Native IPv6 and everything generally works.
I’m on version 25.04.1

This is from the TrueNAS Scale Host if that helps:

sudo docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": ".....",
        "Created": "2025-07-06T21:47:58.688103......",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": true,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "fdd0::/64"
                },
                {
                    "Subnet": "172.16.0.0/24",
                    "Gateway": "172.16.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

Also forcing Nginx Proxy Manager to use IPv4 by entering the IP instead of <truenashost> fixed the issue in the container for now.

Another container of qbittorrent that fails in the same way as for curl -6 generally seems to work with IPv6 as well:

(N) 2025-06-25T10:41:07 - WebAPI login success. IP: 2a02:...:f8ba
(N) 2025-06-25T10:46:45 - WebUI: HTTPS setup successful
(N) 2025-06-25T10:46:49 - WebAPI login success. IP: 2a02:...:f8ba
(N) 2025-06-25T10:49:18 - WebUI: HTTPS setup successful

While OpenWebUi also constantly fails with such errors when accessed over NPM, but also fails for curl -6:

index.ts:60 
 
POST https://llm.apps.<truenashost>/api/v1/auths/admin/config 502 (Bad Gateway)
p	@	index.ts:60
A	@	General.svelte:81
await in A		
te	@	General.svelte:116
index.ts:73 
 SyntaxError: Unexpected token '<', "<html>
<h"... is not valid JSON
(anonymous)	@	index.ts:73
Promise.catch		
p	@	index.ts:72
A	@	General.svelte:81
await in A		
te	@	General.svelte:116

From what I understand containers also bind on IPv4 and IPv6

Can someone point me in the right direction or knows this issue?

Some research suggests something about userland-proxy but I’d rather not edit system files on TrueNAS arbitrarily.