小编sun*_*sen的帖子

我正在尝试将以下别名从 移植/etc/network/interfaces到/etc/systemd/network/eth0.network.

auto eth0:1
iface eth0:1 inet static
    address 10.0.2.1/24

如果服务器关闭，我希望客户端无限期地重新连接，所以当它回来时，客户端只需重新连接。

客户 ipsec.conf

conn %default
    ike=aes256gcm16-sha384-modp3072!
    esp=aes256gcm16-sha384-modp3072!

conn ikev2
    auto=start
    leftid=client@my-vpn.com
    leftsourceip=%config
    leftauth=eap-tls
    leftcert=vpn-client.crt
    right=my-vpn.com
    rightid=my-vpn.com
    rightsubnet=0.0.0.0/0
    rightauth=pubkey

我目前有以下内容：

ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 1 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 2 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 3 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 4 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 128 -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp --icmpv6-type 129 -j ACCEPT

对于 ICMPv6 类型 3，我只想接受代码 0。

对于 ICMPv6 类型 4，我只想接受代码 1 和 2。

这是基于RFC 4890的。

假设我有两台主机，a.example.com并且b.example.com只希望启用位于负载均衡器后面的主机（proxy_protocol用于直接运行状况检查）。尝试了以下设置但出现错误。a.example.comb.example.com

a.example.com

server {
    listen 80 proxy_protocol;
    listen 443 proxy_protocol ssl;

    server_name a.example.com;

    location / {
        proxy_pass http://localhost:8443;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_protocol_addr;
        proxy_cache_bypass $http_upgrade;
    }

    ssl_certificate /etc/letsencrypt/live/a.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/a.example.com/privkey.pem;
}

b.example.com

server {
    listen 80;

    server_name b.example.com;

    location /healthcheck {
        proxy_pass http://localhost:8443;
        access_log off;
    }
}

错误

2019/08/06 17:40:50 [error] 10488#10488: *12 broken header: "GET /healthcheck HTTP/1.1
Host: b.example.com
Connection: keep-alive
Cache-Control: …