蘋果IPV6審覈環境搭建——阿里雲（IPV6+Tengine）

一、搭建步驟：

         1、註冊Tunnel broker

         2、創建通道“Create Regular Tunnel”

         3、創建ipv6隧道及路由

         4、雲主機啓用ipv6

         5、配置ipv6

         6、AAAA解析（※）

         7、ping測試及ipv6的DNS

         8、nginx代理（※）

二、過程：

1、註冊Tunnel broker：

 

         https://www.tunnelbroker.net/register.php

 

2、創建通道“Create Regular Tunnel”：

         ①、填寫雲服務器ip：

         ②、選擇Tunnel Servers：ping下對應server的ip，選擇延時較小的節點

         ③、點擊Create Tunnel創建：

 

3、創建ipv6隧道及路由：

 

 

4、雲主機啓用ipv6：

 

cp -a /etc/modprobe.d/disable_ipv6.conf /etc/modprobe.d/disable_ipv6.conf_bak

vi /etc/modprobe.d/disable_ipv6.conf

    alias net-pf-10 off

    #alias ipv6 off

    options ipv6 disable=0

cp -a /etc/sysconfig/network /etc/sysconfig/network_bak

vi /etc/sysconfig/network

    NETWORKING_IPV6=yes

vi /etc/sysctl.conf

    net.ipv6.conf.all.disable_ipv6 = 0

    net.ipv6.conf.default.disable_ipv6 = 0

    net.ipv6.conf.lo.disable_ipv6 = 0

#重啓

reboot

#ipv6模塊

lsmod | grep ipv6

ifconfig|grep -i inet6

 

5、配置ipv6：

 

         複製第三步的內容，即可。

#!/bin/bash

modprobe ipv6

ip tunnel add he-ipv6 mode sit remote 206.218.221.6  local 公網ip  ttl 255

ip link set he-ipv6 up

ip addr add 2001:412:11:932d::2/64 dev he-ipv6

ip route add ::/0 dev he-ipv6

ip -f inet6 addr

 

6、AAAA解析（※）：

 

         解析域名，如原來有cname的，AAAA的解析線路，需要選擇：世界

 

         AAAA解析，做了三個，app（必做）、images（審覈圖片打不開）和接口的（審覈沒數據）

http://ipv6-test.com/validate.php，檢測

 

7、ping測試及ipv6的DNS：

 

echo 'nameserver 2001:4860:4860::8888' >> /etc/resolv.conf

echo 'nameserver 2001:4860:4860::8844' >> /etc/resolv.conf

 

[root@  ~]# ping6 ipv6.google.com

PING ipv6.google.com(sc-in-x71.1e100.net) 56 data bytes

64 bytes from sc-in-x71.1e100.net: icmp_seq=1 ttl=50 time=74.8 ms

64 bytes from sc-in-x71.1e100.net: icmp_seq=2 ttl=50 time=74.7 ms

64 bytes from sc-in-x71.1e100.net: icmp_seq=3 ttl=50 time=77.1 ms

 

8、nginx代理（※）:

 

         nginx編譯，主要是https和--with-ipv6

         替換紅色的，即可。

 

    server {

        listen  [::]:80;

        listen  [::]:443 ssl;

        server_name app.perofu.com;

        #ssl on;

        ssl_certificate /datas/ssl-config/cert/perofu.pem;

        ssl_certificate_key /datas/ssl-config/cert/ perofu.key;

        ssl_prefer_server_ciphers   on;

        # self define

        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;

 

        ssl_protocols             SSLv3 TLSv1 TLSv1.1 TLSv1.2;

        ssl_session_cache           shared:SSL1:20m;

        ssl_session_timeout         10m;

 

        location / {

            proxy_pass $scheme://8.8.8.8;

            proxy_redirect off;

            proxy_set_header HOST "app. perofu.com";

            proxy_set_header X-Real-IP $remote_Addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        }

    }

9、測試ipv6：

 

curl -6 -k https://app.perofu.com/