服务器支持IPv6
这也太离谱啦,降低支配之后还要1600.于是果断的重新开启了一台新的服务器。为了更方便的迁移数据可以直接使用现有的系统盘创建一个自定义镜像,新服务器直接使用创建的镜像启动就ok了,无需做任何的数据迁移。配置完成之后呢,发现实例支持ipv6了,于是顺便开启了一下ipv6。在he.net设置解析之后等了半天没生效,后来发现用的服务器还在阿里云。
问题是竟然没报错,这就很神奇啊。在阿里云重新添加解析之后就ok了。等了十几分钟生效之后发现AAAA记录有了,但是访问端口80不通。初步怀疑是组策略问题,组策略添加之后依然不通。通过 iptables可以看到端口是开放的。
root@hack:/home/wwwroot/h4ck# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
DROP tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT icmp -- anywhere anywhere icmp echo-request
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:3001
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere但是iptables对应还有v6的半天,组策略添加之后并没有自动添加相关的端口规则:
root@hack:/home/wwwroot/h4ck# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination通过下面的命令添加策略:
ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 3306 -j ACCEPT再次查看就ok了:
root@hack:/home/wwwroot/h4ck# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp anywhere anywhere tcp dpt:http
ACCEPT tcp anywhere anywhere tcp dpt:https
ACCEPT tcp anywhere anywhere tcp dpt:mysql
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination不过此时访问依然不通,这就神奇了,后来想起来可能是nginx监听的问题,修改nginx配置文件,去掉v6前的注释:
重启nginx,现在就ok啦。
v6地址的80端口已经在坚挺了。家里的联通是支持ipv6的可以看下解析:
直接访问也是ok的。
探测效果:
https://www.boce.com/ipv6/h4ck.org.cn
he.net的认证也升级啦:
IPv6 Certification Badge for obaby
本文参与?腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2023年2月20日,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读