Lolu Lwesihlanu Olumnyama ekuqaleni lwaluhlelelwe ukuthi lungene ezimotweni ze-Sparta ne-HostHatch, kodwa ngemva kokukhokha izikweletu zeminyaka emibili edlule ye-Black Friday, ngathola ukuthi kunezinkukhu eziningi kakhulu ezidla okumpunga, ngaphandle kwabaphathi abambalwa abakhiwe I-Tencent Cloud Hong Kong. Ukuze kusebenze isiteshi ngokuzinzile, enye i-Taiwan engu-20 noma ngaphezulu ngokuyisisekelo ifake iseva elibamba ye-SOCKS5 kuphela, okuwudoti ngempela.
Ngibone lokhu okuthunyelwe: Isethi ye-Gullo 128M ye-CF ipholile kakhulu ukwenza iwebhusayithi, ingabe ikhona i-NAT VPS eshibhile? Intengo ephelele yabasingathi abangu-6 be-NAT ezifundeni ezihlukene ingamadola angu-12 ngonyaka, okulingana namadola angu-2 kuphela ngomshini ngamunye, nakuba umsingathi ngamunye Kunikezwa amachweba angu-20 we-IPv4 kuphela, futhi i-IP cishe izovinjwa, kodwa ishibhile, ngakho-ke qala ukudlala ngokuzimisela, futhi urekhode ezinye izinkinga kuphaneli yokulawula ye-Gullo ngendlela
**1. Vula futhi uthole imininingwane yokungena ye-SSH**
Ukhiye oyinhloko womsingathi ngamunye we-Gullo NAT ikheli layo lenethiwekhi yangaphakathi, futhi ingxenye yenethiwekhi ithi
10.10.10.1 kuya
10.10.255.255, imininingwane yokungena ye-SSH ingatholwa ngaleli kheli le-intranethi, kodwa kunalokho liyahlanganiswa. Ngizorekhoda ukusebenza kwesiteji ngasinye ngemuva kokuthenga umshini ngezansi, ngicela ubhekisele kuwo ngokwakho
âÃÂàLinda ibhuthi
Ingxenye enkulu yemishini ye-GulloâÃÂÃÂs ivulwa ngumphathi (okucasulayo). Ngilinde cishe amahora angu-30 ukuze i-NAT IPv4 128MB Bundle ngoLwesihlanu Olumnyama ibuyekezwe futhi ivulwe. Ngemuva kokuthi ukuqalisa kuphumelele, uzothola i-imeyili efana nalena ebhokisini lakho leposi elibhalisiwe:
Uma usuthole imininingwane yokungena, ungeqela ngqo engxenyeni yakamuva yegeyimu, kodwa uma ungazange uyithole noma uyigeje, ngilandele esinyathelweni esilandelayo ukuze uphenye imininingwane yokungena ye-SSH.
âÃÂá Ngena ngemvume kuphaneli yokulawula ye-VPS
Ikheli: httpssolusvm.gullo.me/
Ngithole igama lomsebenzisi kulwazi lokungena ngemvume lwe-SSH olumbalwa engiluthumele (uma ungakatholi noma yiluphi ulwazi lokungena lomshini we-NAT, thumela ithikithi), futhi iphasiwedi idinga ukutholwa ngu ngokwakho ukuze usethe kabusha:
Buyela ku-imeyili ukuze uthole iphasiwedi entsha ukuze ungene ngemvume:
âÃÂâ Thola ikheli lenethiwekhi yangaphandle le-IPv4 lomshini we-NAT (wemishini ye-NAT engakatholi ulwazi lokungena kwe-SSH)
Ithuluzi elinikezwe i-Gullo: NAT IPv4 Port Calculator
Khetha umshini kuphaneli yokulawula, futhi usebenzise amathuluzi angenhla ukuze ubuze ikheli le-IPv4 lenethiwekhi yangaphandle, izimbobo ezitholakalayo ezingu-20 kanye nembobo yokuxhuma ye-SSH ngekheli lenethiwekhi yangaphakathi:
âÃÂã Setha kabusha iphasiwedi yomshini we-NAT (emshinini we-NAT ongakatholi imininingwane yokungena ye-SSH)
Sebenzisa i-Serial Console ukuze uxhume okwesikhashana emshinini bese ukhetha ubude behora elingu-1:
Thola ukungena ngemvume kwesikhashana kwe-SSH:
Uma ungakwazi ukuxhuma lapha, zama ukufaka kabusha isistimu yomshini we-NAT. Uma namanje kungasebenzi, thumela i-oda lomsebenzi. Nginomshini waseJalimane futhi iphasiwedi ihlale ingalungile Kunezinkinga eziningi ngempela ngemishini eshibhile, kodwa zivamile
Ngemva kokungena ngemvume, yifake
passwd bese usetha kabusha iphasiwedi:
yum -y faka i-passwd # setha kabusha iphasiwedi yomsebenzisi wezimpande passwd impande
Ngemuva kwalokho ungaxhuma kweminye imishini, thatha i-Linux njengesibonelo:
ssh -p $port[i-imeyili ivikelwe]$host
**2. Bamba uphenyo**
Umshini we-NAT awufanele ukuxhunywa ku-Zabbix. I-Nezha probe isetshenziswa lapha. Ukuze uthole okokufundisa ngokwakha, sicela ubheke: Ukufakwa kwetheminali yokuqapha eyakhiwe yiphaneli yokuqapha ye-Nezha ngaphansi kwe-CentOS7
Dala umshini omusha ngemuva kwephaneli, kopisha umyalo wokufaka ngokuchofoza okukodwa bese uwenza ngqo kumsingathi we-NAT:
**3. Setha iseva elibamba ye-SOCKS5**
Isikripthi sokuchofoza okukodwa: I-CentOS7 ifaka i-GOST futhi iqala izinsizakalo zommeleli we-HTTP ne-SOCKS5 ngokuchofoza okukodwa.
Qaphela ukuthi imbobo lapha kufanele ibe ngesinye sezimbobo zakho ezingama-20 ezitholakalayo:
curl -s httpsgitee.com/senjianlu/one-click-scripts/raw/main/CentOS7%20 Chofoza ngokulandelayo ukuze ufake %20GOST%20 bese uqala %20HTTP%20 kanye %20SOCKS5%20 proxy services/install.| bash -s $proxy_port $proxy_username $proxy_password
Shintsha iseva ukuze uhlole ukuthi ummeleli uyasebenza yini:
curl -x amasokisi5igama lomsebenzisi:[i-imeyili ivikelwe]$host:$port httpip-api.com/json/?lang=zh-CN
Nakuba ikheli le-IPv4 okwabelwana ngalo liwukuthi ngeke lisakwazi ukuqhubeka kodwa kulungile ukuthi iziseshi zisetshenziswe.
**4. Yakha iwebhusayithi nge-Cloudflare**
I-Gullo inikeza umsingathi ngamunye we-NAT ikheli le-IPv6 elinembobo egcwele. Kulula kakhulu ukwakha iwebhusayithi, vele uxazulule irekhodi le-AAAA ku-DNS ngokuqondile. Kodwa-ke, uma ucabangela ukuthi abanye abasebenzisi abanawo amakheli e-IPv6, uma ufuna ngempela ukwakha iwebhusayithi, udinga ukusetha i-CDN ye-Cloudflare ye-downlink.
Lapha sithatha ikhasi elizenzakalelayo le-Nginx njengesibonelo. Njengoba i-Nginx inike amandla ukuqapha ukufinyelela kwekheli le-IPv6 ngokuzenzakalelayo enguqulweni ngemva kuka-1.3, ingafakwa ngokuqondile emshinini we-NAT ngaphandle kokucushwa okwengeziwe:
yum -y faka i-epel-release # Faka i-Nginx yum -y faka nginx # Qala isevisi ye-Nginx nginx qala
Thola ikheli le-IPv6 lomshini wakho we-NAT:
Kuxazululwe ku-DNS ye-Cloudflare, thayipha
AAAA, inketho ye-SSL/TLS
I-Flexible Let CF inikeze izitifiketi ze-SSL:
Ngemva kwesikhashana, vakashela ikhasi ukuze uhlole:
Bese usebenzisa umsingathi onekheli le-IPv4 kuphela ukuze ulifinyelele:
I-IPv4 iyasekelwa, ingasaphathwa i-IPv6, ihlole nge-ipv6-test:
Amanye amakamelo ekhompyutha e-Gullo anenkinga yokuvimbela umthombo wethrafikhi ye-Cloudflare (ngemuva kokuzijwayeza, ngithole ukuthi okungenani igumbi lekhompyutha laseNew York livinjiwe), okuzokwenza ukuthi ufinyelele iwebhusayithi usebenzisa i-IPv6 ngaphandle kwe-CF, kodwa iphutha le-522 izovela ngemva kokuyimisa. Bona lokhu: I-Gullos ibamba e-NY ivimba i-cloudflare?
Ungaphinda usebenzise umyalo olandelayo kuseva ukuze uhlole ukuthi ithrafikhi ye-Cloudflare ibuyiselwe ngempumelelo yini emthonjeni:
ikati /var/log/nginx/access.log
Ikheli le-IPv6 elingenhla ngelika-Cloudflare, okusho ukuthi ukubuyela emuva kuphumelele
Qeda.
