一、搭建步驟:
1、註冊Tunnel broker
2、創建通道“Create Regular Tunnel”
3、創建ipv6隧道及路由
4、雲主機啓用ipv6
5、配置ipv6
6、AAAA解析(※)
7、ping測試及ipv6的DNS
8、nginx代理(※)
二、過程:
1、註冊Tunnel broker:
https://www.tunnelbroker.net/register.php
2、創建通道“Create Regular Tunnel”:
①、填寫雲服務器ip:
②、選擇Tunnel Servers:ping下對應server的ip,選擇延時較小的節點
③、點擊Create Tunnel創建:
3、創建ipv6隧道及路由:
4、雲主機啓用ipv6:
cp -a /etc/modprobe.d/disable_ipv6.conf /etc/modprobe.d/disable_ipv6.conf_bak vi /etc/modprobe.d/disable_ipv6.conf alias net-pf-10 off #alias ipv6 off options ipv6 disable=0 cp -a /etc/sysconfig/network /etc/sysconfig/network_bak vi /etc/sysconfig/network NETWORKING_IPV6=yes vi /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 #重啓 reboot #ipv6模塊 lsmod | grep ipv6 ifconfig|grep -i inet6 |
5、配置ipv6:
複製第三步的內容,即可。
#!/bin/bash modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 206.218.221.6 local 公網ip ttl 255 ip link set he-ipv6 up ip addr add 2001:412:11:932d::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr |
6、AAAA解析(※):
解析域名,如原來有cname的,AAAA的解析線路,需要選擇:世界
AAAA解析,做了三個,app(必做)、images(審覈圖片打不開)和接口的(審覈沒數據)
http://ipv6-test.com/validate.php,檢測
7、ping測試及ipv6的DNS:
echo 'nameserver 2001:4860:4860::8888' >> /etc/resolv.conf echo 'nameserver 2001:4860:4860::8844' >> /etc/resolv.conf |
[root@ ~]# ping6 ipv6.google.com PING ipv6.google.com(sc-in-x71.1e100.net) 56 data bytes 64 bytes from sc-in-x71.1e100.net: icmp_seq=1 ttl=50 time=74.8 ms 64 bytes from sc-in-x71.1e100.net: icmp_seq=2 ttl=50 time=74.7 ms 64 bytes from sc-in-x71.1e100.net: icmp_seq=3 ttl=50 time=77.1 ms |
8、nginx代理(※):
nginx編譯,主要是https和--with-ipv6
替換紅色的,即可。
server { listen [::]:80; listen [::]:443 ssl; server_name app.perofu.com; #ssl on; ssl_certificate /datas/ssl-config/cert/perofu.pem; ssl_certificate_key /datas/ssl-config/cert/ perofu.key; ssl_prefer_server_ciphers on; # self define ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL1:20m; ssl_session_timeout 10m;
location / { proxy_pass $scheme://8.8.8.8; proxy_redirect off; proxy_set_header HOST "app. perofu.com"; proxy_set_header X-Real-IP $remote_Addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } |
9、測試ipv6:
curl -6 -k https://app.perofu.com/ |