Projet

Général

Profil

TestIPv6 » Historique » Version 7

« Précédent - Version 7/13 (diff) - Version actuelle
Fabien Dupont, 10/02/2013 15:53


Mise en place de Falling-Sky

Falling-sky est le script open-source se cachant derrière : http://test-ipv6.com/ .

Ici, ce script sera installé sur http://test-ipv6.tetaneutral.net/ dans /var/www/test-ipv6.tetaneutral.net.

Installation des pré-requis systèmes

Ces pré-requis sont nécessaires uniquement pour l'installation du script.
Ils pourront êtres nettoyés une fois tout installé.

# aptitude install apache2-prefork-dev subversion yui-compressor tidy libtemplate-perl libyaml-perl libyaml-syck-perl libjson-perl

Récupération des sources

Les sources sont accessibles depuis le serveur SVN de google

# cd /usr/local/src
# svn checkout http://falling-sky.googlecode.com/svn/trunk/ falling-sky

Installation de mod_ip

Falling-sky fournit le module d'apache mod_ip. C'est un module qui retourne l'IP, dans un objet JSONP, depuis laquelle un client web accède à une page web.
Ce service est fourni en tant que module apache pour des raisons de performances.

# cd /usr/local/src/falling-sky/mod_ip
# apxs2 -c -i -a mod_ip.c

Activation des modules dans apache

Falling-sky a besoin des modules mod_usertrack, mod_header et mod_expire pour fonctionner.

# /etc/apache2/mods-enabled
# ln -sv ../mods-available/usertrack.load
# ln -sv ../mods-available/header.load
# ln -sv ../mods-available/expire.load

Ajout du VirtualHost dans apache

# cat /etc/apache2/sites-available/test-ipv6.tetaneutral.net 
<VirtualHost *:80>
    # Basic stuff commmon to any virtual host
    ServerName test-ipv6.tetaneutral.net
    ServerAlias www.test-ipv6.tetaneutral.net
    DocumentRoot /var/www/test-ipv6.tetaneutral.net

    # I have a "server alias" for every possible name I expect to answer.
    ServerAlias test-ipv6.tetaneutral.net *.test-ipv6.tetaneutral.net 
    ServerAlias 91.224.149.206
    ServerAlias 2a01:6600:8081:ce00::1

    # Enable etags.  Improve cachability of
    # most stuff.
    FileETag MTime

    # Apache built in cookie tracking.
    # We use this to record only the most recent submission from a given browser,
    # to avoid stuffing the ballot box on the survey.
    CookieExpires "24 hours" 
    CookieStyle RFC2109
    CookieTracking on

    # Limit disk access.  Don't look for .htaccess in directories.
    <Directory /var/www/test-ipv6.tetaneutral.net>
        AllowOverride None
    </Directory>

    ################################################################
    # IP reporting                                                 #
    ################################################################

    # mod_ip - reports IP address.  CGI arguements: callback= and fill=
    # This is a custom module in the test-ipv6.com archive.
    # This was implemented as a module for performance reasons.
    # /ip/ is *the* single most requested element (6 or more times per test!)
    <LocationMatch ^/ip/?$>
        SetHandler mod_ip
        Header append Cache-Control no-cache
        Header append Pragma no-cache
        Header append Expires "Thu, 01 Jan 1971 00:00:00 GMT" 
    </locationMatch>

    ################################################################
    # Cache busting                                                #
    ################################################################

    # This virtualhost requires RewriteEngine
    RewriteEngine on

    # Cache Busting the javascript code
    # Each time we update index.html, we do this:
    #   <script type="text/javascript" src="/v71/index.js">
    # This is to force the browser to fetch any updated javascript.
    # We do a similiar thing for CSS.
    # This RewriteRule will see /v71 and strip it from the request.
    RewriteRule ^/v[0-9]+(/.*)$ $1 [N]

    ################################################################
    # Precompressed files                                          #
    ################################################################

    # Our build.pl script will generate precompressed versions
    # of our HTML, JS, and CSS; and store the compressed versions
    # on disk.  We want to serve these directly to users who support
    # compression.  This avoids having Apache do compresion on-the-fly,
    # lowering the load on the web server.
    AddType "text/html;charset=UTF-8" .htmlgz
    AddType "text/javascript;charset=UTF-8" .jsgz
    AddType "text/css;charset=UTF-8" .cssgz
    AddEncoding gzip .htmlgz
    AddEncoding gzip .jsgz
    AddEncoding gzip .cssgz

    # If the browser supports gzip, redirect users
    # of these file types to the compressed versions.
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteRule (.*)\.html$ $1\.htmlgz [L]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteRule (.*)\.css$ $1\.cssgz [L]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteRule (.*)\.js$ $1\.jsgz [L]

    ################################################################
    # Images                                                       #
    ################################################################

    # Images used for testing need to be un-cached, always.
    # Make sure these are either a copy of the image directory, or 
    # a symlink to the images directory.
    <Location /images-nc>
        FileETag none   
        ExpiresActive off
        RequestHeader unset If-Modified-Since
        Header append Expires "Thu, 01 Jan 1971 00:00:00 GMT" 
    </location>

    # Tell browsers that once /images/ [anything] is fetched, cache it forever.
    # Don't even try and *ask* again.  These images do not change.  This will
    # permit followup tests by the user both run faster, and lower the load on 
    # the web server.
    <Location /images>
        FileETag none
        ExpiresActive on
        ExpiresDefault "access plus 10 years" 
    </location>

    ################################################################
    # Localization                                                 #
    ################################################################

    # Fix character sets using regex.  This is so we can
    # handle unlimited number of langauges.
    <LocationMatch "/.*[.](js|jsgz)[.]">
        Header set Content-type text/javascript;charset=UTF-8
    </LocationMatch>
    <LocationMatch "/.*[.](css|cssgz)[.]">
        Header set Content-type text/css;charset=UTF-8
    </LocationMatch>
    <LocationMatch "/.*[.](html|htmlgz)[.]">
        Header set Content-type text/html;charset=UTF-8
    </LocationMatch>

    # Content Negotiation
    Options +MultiViews
    LanguagePriority en-us en
    ForceLanguagePriority prefer fallback

    AddLanguage en .en-us   
    AddLanguage en-us .en-us
    AddLanguage fr .fr

    DirectoryIndex index.html

    # Identify IPv6 prefixes
    mod_ip_prefix 2001::/32 "Teredo" 
    mod_ip_prefix 2002::/16 "6to4" 
    mod_ip_prefix 2001:470:8000::/33 "he.net or tunnelbroker.net" 
    mod_ip_prefix 2001:470:8000::/33 "tunnelbroker.net"          
    mod_ip_prefix 2001:55c::/32 "Comcast" 
    mod_ip_prefix 2001:888::/32 "XS4ALL" 
    mod_ip_prefix 2001:5c0::/32 "freenet6" 
    mod_ip_prefix 2001:1291:200::/48 "brudi01.sixxs.net ctbc" 
    mod_ip_prefix 2001:1291:200::/40 "brudi01.sixxs.net ctbc" 
    mod_ip_prefix 2001:1418:100::/48 "ittrn01.sixxs.net itgate" 
    mod_ip_prefix 2001:1418:100::/40 "ittrn01.sixxs.net itgate" 
    mod_ip_prefix 2001:14b8:100::/48 "fihel01.sixxs.net dna" 
    mod_ip_prefix 2001:14b8:100::/40 "fihel01.sixxs.net dna" 
    mod_ip_prefix 2001:15c0:65ff::/48 "simbx01.sixxs.net amis" 
    mod_ip_prefix 2001:15c0:6600::/40 "simbx01.sixxs.net amis" 
    mod_ip_prefix 2001:15c0:6700::/40 "simbx01.sixxs.net amis" 
    mod_ip_prefix 2001:1620:f00::/48 "chzrh02.sixxs.net init7" 
    mod_ip_prefix 2001:1620:f00::/40 "chzrh02.sixxs.net init7" 
    mod_ip_prefix 2001:16d8:cc00::/40 "sesto01.sixxs.net phonera" 
    mod_ip_prefix 2001:16d8:dd00::/48 "dkcph01.sixxs.net phonera" 
    mod_ip_prefix 2001:16d8:dd00::/40 "dkcph01.sixxs.net phonera" 
    mod_ip_prefix 2001:16d8:ee00::/48 "noosl01.sixxs.net phonera" 
    mod_ip_prefix 2001:16d8:ee00::/40 "noosl01.sixxs.net phonera" 
    mod_ip_prefix 2001:16d8:ff00::/48 "sesto01.sixxs.net phonera" 
    mod_ip_prefix 2001:16d8:ff00::/40 "sesto01.sixxs.net phonera" 
    mod_ip_prefix 2001:1938:100::/40 "usdal01.sixxs.net highwinds" 
    mod_ip_prefix 2001:1938:200::/40 "usphx01.sixxs.net highwinds" 
    mod_ip_prefix 2001:1938:80::/48 "usdal01.sixxs.net highwinds" 
    mod_ip_prefix 2001:1938:81::/48 "usphx01.sixxs.net highwinds" 
    mod_ip_prefix 2001:1af8:fe00::/48 "nlhaa01.sixxs.net leaseweb" 
    mod_ip_prefix 2001:1af8:fe00::/40 "nlhaa01.sixxs.net leaseweb" 
    mod_ip_prefix 2001:1af8:ff00::/40 "nlhaa01.sixxs.net leaseweb" 
    mod_ip_prefix 2001:41e0:ff00::/48 "chzrh01.sixxs.net ipman" 
    mod_ip_prefix 2001:41e0:ff00::/40 "chzrh01.sixxs.net ipman" 
    mod_ip_prefix 2001:4428:200::/48 "nzwlg01.sixxs.net acsdata" 
    mod_ip_prefix 2001:4428:200::/40 "nzwlg01.sixxs.net acsdata" 
    mod_ip_prefix 2001:4830:1100::/48 "usbos01.sixxs.net occaid" 
    mod_ip_prefix 2001:4830:1100::/40 "usbos01.sixxs.net occaid" 
    mod_ip_prefix 2001:4830:1600::/48 "usqas01.sixxs.net occaid" 
    mod_ip_prefix 2001:4830:1600::/40 "usqas01.sixxs.net occaid" 
    mod_ip_prefix 2001:4978:100::/40 "uschi02.sixxs.net yourorg" 
    mod_ip_prefix 2001:4978:200::/40 "uschi02.sixxs.net yourorg" 
    mod_ip_prefix 2001:4978:300::/40 "uschi02.sixxs.net yourorg" 
    mod_ip_prefix 2001:4978:400::/40 "uschi02.sixxs.net yourorg" 
    mod_ip_prefix 2001:4978:f::/48 "uschi02.sixxs.net yourorg" 
    mod_ip_prefix 2001:4dd0:fc00::/40 "decgn01.sixxs.net netcologne" 
    mod_ip_prefix 2001:4dd0:fd00::/40 "decgn01.sixxs.net netcologne" 
    mod_ip_prefix 2001:4dd0:fe00::/40 "decgn01.sixxs.net netcologne" 
    mod_ip_prefix 2001:4dd0:ff00::/48 "decgn01.sixxs.net netcologne" 
    mod_ip_prefix 2001:4dd0:ff00::/40 "decgn01.sixxs.net netcologne" 
    mod_ip_prefix 2001:610:600::/48 "nlams05.sixxs.net surfnet" 
    mod_ip_prefix 2001:610:600::/40 "nlams05.sixxs.net surfnet" 
    mod_ip_prefix 2001:610:700::/40 "nlams05.sixxs.net surfnet" 
    mod_ip_prefix 2001:6a0:100::/40 "plwaw01.sixxs.net icm" 
    mod_ip_prefix 2001:6a0:200::/48 "plwaw01.sixxs.net icm" 
    mod_ip_prefix 2001:6a8:200::/48 "bebru02.sixxs.net belnet" 
    mod_ip_prefix 2001:6a8:200::/40 "bebru02.sixxs.net belnet" 
    mod_ip_prefix 2001:6f8:1000::/40 "deham01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:1100::/40 "deham01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:1200::/40 "deham01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:1300::/40 "deham01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:1400::/40 "bebru01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:1c00::/48 "deham02.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:1c00::/40 "deham02.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:1d00::/40 "deham02.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:202::/48 "bebru01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:300::/40 "bebru01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:900::/48 "deham01.sixxs.net easynet" 
    mod_ip_prefix 2001:6f8:900::/40 "deham01.sixxs.net easynet" 
    mod_ip_prefix 2001:770:100::/48 "iedub01.sixxs.net heanet" 
    mod_ip_prefix 2001:770:100::/40 "iedub01.sixxs.net heanet" 
    mod_ip_prefix 2001:7b8:1500::/40 "nlede01.sixxs.net bit" 
    mod_ip_prefix 2001:7b8:2ff::/48 "nlede01.sixxs.net bit" 
    mod_ip_prefix 2001:7b8:300::/40 "nlede01.sixxs.net bit" 
    mod_ip_prefix 2001:7e8:2200::/48 "lulux01.sixxs.net ptlu" 
    mod_ip_prefix 2001:7e8:2200::/40 "lulux01.sixxs.net ptlu" 
    mod_ip_prefix 2001:808:100::/48 "plpoz01.sixxs.net poznan" 
    mod_ip_prefix 2001:808:100::/40 "plpoz01.sixxs.net poznan" 
    mod_ip_prefix 2001:808:e100::/48 "plpoz01.sixxs.net poznan" 
    mod_ip_prefix 2001:808:e100::/40 "plpoz01.sixxs.net poznan" 
    mod_ip_prefix 2001:838:300::/48 "nlams01.sixxs.net concepts" 
    mod_ip_prefix 2001:838:300::/40 "nlams01.sixxs.net concepts" 
    mod_ip_prefix 2001:960:2::/48 "nlams04.sixxs.net scarlet" 
    mod_ip_prefix 2001:960:600::/40 "nlams04.sixxs.net scarlet" 
    mod_ip_prefix 2001:960:700::/40 "nlams04.sixxs.net scarlet" 
    mod_ip_prefix 2001:a60:f000::/48 "demuc02.sixxs.net mnet" 
    mod_ip_prefix 2001:a60:f000::/40 "demuc02.sixxs.net mnet" 
    mod_ip_prefix 2001:ad0:900::/48 "eetll01.sixxs.net linxtelecom" 
    mod_ip_prefix 2001:ad0:900::/40 "eetll01.sixxs.net linxtelecom" 
    mod_ip_prefix 2001:b18:2000::/48 "ptlis01.sixxs.net nfsi" 
    mod_ip_prefix 2001:b18:4000::/40 "ptlis01.sixxs.net nfsi" 
    mod_ip_prefix 2604:8800:100::/48 "uschi03.sixxs.net cymru" 
    mod_ip_prefix 2604:8800:100::/40 "uschi03.sixxs.net cymru" 
    mod_ip_prefix 2610:0100:4fff::/48 "usanc01.sixxs.net gci" 
    mod_ip_prefix 2610:0100:6000::/40 "usanc01.sixxs.net gci" 
    mod_ip_prefix 2a00:14f0:e000::/48 "gblon03.sixxs.net gyron" 
    mod_ip_prefix 2a00:14f0:e000::/40 "gblon03.sixxs.net gyron" 
    mod_ip_prefix 2a00:15b8:100::/48 "iedub02.sixxs.net digiweb" 
    mod_ip_prefix 2a00:15b8:100::/40 "iedub02.sixxs.net digiweb" 
    mod_ip_prefix 2a01:198:200::/48 "dedus01.sixxs.net speedpartner" 
    mod_ip_prefix 2a01:198:200::/40 "dedus01.sixxs.net speedpartner" 
    mod_ip_prefix 2a01:198:300::/40 "dedus01.sixxs.net speedpartner" 
    mod_ip_prefix 2a01:198:400::/40 "dedus01.sixxs.net speedpartner" 
    mod_ip_prefix 2a01:198:500::/40 "dedus01.sixxs.net speedpartner" 
    mod_ip_prefix 2a01:198:600::/40 "dedus01.sixxs.net speedpartner" 
    mod_ip_prefix 2a01:198:700::/40 "dedus01.sixxs.net speedpartner" 
    mod_ip_prefix 2a01:240:fe00::/48 "frmrs01.sixxs.net jaguar" 
    mod_ip_prefix 2a01:240:fe00::/40 "frmrs01.sixxs.net jaguar" 
    mod_ip_prefix 2a01:348:100::/40 "gblon02.sixxs.net goscomb" 
    mod_ip_prefix 2a01:348:200::/40 "gblon02.sixxs.net goscomb" 
    mod_ip_prefix 2a01:348:6::/48 "gblon02.sixxs.net goscomb" 
    mod_ip_prefix 2a01:8c00:ff00::/48 "czprg01.sixxs.net ignum" 
    mod_ip_prefix 2a01:8c00:ff00::/40 "czprg01.sixxs.net ignum" 
    mod_ip_prefix 2a02:2528:ff00::/48 "chgva01.sixxs.net ipmax" 
    mod_ip_prefix 2a02:2528:ff00::/40 "chgva01.sixxs.net ipmax" 
    mod_ip_prefix 2a02:278:1200::/48 "iegwy01.sixxs.net airwire" 
    mod_ip_prefix 2a02:278:1200::/40 "iegwy01.sixxs.net airwire" 
    mod_ip_prefix 2a02:980:1000::/48 "dkcph02.sixxs.net fullrate" 
    mod_ip_prefix 2a02:980:1000::/40 "dkcph02.sixxs.net fullrate" 
</virtualhost>
# cd /etc/apache2/sites-enabled
# ln -sv ../sites-available/test-ipv6.tetaneutral.net
# service apache2 restart

Configuration

Les différents scripts de Falling-Sky sont buildés par un programme en perl.
Il faut le configurer selong le système sur lequel on l'installe.

# cd /usr/local/falling-sky/source
# cp config.inc config.inc.local
# vi config.inc.local

Le contenu de config.inc.local est :

#!/bin/echo used by build.pl

use strict;

$COMPRESS{"js"} =  "/usr/bin/yui-compressor --type js --charset utf-8 -o [OUTPUT] [INPUT]";
$COMPRESS{"css"} = "/usr/bin/yui-compressor --type css --charset utf-8 -o [OUTPUT] [INPUT]";
$COMPRESS{"html"} = "/usr/bin/tidy -quiet -indent -asxhtml -utf8 -w 120 < [INPUT] > [OUTPUT]";
$INSTALL = "/var/www/test-ipv6.tetaneutral.net"; 
$VARS->{"domain"} = "test-ipv6.tetaneutral.net";
$VARS->{"ipv4"} = "91.224.149.206";
$VARS->{"ipv6"} = "2a01:6600:8081:ce00::1";
$VARS->{"contact"} = 'Tetaneutral.net';
$VARS->{"mailto"} = 'contact@tetaneutral.net';
$VARS->{use_survey} = 0;
$VARS->{hash_survey} = 0;  
$VARS->{'facebook_like'} = 0;
$VARS->{"twitter_tweet"}=0;

1;

Installation

Par défaut, falling-sky est buildé pour une tripotée de langages.
Ici, on limite à l'anglais et le français.

# cd /usr/local/falling-sky/source
# vi build.pl
@LANG = qw(en-us fr);

Et on peut lancer le script d'installation.

# ./build.pl --config config.inc
Processing: en-us: js/index.js
Processing: en-us: js/base.js
Processing: en-us: js/without-ui.js
Processing: en-us: js/jquery.js
Processing: en-us: js/tablesorter.js
*snip*
Processing: fr: html/when.html
Processing: fr: php/comment.php
Processing: fr: php/survey.php
Processing: fr: php/report-ip.php

Les images doivent être installées manuellement.

# cd /usr/local/src/falling-sky
# rsync -av images/. /var/www/test-ipv6.tetaneutral.net/images
# rsync -av images/. /var/www/test-ipv6.tetaneutral.net/images-nc

Les fichiers doivent appartenir à l'utilisateur d'apache.

# chown -R www-data:www-data /var/www/test-ipv6.tetaneutral.net

Modification du DNS

La plupart des tests effectués par Falling-Sky se basent sur des requêtes DNS.
Il faut donc modifier le serveur DNS pour ajouter différents enregistrements et une zone.

Ici, la zone tetaneutral.net est modifiée et une zone v6ns.test-ipv6.tetaneutral.net est ajoutée.

# grep test-ipv6 tetaneutral.net.zone
test-ipv6                   IN CNAME   www
ipv4.test-ipv6              IN A       91.224.149.206
ipv6.test-ipv6              IN AAAA    2a01:6600:8081:ce00::1
aaaa.test-ipv6              IN AAAA    2a01:6600:8081:ce00::1
a.test-ipv6                 IN A       91.224.149.206
ds.test-ipv6                IN A       91.224.149.206
ds.test-ipv6                IN AAAA    2a01:6600:8081:ce00::1
v6ns.test-ipv6              IN NS      v6ns1.test-ipv6
v6ns1.test-ipv6             IN AAAA    2a01:6600:8000::2
# cat v6ns.test-ipv6.tetaneutral.net.zone
; -*- mode: zone; -*-
;
$TTL 86400
@    IN SOA v6ns1.v6ns.test-ipv6.tetaneutral.net. root.tetaneutral.net. (
        2013021003      ; serial
        86400      ; Refresh
        3600       ; Retry
        3600000    ; expire
        86400 )    ; negative cache TTL

                            IN  NS     v6ns1.test-ipv6.tetaneutral.net.

                            IN  MX 1   mx1.tetaneutral.net.
                            IN  MX 100 mx2.tetaneutral.net.

                            IN  A      91.224.149.206
                            IN  AAAA   2a01:6600:8081:CE00::1

; Script de test de connectivite IPv6 (fab-)
ipv4                        IN A       91.224.149.206
v4                          IN A       91.224.149.206
ipv6                        IN AAAA    2a01:6600:8081:ce00::1
v6                          IN AAAA    2a01:6600:8081:ce00::1
aaaa                        IN AAAA    2a01:6600:8081:ce00::1
a                           IN A       91.224.149.206
ds                          IN A       91.224.149.206
ds                          IN AAAA    2a01:6600:8081:ce00::1
# cat /etc/bind/named.conf
*snip*
    zone "tetaneutral.net" IN {
        type  master;
        file  "wan/tetaneutral.net.zone";
        allow-transfer { 91.216.110.40; 217.70.177.40; };
    };
*snip*
    zone "v6ns.test-ipv6.tetaneutral.net" IN {
        type  master;
        file  "wan/v6ns.test-ipv6.tetaneutral.net.zone";
    };
*snip*

Nettoyage

Étant donné que c'est pas super secure de laisser des outils de développement sur un serveur web, tous les pré-requis d'installation peuvent être nettoyés.

# aptitude purge apache2-prefork-dev subversion yui-compressor tidy libtemplate-perl libyaml-perl libyaml-syck-perl libjson-perl