原创 Nginx 开启 IPv6
一文看懂 Nginx 中开启 IPv6,包含设置 IPv6 SSL证书。
前置条件
Nginx 开启 IPv6
Nginx 默认配置中已经开启了 IPv6。
即 listen [::]:80 default_server;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
重启后,检查端口监听,发现已经监听在 :::80
上,即监听在 IPv6 的 80端口上。
# netstat -ntlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29391/nginx: master
tcp6 0 0 :::80 :::* LISTEN 29391/nginx: master
1
2
3
2
3
参考文档 浏览器访问 IPv6 地址访问 IPv6 网站,验证是否访问成功。
如果访问失败,请检查 安全组是否开放 IPv6 的 80 端口 入请求的访问策略。
使用 curl 访问速度测试
$ curl http://6.ipw.cn -v
* Trying 2402:4e00:1013:e500:0:9671:f018:4947...
* TCP_NODELAY set
* Connected to 6.ipw.cn (2402:4e00:1013:e500:0:9671:f018:4947) port 80 (#0)
> GET / HTTP/1.1
> Host: 6.ipw.cn
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sun, 19 Jun 2022 13:22:01 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 38
< Connection: keep-alive
< Access-Control-Allow-Origin: *
<
* Connection #0 to host 6.ipw.cn left intact
2408:824c:200::2b8b:336f:cc9c* Closing connection 0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Nginx 开启 IPv6 SSL
IPv4 中监听 HTTP 和 HTTPS 的配置是 listen 80;
、listen 443 ssl;
IPv6 分别是 listen [::]:80;
、listen [::]:443 ssl;
server {
listen [::]:443 ssl http2;
listen [::]:80;
#填写绑定证书的域名
server_name 6.ipw.cn;
#证书文件名称
ssl_certificate ssl/6.ipw.cn_bundle.crt;
#私钥文件名称
ssl_certificate_key ssl/6.ipw.cn.key;
ssl_session_timeout 5m;
#请按照以下协议配置
ssl_protocols TLSv1.2 TLSv1.3;
#请按照以下套件配置,配置加密套件,写法遵循 openssl 标准。
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
重启后,检查端口监听,发现已经监听在 :::443
上,即监听在 IPv6 的 443 端口上。
# netstat -ntlp | grep nginx
tcp6 0 0 :::443 :::* LISTEN 29391/nginx: master
tcp6 0 0 :::80 :::* LISTEN 29391/nginx: master
1
2
3
2
3
测试访问效果。
curl https://6.ipw.cn -v
* Trying 2402:4e00:1013:e500:0:9671:f018:4947...
* TCP_NODELAY set
* Connected to 6.ipw.cn (2402:4e00:1013:e500:0:9671:f018:4947) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=6.ipw.cn
* start date: Jun 19 00:00:00 2022 GMT
* expire date: Jun 19 23:59:59 2023 GMT
* subjectAltName: host "6.ipw.cn" matched cert's "6.ipw.cn"
* issuer: C=CN; O=TrustAsia Technologies, Inc.; CN=TrustAsia RSA DV TLS CA G2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f90a8811c00)
> GET / HTTP/2
> Host: 6.ipw.cn
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 200
< server: nginx
< date: Sun, 19 Jun 2022 13:21:31 GMT
< content-type: text/plain; charset=utf-8
< content-length: 38
< access-control-allow-origin: *
<
* Connection #0 to host 6.ipw.cn left intact
2408:824c:200::2b8b:336f:cc9c* Closing connection 0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
listen ssl 后一个指令是 http2,在开启 ssl 的同时可以把 http2 一并开启了。在上面的测试效果可以看到
HTTP/2
IPv6工具箱 小程序 和 iOS App
小程序
微信扫一扫,唤起小程序
你也可以复制小程序短链接,发送给任意一个微信好友,在聊天对话框中打开该短链接即可唤起小程序。
#小程序://IPv6工具箱/U1R4edQusuF2zpa
1
注:如果你觉得这个小程序还不错,欢迎在微信搜一搜中搜索 IPv6工具箱
并给予评价,你的鼓励是本站前进的动力😘!
苹果 iOS App
如果你正在使用 iPhone 打开本站,可点击 IPv6工具箱新窗口打开 快速进入 App Store 下载 App,当然你也可以使用微信扫描下方二维码。
注:如果你觉得这个 App 还不错,欢迎在 App Store新窗口打开 轻点评分+评论,你的鼓励是本站前进的动力!😘