IPv6/IPv4 + aliddns 实现黑群晖外网控制和访问

2020-01-15T14:12:00

阿里云域名注册:https://www.aliyun.com/minisite/goods?userCode=jdjc69nf

群晖NAS搭建甜糖星愿服务,利用空闲带宽挂机赚钱:https://blog.vpszj.cn/archives/539.html

前言

一直想弄台黑群NAS,但因为穷!一直没入,一直用的是玩客云,但玩客云满足不了我的需求,但正好搭上蜗牛星际的车!

J1900+4G内存+16G固态+4盘位+千兆网口才380元,性价比是真的高,再买两个二手的2T机械硬盘(一个做备份盘),还有一个自己的500G机械硬盘,目前完全够用。

目前主流内网穿透方案

目前内网穿透有如下几种方案

  • frp、ngrok等转发工具,需要一个有公网ip的服务器,速度也受限于这台服务器!(国外慢,国内贵。。)
  • 群晖自带quickconnect,原理应该和上述类似。速度也受限于群晖官方服务的带宽。
  • 还有zerotier one 这种p2p什么的
  • 然后就是ddns!!!!!

按理说ddns应该是比较好的方案,毕竟现在家里带宽上行都还好,再不济4M总是有的,更别说移动百兆宽带上行能给到30M,但问题就是没有公网ip!!!所以没法做ddns,ddns原理就是有一个域名,解析到isp分配给你的公网ip上,因为isp分配给你的ip会变,所以动态的改变域名的解析记录。电信和联通大部分地区都能通过打电话给客服来申请公网IP(我家的广东电信可以通过修改拨号账号在@后加pub.获取公网IP,例如0757******@pub.163.gd),但移动(运营商)不给公网ip怎么办,一个办法,打客服去gang!(网上有人试过,没卵用)二用ipv6.
下面会分别讲ipv4和ipv6的ddns方法

IPv6

目前国内三大运营商应该都部署了IPv6,路由器默认应该是没有开启ipv6的,这里说一下梅林开启的方法

进入管理页面,如果光猫是路由,联机类型选择 passthough,如果桥接,选择native ppp拨号,详细可以百度。然后梅林的话要把ipv6防火墙关掉,不关的一会就会出现IPv6没有的情况,还不知道什么情况!
IPv6配置好之后注册阿里云域名,域名注册不细说,详细可以百度!然后申请ali的 AccessKeyId 和 Access Key Secret,记录下来,后续要用到,不会配置也可以百度。
然后新建文本文档,重命名为aliddns.sh
用notepad++或者sublime打开刚刚新建的文本,输入下面的脚本(按照注释修改好):

aliddnsipv6_ak="AccessKeyId"#引号里改成刚刚申请的AccessKeyId
aliddnsipv6_sk="Access Key Secret"#引号里改成刚刚申请的Access Key Secret
aliddnsipv6_name1='subDomainName'#引号里改成自定义一个名字,需要符合域名规范
aliddnsipv6_domain='domainName' #引号里改成自己注册的域名
aliddnsipv6_ttl="600"
#举例,你在万网注册了一个域名叫zeruns.tech,那么aliddnsipv6_domain后面就填zeruns.tech,然后再自己想一个名字,比如blog,然后填到aliddnsipv6_name1后面,那么一会你访问群晖的地址就是http://blog.zeruns.tech:5000
if [ "$aliddnsipv6_name1" = "@" ]
then
  aliddnsipv6_name=$aliddnsipv6_domain
else
  aliddnsipv6_name=$aliddnsipv6_name1.$aliddnsipv6_domain
fi

now=`date`

die () {
    echo $1
}

ipv6s=`ip addr show ovs_eth0 | grep "inet6.*global" | awk '{print $2}' | awk -F"/" '{print $1}'` || die "$ipv6"

for ipv6 in $ipv6s
do
  #ipv6 = $ipv6
  break
done

echo $ipv6

current_ipv6=`nslookup -query=AAAA $aliddnsipv6_name 2>&1`
#echo $current_ipv6

current_ipv6=`echo "$current_ipv6" | grep 'Address: ' | tail -n1 | awk '{print $NF}'`
echo $current_ipv6

if [ "$?" -eq "0" ]
then
    current_ipv6=`echo "$current_ipv6" | grep 'Address: ' | tail -n1 | awk '{print $NF}'`
    echo $current_ipv6

    if [ "$ipv6" = "$current_ipv6" ]
    then
        echo "skipping"
    fi 
# fix when A record removed by manual dns is always update error
else
    unset aliddnsipv6_record_id
fi


timestamp=`date -u "+%Y-%m-%dT%H%%3A%M%%3A%SZ"`


urlencode() {
    # urlencode <string>
    out=""
    while read -n1 c
    do
        case $c in
            [a-zA-Z0-9._-]) out="$out$c" ;;
            *) out="$out`printf '%%%02X' "'$c"`" ;;
        esac
    done
    echo -n $out
}

enc() {
    echo -n "$1" | urlencode
}

send_request() {
    local args="AccessKeyId=$aliddnsipv6_ak&Action=$1&Format=json&$2&Version=2015-01-09"
    local hash=$(echo -n "GET&%2F&$(enc "$args")" | openssl dgst -sha1 -hmac "$aliddnsipv6_sk&" -binary | openssl base64)
    curl -s "http://alidns.aliyuncs.com/?$args&Signature=$(enc "$hash")"
}

get_recordid() {
    grep -Eo '"RecordId":"[0-9]+"' | cut -d':' -f2 | tr -d '"'
}

query_recordid() {
    send_request "DescribeSubDomainRecords" "SignatureMethod=HMAC-SHA1&SignatureNonce=$timestamp&SignatureVersion=1.0&SubDomain=$aliddnsipv6_name&Timestamp=$timestamp&Type=AAAA"
}

update_record() {
    send_request "UpdateDomainRecord" "RR=$aliddnsipv6_name1&RecordId=$1&SignatureMethod=HMAC-SHA1&SignatureNonce=$timestamp&SignatureVersion=1.0&TTL=$aliddnsipv6_ttl&Timestamp=$timestamp&Type=AAAA&Value=$(enc $ipv6)"
}

add_record() {
    send_request "AddDomainRecord&DomainName=$aliddnsipv6_domain" "RR=$aliddnsipv6_name1&SignatureMethod=HMAC-SHA1&SignatureNonce=$timestamp&SignatureVersion=1.0&TTL=$aliddnsipv6_ttl&Timestamp=$timestamp&Type=AAAA&Value=$(enc $ipv6)"
}

#add support */%2A and @/%40 record

#https://blog.zeruns.tech

if [ "$aliddnsipv6_record_id" = "" ]
then
    aliddnsipv6_record_id=`query_recordid | get_recordid`
    #echo '-----------------' $aliddnsipv6_record_id
fi
if [ "$aliddnsipv6_record_id" = "" ]
then
    aliddnsipv6_record_id=`add_record | get_recordid`
    echo "added record $aliddnsipv6_record_id"
else
    update_record $aliddnsipv6_record_id
    echo "updated record $aliddnsipv6_record_id"
fi

修改完成后把文件上传到群晖任意目录,然后记下目录地址

然后打开控制面板,新建任务计划

修改成每10分钟执行一次

把刚刚记下的脚本位置填在这里

然后就等每十分钟执行就完了。只要ipv6地址变化了,那么就会自动更新域名解析记录。

最后使用 网址 http://你配置的域名:5000 尝试登录即可

IPv4

方法跟上面一样,脚本改成下面这个:

#!/bin/sh

set -e

if [ $1 ]; then
    ApiId=$1
fi

if [ $2 ]; then
    ApiKey=$2
fi

if [ $3 ]; then
    Domain=$3
fi

if [ -z "$ApiId" -o -z "$ApiKey" -o -z "$Domain" ]; then
    echo "参数缺失"
    exit 1
fi

if [ $4 ]; then
    SubDomain=$4
fi

if [ -z "$SubDomain" ]; then
    SubDomain="@"
fi

Nonce=$(date -u "+%N")    # 有bug?
Timestamp=$(date -u "+%Y-%m-%dT%H%%3A%M%%3A%SZ")    # SB 阿里云, 什么鬼时间格式
Nonce=$Timestamp

urlencode() {
    local raw="$1";
    local len="${#raw}"
    local encoded=""

    for i in `seq 1 $len`; do
        local j=$((i+1))
        local c=$(echo $raw | cut -c$i-$i)

        case $c in [a-zA-Z0-9.~_-]) ;;
            *)
            c=$(printf '%%%02X' "'$c") ;;
        esac

        encoded="$encoded$c"
    done

    echo $encoded
}

# $1 = query string
getSignature() {
    local encodedQuery=$(urlencode $1)
    local message="GET&%2F&$encodedQuery"
    local sig=$(echo -n "$message" | openssl dgst -sha1 -hmac "$ApiKey&" -binary | openssl base64)
    echo $(urlencode $sig)
}

sendRequest() {
    local sig=$(getSignature $1)
    local result=$(wget -qO- --no-check-certificate --content-on-error "https://alidns.aliyuncs.com?$1&Signature=$sig")
    echo $result
}

getRecordId() {
    echo "获取 $SubDomain.$Domain 的 IP..." >&2
    local queryString="AccessKeyId=$ApiId&Action=DescribeSubDomainRecords&Format=JSON&SignatureMethod=HMAC-SHA1&SignatureNonce=$Nonce&SignatureVersion=1.0&SubDomain=$SubDomain.$Domain&Timestamp=$Timestamp&Type=A&Version=2015-01-09"
    local result=$(sendRequest "$queryString")
    local code=$(echo $result | sed 's/.*,"Code":"\([A-z]*\)",.*/\1/')
    local recordId=$(echo $result | sed 's/.*,"RecordId":"\([0-9]*\)",.*/\1/')

    if [ "$code" = "$result" ] && [ ! "$recordId" = "$result" ]; then
        local ip=$(echo $result | sed 's/.*,"Value":"\([0-9\.]*\)",.*/\1/')

        if [ "$ip" == "$NewIP" ]; then
            echo "IP 无变化, 退出脚本..." >&2
            echo "quit"
        else
            echo $recordId
        fi
    else
        echo "null"
    fi
}

# $1 = record ID, $2 = new IP
updateRecord() {
    local queryString="AccessKeyId=$ApiId&Action=UpdateDomainRecord&DomainName=$Domain&Format=JSON&RR=$SubDomain&RecordId=$1&SignatureMethod=HMAC-SHA1&SignatureNonce=$Nonce&SignatureVersion=1.0&Timestamp=$Timestamp&Type=A&Value=$2&Version=2015-01-09"
    local result=$(sendRequest $queryString)
    local code=$(echo $result | sed 's/.*,"Code":"\([A-z]*\)",.*/\1/')

    if [ "$code" = "$result" ]; then
        echo "$SubDomain.$Domain 已指向 $NewIP." >&2
    else
        echo "更新失败." >&2
        echo $result >&2
    fi
}

# $1 = new IP
addRecord() {
    local queryString="AccessKeyId=$ApiId&Action=AddDomainRecord&DomainName=$Domain&Format=JSON&RR=$SubDomain&SignatureMethod=HMAC-SHA1&SignatureNonce=$Nonce&SignatureVersion=1.0&Timestamp=$Timestamp&Type=A&Value=$1&Version=2015-01-09"
    local result=$(sendRequest $queryString)
    local code=$(echo $result | sed 's/.*,"Code":"\([A-z]*\)",.*/\1/')

    if [ "$code" = "$result" ]; then
        echo "$SubDomain.$Domain 已指向 $NewIP." >&2
    else
        echo "添加失败." >&2
        echo $result >&2
    fi
}

# Get new IP address
echo "获取当前 IP..."
NewIP=$(wget -qO- --no-check-certificate "http://members.3322.org/dyndns/getip")
echo "当前 IP 为 $NewIP."

# Get record ID of sub domain
recordId=$(getRecordId)

if [ ! "$recordId" = "quit" ]; then
    if [ "$recordId" = "null" ]; then
        echo "域名记录不存在, 添加 $SubDomain.$Domain 至 $NewIP..."
        addRecord $NewIP
    else
        echo "域名记录已存在, 更新 $SubDomain.$Domain 至 $NewIP..."
        updateRecord $recordId $NewIP
    fi
fi

然后任务设置执行运行命令改成:

sh aliyun.sh {AccessKeyId} {AccessKeySecret} example.com www

aliyun.sh改成自己脚本所在位置和脚本名字
{AccessKeyId}改成申请的AccessKeyId
{AccessKeySecret}改成申请的AccessKeySecret
example.com改成自己的域名
www改成自定义一个名字,需要符合域名规范

然后还要做一下端口映射

最后使用 网址 http://你配置的域名:5000 尝试登录即可

当前页面是本站的「Baidu MIP」版。发表评论请点击:完整版 »