相信上架App Store的基本都会遇到这样的问题,着实让人很头大的。出现这样的原因是,由于国内大部分IP目前都是使用IPv4,App Store审核时会先访问DNS服务器,获得iOS应用服务器的IPv6地址,再进行访问,如果DNS服务网无法成功解析到IPv6地址,出现在提交App Store审核时被拒的情况。
需要说明的是,这不是客户端的问题,也不是后端程序的事,而是服务器运维方面的工作。现整理如下:
一、阿里云公开的 CentOS 镜像将 IPv6 支持给去掉了,需要加载相关模块。
1、修改 /etc/modprobe.d/disable_ipv6.conf
## 修改 options ipv6 disable 为 0
cp /etc/modprobe.d/disable_ipv6.conf /etc/modprobe.d/disable_ipv6.conf_backup ##先备份原始配置
vi /etc/modprobe.d/disable_ipv6.conf
#修改前
alias net-pf-10 off
options ipv6 disable=1
#修改后
alias net-pf-10 off
options ipv6 disable=0
2、修改/etc/sysconfig/network
##修改 NETWORKING_IPV6 为 yes
cp /etc/sysconfig/network /etc/sysconfig/network_backup
vi /etc/sysconfig/network
修改前
PEERNTP=no
NETWORKING_IPV6=no
GATEWAY=139.255.255.0
修改后
PEERNTP=no
NETWORKING_IPV6=yes
GATEWAY=139.255.255.0
3、修改 /etc/sysconfig/network-scripts/ifcfg-eth0
## 添加 IPV6INIT 为 yes 和 IPV6_AUTOCONF 为 yes
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0_backup
vi /etc/sysconfig/network-scripts/ifcfg-eth0
修改前
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.10.10.1
NETMASK=255.255.254.0
修改后
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.10.10.1
NETMASK=255.255.254.0
IPV6INIT=yes
IPV6_AUTOCONF=yes
4、 修改 /etc/sysctl.conf
## 修改 net.ipv6.conf.all.disable_ipv6 为 0, net.ipv6.conf.default.disable_ipv6 为 0 和 net.ipv6.conf.lo.disable_ipv6 为 0
cp /etc/sysctl.conf /etc/sysctl.conf_backup
vi /etc/sysctl.conf
修改前
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv4.conf.lo.arp_announce=2
修改后
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv4.conf.lo.arp_announce=2
5、创建系统在启动时自动加载 IPv6 模块的脚本
创建脚本文件 ipv6.modules
vi /etc/sysconfig/modules/ipv6.modules
脚本内容
!/bin/sh
if [ ! -c /proc/net/if_inet6 ] ; then
exec /sbin/insmod /lib/modules/uname -r/kernel/net/ipv6/ipv6.ko
fi
6、重启系统,加载 IPv6 模块
查看 IPv6 模块
ifconfig | grep -i inet6 #### 查看ipv6的信息,有看到输出就可以
inet6 addr: fe80::x:x:x:x/64 Scope:Link
inet6 addr: fe80::x:x:x:x/64 Scope:Link
inet6 addr: x:x:x:x::2/64 Scope:Global
inet6 addr: fe80::x:x/128 Scope:Link
inet6 addr: ::1/128 Scope:Host
二、申请IPV6地址
1、在 tunnelbroker.net 上申请一个免费的 IPv6 地址,现注册个账号。
2、选择 Create Regular Tunnel 创建一个到自己公网 IP 的通道。
3、选择HK,不过有时候也满了,选择Freemont,CA,US 也可以。
4、找到 Example Configurations,centos7.x 选择 linux-net-tools,复制命令,去服务器上执行。
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::64.62.134.130
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:66:dab::2/64
route -A inet6 add ::/0 dev sit1
ping 一下服务器的 IPv6 地址,看看是否工作正常(CentOS 上 IPv6 版的 ping 名为 ping6)
PING 2001:470:66:dab::2(2001:470:66:dab::2) 56 data bytes
64 bytes from 2001:470:66:dab::2: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 2001:470:66:dab::2: icmp_seq=2 ttl=64 time=0.042 ms
64 bytes from 2001:470:66:dab::2: icmp_seq=3 ttl=64 time=0.042 ms
64 bytes from 2001:470:66:dab::2: icmp_seq=4 ttl=64 time=0.042 ms
64 bytes from 2001:470:66:dab::2: icmp_seq=5 ttl=64 time=0.043 ms
64 bytes from 2001:470:66:dab::2: icmp_seq=6 ttl=64 time=0.041 ms
注意
使用ifconfig查看下,是否是以下返回
[root@izbp1f9dlc41312rkw2q66z ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.xx.xx.xx netmask 255.255.240.0 broadcast 172.xx.xx.xx
inet6 fe80::216:3eff:fe0e:16b8 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:0e:16:b8 txqueuelen 1000 (Ethernet)
RX packets 916751 bytes 496948639 (473.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 573020 bytes 246191113 (234.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 50551 bytes 3304726 (3.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50551 bytes 3304726 (3.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
sit0: flags=193<UP,RUNNING,NOARP> mtu 1480
inet6 ::127.0.0.1 prefixlen 96 scopeid 0x90<compat,host>
inet6 ::172.xx.xx.xx prefixlen 96 scopeid 0x80<compat,global>
sit txqueuelen 1 (IPv6-in-IPv4)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
sit1: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
inet6 2001:470:66:dab::2 prefixlen 64 scopeid 0x0<global>
inet6 fe80::ac10:8b24 prefixlen 64 scopeid 0x20<link>
sit txqueuelen 1 (IPv6-in-IPv4)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
必须这样的才可以,否则在检测 ipv6 webserver 的时候 返回error
三、添加AAAA记录,把tunnel给的ipv6地址添加上去即可
四、修改nginx配置文件
server {
listen 80; // 监听 IPv4 的 80 端口, HTTP 协议
listen [::]:80; // 监听 IPv6 的 80 端口, HTTP 协议
server_name example.com;
……
}
server {
listen 443; // 监听 IPv4 的 443 端口, HTTPS 协议
listen [::]:443; // 监听 IPv6 的 443 端口, HTTPS 协议
……
}
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。