一、搭建步骤:
1、注册Tunnel broker
2、创建通道“Create Regular Tunnel”
3、创建ipv6隧道及路由
4、云主机启用ipv6
5、配置ipv6
6、AAAA解析(※)
7、ping测试及ipv6的DNS
8、nginx代理(※)
二、过程:
1、注册Tunnel broker:
https://www.tunnelbroker.net/register.php

2、创建通道“Create Regular Tunnel”:
①、填写云服务器ip:
②、选择Tunnel Servers:ping下对应server的ip,选择延时较小的节点
③、点击Create Tunnel创建:

3、创建ipv6隧道及路由:

4、云主机启用ipv6:
cp -a /etc/modprobe.d/disable_ipv6.conf /etc/modprobe.d/disable_ipv6.conf_bak vi /etc/modprobe.d/disable_ipv6.conf alias net-pf-10 off #alias ipv6 off options ipv6 disable=0 cp -a /etc/sysconfig/network /etc/sysconfig/network_bak vi /etc/sysconfig/network NETWORKING_IPV6=yes vi /etc/sysctl.conf net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 #重启 reboot #ipv6模块 lsmod | grep ipv6 ifconfig|grep -i inet6 |
5、配置ipv6:
复制第三步的内容,即可。
#!/bin/bash modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 206.218.221.6 local 公网ip ttl 255 ip link set he-ipv6 up ip addr add 2001:412:11:932d::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr |
6、AAAA解析(※):
解析域名,如原来有cname的,AAAA的解析线路,需要选择:世界
AAAA解析,做了三个,app(必做)、images(审核图片打不开)和接口的(审核没数据)

http://ipv6-test.com/validate.php,检测

7、ping测试及ipv6的DNS:
echo 'nameserver 2001:4860:4860::8888' >> /etc/resolv.conf echo 'nameserver 2001:4860:4860::8844' >> /etc/resolv.conf |
[root@ ~]# ping6 ipv6.google.com PING ipv6.google.com(sc-in-x71.1e100.net) 56 data bytes 64 bytes from sc-in-x71.1e100.net: icmp_seq=1 ttl=50 time=74.8 ms 64 bytes from sc-in-x71.1e100.net: icmp_seq=2 ttl=50 time=74.7 ms 64 bytes from sc-in-x71.1e100.net: icmp_seq=3 ttl=50 time=77.1 ms |
8、nginx代理(※):
nginx编译,主要是https和--with-ipv6
替换红色的,即可。
server { listen [::]:80; listen [::]:443 ssl; server_name app.perofu.com; #ssl on; ssl_certificate /datas/ssl-config/cert/perofu.pem; ssl_certificate_key /datas/ssl-config/cert/ perofu.key; ssl_prefer_server_ciphers on; # self define ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL1:20m; ssl_session_timeout 10m; location / { proxy_pass $scheme://8.8.8.8/; proxy_redirect off; proxy_set_header HOST "app. perofu.com"; proxy_set_header X-Real-IP $remote_Addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } |
9、测试ipv6:
curl -6 -k https://app.perofu.com/ |