1.Nginx配置IPv6
1.1 查看Nginx是否支持IPv6,显然不支持
root@study ~# > /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.11.13
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC)
built with OpenSSL 1.0.2l 25 May 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-openssl=../openssl --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-pcre=/root/src/pcre-8.38 --with-pcre-jit --with-ld-opt=-ljemalloc
1.2 重新编译Nginx
进入nginx源码包,将要编译的参数重新添加到后边即可,需要注意的是原先编译过的参数也要加进来。
root@study /usr/local# > cd nginx-1.11.13
#添加 --with-ipv6 参数
root@study /usr/local/nginx-1.11.13# > ./configure --prefix=/usr/local/nginx --user=www --group=www --with-openssl=../openssl --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-pcre=/root/src/pcre-8.38 --with-pcre-jit --with-ld-opt=-ljemalloc --with-ipv6
执行make命令,千万别执行 make install 命令,否则就把原来的nginx给覆盖了;make完之后在objs目录下就多了个nginx,这个就是新版本的程序了
root@study /usr/local/nginx-1.11.13# > ll objs/
total 9468
-rw-r--r-- 1 root root 16995 Dec 15 01:16 autoconf.err
-rw-r--r-- 1 root root 44409 Dec 15 01:16 Makefile
-rwxr-xr-x 1 root root 9477141 Dec 15 01:20 nginx
-rw-r--r-- 1 root root 5341 Dec 15 01:20 nginx.8
-rw-r--r-- 1 root root 7099 Dec 15 01:16 ngx_auto_config.h
-rw-r--r-- 1 root root 657 Dec 15 01:16 ngx_auto_headers.h
-rw-r--r-- 1 root root 6337 Dec 15 01:16 ngx_modules.c
-rw-r--r-- 1 root root 94256 Dec 15 01:20 ngx_modules.o
drwxr-xr-x 9 root root 4096 Feb 6 2018 src
备份原来路径下的 nginx 执行文件,将objs目录下的nginx替换之前已经安装过的nginx。
cp /usr/local/nginx/sbin/nginx{,.bak}
cp -rfp objs/nginx /usr/local/nginx/sbin/nginx
测试新的nginx程序是否正确
root@study /usr/local/nginx/sbin# > /usr/local/nginx/sbin/nginx -t
重启nginx,查看配置信息,It‘s ok!
root@study /usr/local/nginx/sbin# > supervisorctl restart nginx
nginx: stopped
nginx: started
root@study /usr/local/nginx/sbin# > nginx -V
nginx version: nginx/1.11.13
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-23) (GCC)
built with OpenSSL 1.0.2l 25 May 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=www --group=www --with-openssl=../openssl --with-http_stub_status_module --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-http_flv_module --with-pcre=/root/src/pcre-8.38 --with-pcre-jit --with-ld-opt=-ljemalloc --with-ipv6
1.3 Nginx配置IPv6地址监听
只监听IPV6:
listen [::]:80 default ipv6only=on;
监听指定的IPv6地址:
listen [2607:f0d0:1002:51::4]:80;
IPv6监听SSL(443)端口:
listen [::]:443 ssl; #后面的ssl可省掉。
同时监听IPv4和IPv6地址:
listen [::]:80;
最终配置如下,测试的话一切从简,搞个新目录放一个html页面就行了,不要去监听IPv6 443什么的,除非你有泛域名证书,不然都是泪。
#listen 80 default;
#server_name _;
#return 403;
listen [::]:80;
server_name ipv6.chegva.com;
access_log /chegva/wwwlogs/access_nginx.log combined;
root /chegva/wwwroot/default;
--- 找虐,配置443,可以一试 ---
#listen 80;
listen [::]:80;
#listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
配置完后重启nginx,完成1/4了。
2.阿里云服务器支持IPv6
2.1 首先注释掉这两行:
vim /etc/modprobe.d/disable_ipv6.conf
#alias net-pf-10 off
#options ipv6 disable=1
2.2 将其中的 NETWORKING_IPV6=no 改为 NETWORKING_IPV6=yes
vim /etc/sysconfig/network
NETWORKING_IPV6=yes
2.3 在/etc/sysctl.conf中添加IPv6配置
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
2.4 在/etc/resolv.conf中添加IPv6 dns服务器
; generated by /sbin/dhclient-script
options timeout:1 attempts:1 rotate
nameserver 2001:da8:8000:1:202:120:2:101
nameserver 2001:da8:202:10::36
重启系统,让更改生效。启动后运行 ifconfig 命令,可以看到IPv6的地址,这都是一路踩坑。。。
3.IPV6隧道配置
3.1 注册账号:https://tunnelbroker.net/
3.2 创建隧道规则,公网IP
这里有个坑,需要ECS防火墙把访问IP权限放开,并允许ICMP,不然遂道会创建不成功。服务器上防火墙也要把指定IP权限放开。
3.3 生成ipv6-tunnel
这里的Client IPv6 Address 是我们要用的IPv6 地址,之后解析域名(AAAA解析)的时候用的就是它(域名里不用写“/64”)
在服务器执行以上生成的命令,查看结果。
root@study ~# > lsmod | grep ipv6
ipv6 336282 9 sit
root@study ~# > ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 fe80::216:xxx:xxx:50d1/64 scope link
valid_lft forever preferred_lft forever
7: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
inet6 2xx1:4x0:35:xxx::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ac11:b2d1/128 scope link
valid_lft forever preferred_lft forever
# 查看IPv6路由
root@study ~# > route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
......
1024 0 0 he-ipv6
测试IPv6隧道是否打通,木有问题。因为坑都踩过了。
root@study ~# > ping6 ipv6.google.com
PING ipv6.google.com(hkg12s01-in-x0e.1e100.net) 56 data bytes
64 bytes from hkg12s01-in-x0e.1e100.net: icmp_seq=1 ttl=57 time=391 ms
64 bytes from hkg12s01-in-x0e.1e100.net: icmp_seq=2 ttl=57 time=391 ms
64 bytes from hkg12s01-in-x0e.1e100.net: icmp_seq=3 ttl=57 time=391 ms
4.1 在阿里云控制台修改注册的域名。
4.2 打开网站测试:http://ipv6-test.com/validate.php
4.3 打开http://www.ipv6proxy.net/,测试一波
4.4 使用curl测试
[root@localhost ~]# curl -v --ipv6 --show-error http://ipv6.chegva.com
* About to connect() to ipv6.chegva.com port 80 (#0)
* Trying 2xx1:zzz:35:xx75::2... connected
* Connected to ipv6.chegva.com (2xx1:zzz:35:xx75::2) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: ipv6.chegva.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Fri, 14 Dec 2018 21:11:59 GMT
< Content-Type: text/html
< Content-Length: 103
< Last-Modified: Fri, 14 Dec 2018 21:05:27 GMT
< Connection: keep-alive
< ETag: "5c141b17-67"
< Accept-Ranges: bytes
<
<html>
<body>
Website: ipv6.chegva.com
Congratulations, Ipv6测试成功! by anzhihe
</body>
</html>
* Connection #0 to host ipv6.chegva.com left intact
* Closing connection #0
搞完了,IPv6有时间可以学学,有点意思的。
参考:
