随着Ipv4地址的枯竭,越来越多的地区开始普及IPv6网络,但是国内目前也只有教育网对IPv6支持较好。国内较大的云服务提供商阿里云、腾讯云、百度云都还不支持IPv6网络,目前了解仅有景安网络支持IPv6访问。文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
如果你的服务器或者站点有IPv6的访问需求,可以通过使用Hurricane Electric(HE)提供的Free IPv6 Tunnel Broker,是你的服务器或者站点支持IPv6访问,本文以阿里云Centos 7为例进行配置HE隧道使服务器支持IPv6访问介绍:文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
一、注册并创建IPv6隧道
1、访问https://www.tunnelbroker.net/,并注册账号 (需要邮箱验证);文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
2、点击Create Regular Tunnel,创建IPv6隧道;文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
3、在IPv4 Endpoint (Your side)处填上阿里云ECS的IPv4 地址(需能ping通);文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
4、在Available Tunnel Servers中选择隧道服务器Hong Kong, HK(如果你面向海外用户,可以选择更接近目标用户的地区或ping服务器地址,选择延时最小的)文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
5、点击Create Tunnel后,通道就创建完成了文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
二、配置ECS支持IPv6
1、通过SSH登陆ECS Centos 7,并编辑/etc/sysctl.conf文件:文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
vi /etc/sysctl.conf文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
将其中三条禁用IPv6的设置做如下更改。文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
net.ipv6.conf.all.disable_ipv6 = 0文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
net.ipv6.conf.default.disable_ipv6 = 0文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
net.ipv6.conf.lo.disable_ipv6 = 0文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
2、运行sysctl -p命令,启用IPv6文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
sysctl -p文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
3、登陆Tunnel Broker,找到上一步创建好的IPv6隧道,进入Example Configurations选项卡,选择Linux-route2的配置方法,复制生成的示例配置。(如果是“专有网络”,需要将HE配置隧道地址命令中的IPv4地址修改为ECS实例的内网地址,如下图所示,如果你阿里云Centos 7使用的是“专用网络”,请将第二行中的121.42.186.135修改为你服务器的内网地址)文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
4、通过SSH登陆ECS Centos 7,执行上面复制的Linux-route2示例配置。文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
modprobe ipv6文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
ip tunnel add he-ipv6 mode sit remote 66.220.7.82 local 121.42.186.134 ttl 255文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
ip link set he-ipv6 up文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
ip addr add 2001:470:1f18:583::2/64 dev he-ipv6文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
ip route add ::/0 dev he-ipv6文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
ip -f inet6 addr文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
5、添加IPv6 DNS解析服务器,在/etc/resolv.conf最后添加nameserver 2001:4860:4860::8888,nameserver 2001:4860:4860::8844谷歌的ipv6 dns服务器文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
# vi /etc/resolv.conf文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
nameserver x.x.x.x文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
nameserver x.x.x.x文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
nameserver 2001:4860:4860::8888文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
nameserver 2001:4860:4860::8844文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
6、通过ifconfig查看服务器Ipv6地址文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
# ifconfig he-ipv6文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
he-ipv6: flags=209<up,pointopoint,running,noarp> mtu 1480</up,pointopoint,running,noarp>文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
inet6 2001:470:1f18:583::2 prefixlen 64 scopeid 0x0文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
inet6 fe80::792a:b982 prefixlen 128 scopeid 0x20文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
sit txqueuelen 0 (IPv6-in-IPv4)文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
RX packets 66 bytes 24184 (23.6 KiB)文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
RX errors 0 dropped 0 overruns 0 frame 0文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
TX packets 63 bytes 15769 (15.3 KiB)文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
三、配置网站支持IPv6
1、配置Nginx站点使其监听 IPv6 端口文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
server {文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
listen 80; // 监听 IPv4 的 80 端口文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
listen [::]:80; // 监听 IPv6 的 80 端口文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
}文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
server {文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
listen 443 ssl http2; // 监听 IPv4 的 443 端口文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
listen [::]:443 ssl http2; // 监听 IPv6 的 443 端口文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
}文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
2、为网站域名添加AAAA解析,值填 HE 里的Client IPv6 Address,,去掉最后的/64 即可。如2001:470:1f18:583::2。文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
查看站点是否支持IPv6访问,测试网址:测试地址:http://ipv6-test.com/validate.php ,如下图所示即表示站点已支持IPv6访问。文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
备注:如是苹果APP上架申请因无法IPv6-only访问被拒,请重点检查APP代码,苹果公司的参考文档并没有要求APP服务需要有IPv6地址,具体请查看:https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html文章源自堕落的鱼-https://www.duoluodeyu.com/2479.html
