不完全卸载可能会导致配置文件无法创建,或/etc/nginx下只有几个文件夹的问题
sudo apt-get --purge remove nginx sudo apt-get autoremove sudo apt-get --purge remove nginx-common
Ubuntu完全卸载nginx
发表评论
作者归档:Daniel Sun
Nginx对新版本PHP7.0.11关于PATH_INFO问题的修正
从这个版本以后,使用下面的配置使得Nginx支持ThinkPHP
server {
listen 80;
server_name xxx.dev.onlyke.com;
index index.html index.htm index.php;
root /home/nginx/xxx;
location ~ .*\.(gif|jpg|jpeg|png|bmp|ico|webp)$
{
expires 30d;
}
location ~ .*\.(woff|ttf|svg|otf|eot)$
{
expires 180d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location /
{
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php/$1 last;
break;
}
}
location ~ \.php($|/)
{
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
}
}
Ubuntu 配置Node.js+Nginx+PHP+MySQL最新版本
配置环境
#有的vps需要解决php源乱码的问题 sudo apt-get install -y language-pack-en-base vi /etc/profile export LANG=en_US.UTF-8 export LC_ALL=en_US.UTF-8 source /etc/profile #解决php源乱码的问题 ending #安装add-apt-repository apt-get install software-properties-common #安装nodejs源 curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - #新版本Ubuntu16.04默认支持openssl 1.0.2h add-apt-repository ppa:nginx/stable #老版本Ubuntu 14.04建议使用 PPA for NGINX with HTTP/2 on Ubuntu 12.04 LTS and higher,使用下面的源可以同时升级openssl,可以开启http2 #https://launchpad.net/~ondrej/+archive/ubuntu/nginx/ add-apt-repository ppa:ondrej/nginx #下面安装php7 mysql5.7源 add-apt-repository ppa:ondrej/php add-apt-repository ppa:ondrej/mysql-5.7 apt-get update apt-get install nodejs openssl nginx mysql-server php7.3 php7.3-gd php7.3-mbstring php7.3-xml php7.3-zip php7.3-curl php7.3-fpm php7.3-mysql php7.3-bcmath php7.3-dev #查看openssl版本 openssl version
nginx.conf配置
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 2m;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png font/ttf font/otf image/svg+xml;
gzip_vary on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
默认服务器,ip返回403配置
server_tokens off;
proxy_hide_header X-Powered-By;
server {
listen 80 default_server;
server_name _;
return 403;
}
server {
listen 443 ssl http2 default_server;
server_name _;
ssl on;
ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;
return 403;
}
fastcgi_params限制PHP脚本执行目录
#PHP Prohibit cross-Hosting fastcgi_param PHP_VALUE "open_basedir=$document_root:/tmp/";
纯静态配置
server {
listen 80;
server_name xxxx;
root /home/nginx/xxxx;
index index.html index.htm index.php;
location ~ .*\.(gif|jpg|jpeg|png|bmp)$
{
expires 30d;
}
location ~ .*\.(woff|ttf|svg)$
{
expires 180d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location /
{
try_files $uri $uri/ =404;
}
}
PHP一般通用配置
server {
listen 80;
server_name xxxx;
index index.php index.html index.htm;
root /home/nginx/xxx;
location ~ .*\.(gif|jpg|jpeg|png|bmp)$
{
expires 30d;
}
location ~ .*\.(woff|ttf|svg)$
{
expires 180d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ \.php($|/)
{
try_files $uri = 404;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
开启fix_pathinfo(一般默认已开启)
#确认php.ini中的如下配置,其实默认已经为1,当框架出现问题时可以来检查一下 cgi.fix_pathinfo = 1
PHP通用框架配置
server {
listen 80;
server_name xxxx;
index index.html index.htm index.php;
root /home/nginx/xxxx;
location ~ .*\.(gif|jpg|jpeg|png|bmp|ico|webp)$
{
expires 30d;
}
location ~ .*\.(woff|ttf|svg|otf|eot)$
{
expires 180d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ^~ /.svn
{
deny all;
}
location ^~ /.git
{
deny all;
}
location /
{
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php/$1 last;
break;
}
}
location ~ \.php($|/)
{
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
SSL+HTTP2的PHP框架配置
server {
listen 443 ssl http2;
server_name xxx;
index index.html index.htm index.php;
root /home/nginx/xxx;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 60m;
ssl_session_tickets on;
ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;
location ~ .*\.(gif|jpg|jpeg|png|bmp|ico|webp)$
{
expires 30d;
}
location ~ .*\.(woff|ttf|svg|otf|eot)$
{
expires 180d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ^~ /.svn
{
deny all;
}
location ^~ /.git
{
deny all;
}
location /
{
if (!-e $request_filename) {
rewrite ^(.*)$ /index.php/$1 last;
break;
}
}
location ~ \.php($|/)
{
fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
解决科学上网过程中ubuntu14 LTS出现Depends: init-system-helpers (>= 1.18~) 的问题
错误类似下面
Depends: init-system-helpers (>= 1.18~) but it is not installable
解决方案,执行下面代码即可
wget http://launchpadlibrarian.net/173841617/init-system-helpers_1.18_all.deb dpkg -i init-system-helpers_1.18_all.deb
用nodejs递归删除文件夹及其子目录,顺带解决windows删除文件名过长问题
用windows删除一些工程文件时因为目录深度太深,导致用资源管理器和cmd都没有办法删除。手头有nodejs,顺便参考了网上的一份递归删除目录的代码,放在这里做备用。使用的时候修改目录参数,然后用node执行即可。
var fs = require('fs');
var rmdirSync = (function(){
function iterator(url,dirs){
var stat = fs.statSync(url);
if(stat.isDirectory()){
dirs.unshift(url);//收集目录
inner(url,dirs);
}else if(stat.isFile()){
fs.unlinkSync(url);//直接删除文件
}
}
function inner(path,dirs){
var arr = fs.readdirSync(path);
for(var i = 0, el ; el = arr[i++];){
iterator(path+"/"+el,dirs);
}
}
return function(dir,cb){
cb = cb || function(){};
var dirs = [];
try{
iterator(dir,dirs);
for(var i = 0, el ; el = dirs[i++];){
fs.rmdirSync(el);//一次性删除所有收集到的目录
}
cb()
}catch(e){//如果文件或目录本来就不存在,fs.statSync会报错,不过我们还是当成没有异常发生
e.code === "ENOENT" ? cb() : cb(e);
}
}
})();
rmdirSync("D:\\Documents\\Dropbox\\PhpstormProjects\\2",function(e){
console.log("!!!"+e)
console.log("删除目录以及子目录成功")
})
使用Homestead来部署Laravel 5.3
本文写于:2016年9月22日 13:25:29,如果时间久远部分细节可能存在变动,请访问相关网站获取最新信息
Laravel 致力于让整个 PHP 开发过程变得让人愉悦,包括本地开发环境,为此官方为我们提供了一整套本地开发环境 —— Laravel Homestead。
Laravel Homestead 是一个打包好各种 Laravel 开发所需要的工具及环境的 Vagrant 盒子(Vagrant 提供了一个便捷的方式来管理和设置虚拟机),该盒子为我们提供了优秀的开发环境,有了它,我们不再需要在本地环境安装 PHP、HHVM、Web服务器以及其它工具软件,我们也完全不用再担心误操作搞乱操作系统 —— 因为 Vagrant 盒子是一次性的,如果出现错误,可以在数分钟内销毁并重新创建该 Vagrant 盒子!
Homestead可以运行在 Windows、Mac 以及 Linux 系统上,其中已经安装好了Nginx、PHP7.0、MySQL、Postgres、Redis、Memcached、Node以及很多其它开发 Laravel 应用所需要的东西。
如果你使用的是Windows,需要开启系统的硬件虚拟化(VT-x),这通常可以通过BIOS来开启。
1. 安装VirtualBox
下载地址:https://www.virtualbox.org/wiki/Downloads
安装过程中一路下一步就可以了
2. 安装Vagrant和Laravel盒子
下载地址:https://www.vagrantup.com/downloads.html
安装过程没有什么特殊操作,别忘了在安装后重启操作系统
重启完成之后,可以通过下面的命令来查看安装是否成功
vagrant --version
然后我们使用下面的命令下载Laravel Homestead Vagrant盒子
vagrant box add laravel/homestead
这一步会花费很长时间,部分地区可能还会被墙,可以使用VPN或者把curl.exe加入你的代理来解决(比如使用Proxifier搭配SS)
3. 安装PHP
我们到:http://windows.php.net/download 下载对应的PHP版本,我使用的是php-7.0.10-nts-Win32-VC14-x64.zip
PHP高版本可能需要安装对应的VC库,这里给出下载链接
VC11:https://www.microsoft.com/zh-CN/download/details.aspx?id=30679
VC14:https://www.microsoft.com/zh-CN/download/details.aspx?id=48145
一般我们把X86和X64的全部安装
把下载下来的PHP解压到你想要的位置,比如D:\php,然后别忘了把这个路径添加到你的用户环境变量里。完成后,重开cmd窗口输入php -v 应该可以显示你安装的php版本
然后我们进入刚才的php安装目录,拷贝php.ini-development 重命名为php.ini ,然后打开编辑,用查找找到下面的行,将其前面的分号都去掉,然后保存。
extension_dir = "ext" extension=php_openssl.dll extension=php_mbstring.dll
4. 安装nodejs
下载地址:https://nodejs.org/en/download/
找到对应的安装包下载安装就可以了,安装完成后可以在cmd中使用node -v 来检测是否安装成功。
然后我们全局安装gulp
npm install -g gulp
5. 安装Composer
下载地址:https://getcomposer.org/download/
安装过程中如果php路径没有显示请检查你的环境变量,如果出现SSL没有启动的问题请检查你是否参照上文修改了php.ini中extension的配置。
安装完成后在cmd输入composer –version 来检查是否安装成功。
然后,我们把修改composer的源到composer中国镜像(http://pkg.phpcomposer.com/),加快速度。修改方式是打开cmd执行下面的命令
composer config -g repo.packagist composer https://packagist.phpcomposer.com
6. 安装Git
下载地址:https://git-scm.com/downloads
安装过程中请注意在下面的步骤中
确保选择Use Git from the Windows Command Prompt选项,其他步骤下一步即可。
安装完成后在cmd输入git –version 来检查是否安装成功。
在 Windows 开始菜单找到 Git Bash 并运行,在打开的窗口中执行下面命令,一路回车使用默认选项即可,这将生成SSH Key。(别忘了修改你的email地址)
ssh-keygen -t rsa -C "[email protected]"
7. 安装laravel Install
打开cmd运行下面的命令
composer global require "laravel/installer"
8. 安装Laravel 5.3
打开你准备放置Laravel 5.3 RC1项目的文件夹,在当前文件夹运行cmd来安装laravel(可能需要科学上网)
laravel new demo
完成后,你的项目将被安装到demo文件夹下。我们使用cd demo 来进入demo目录
接着,我们安装所有的依赖
npm install
注意:从这一步开始我们后面的cmd运行目录均为demo文件夹下
9. 安装homestead
在cmd中运行下面指令安装homestead,我这里采用的是项目局部安装
composer require laravel/homestead --dev
执行完后,执行下面命令生成Homestead.yaml
vendor\bin\homestead make
生成之后的内容大概如下
---
ip: "192.168.10.10"
memory: 2048
cpus: 1
hostname: demo
name: demo
provider: virtualbox
authorize: ~/.ssh/id_rsa.pub
keys:
- ~/.ssh/id_rsa
folders:
- map: "C:/Users/XXX/PhpstormProjects/demo"
to: "/home/vagrant/demo"
sites:
- map: homestead.app
to: "/home/vagrant/demo/public"
databases:
- homestead
# blackfire:
# - id: foo
# token: bar
# client-id: foo
# client-token: bar
# ports:
# - send: 50000
# to: 5000
# - send: 7777
# to: 777
# protocol: udp
在这个文件中,我们的虚拟机IP是192.168.10.10。
10. 启动Vagrant,所有步骤完成
我们在cmd运行vagrant up 来启动虚拟机,这一步骤的首次运行可能时间较长。
启动过程中可以观察到端口转发,我们本地的127.0.0.1的8000端口被转发到了192.168.10.10的80端口。
启动完成后我们ping一下192.168.10.10,如果不通的话请打开“控制面板\网络和 Internet\网络和共享中心”,就是适配器管理这个页面,找到最新添加的VM Box Host Only Network。如何判断最新呢,就是根据最后面#后面的数字。这里面是#2这个
右键进入IPV4设置,修改如下
确认之后再ping,ping通后我建议你再运行一下vagrant halt 和vagrant up ,重启虚拟机。
最后别忘了在hosts文件中添加下面的内容,把域名指向虚拟机IP,这样以后我们就可以通过http://homestead.app 来访问我们的项目了
192.168.10.10 homestead.app
运行完后,我们打开http://homestead.app/ 就可以看到我们的laravel了
注意:即使关闭当前cmd窗口虚拟机也不会关闭,想关闭虚拟机请打开cmd运行vagrant halt
Nginx的sites-available一键启动站点脚本,仿照Apache的a2ensite
在Ubuntu的Nginx发行版中,存在sites-available和sites-enable这两个目录,启用站点的方式是创建符号链接从sites-available到sites-enable,在Apache中,我们有a2ensite命令来很轻松的完成这件事情。在Nginx中没有这个脚本,所以我们可以自己编写一个。
在/usr/local/sbin 中创建文件nginx_modsite,代码如下,别忘了给执行权限
#!/bin/bash ## # File: # nginx_modsite # Description: # Provides a basic script to automate enabling and disabling websites found # in the default configuration directories: # /etc/nginx/sites-available and /etc/nginx/sites-enabled # For easy access to this script, copy it into the directory: # /usr/local/sbin # Run this script without any arguments or with -h or --help to see a basic # help dialog displaying all options. ## # Copyright (C) 2010 Michael Lustfield <[email protected]> # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. ## # Default Settings ## NGINX_CONF_FILE="$(awk -F= -v RS=' ' '/conf-path/ {print $2}' <<< $(nginx -V 2>&1))" NGINX_CONF_DIR="${NGINX_CONF_FILE%/*}" NGINX_SITES_AVAILABLE="$NGINX_CONF_DIR/sites-available" NGINX_SITES_ENABLED="$NGINX_CONF_DIR/sites-enabled" SELECTED_SITE="$2" ## # Script Functions ## ngx_enable_site() { [[ ! "$SELECTED_SITE" ]] && ngx_select_site "not_enabled" [[ ! -e "$NGINX_SITES_AVAILABLE/$SELECTED_SITE" ]] && ngx_error "Site does not appear to exist." [[ -e "$NGINX_SITES_ENABLED/$SELECTED_SITE" ]] && ngx_error "Site appears to already be enabled" ln -sf "$NGINX_SITES_AVAILABLE/$SELECTED_SITE" -T "$NGINX_SITES_ENABLED/$SELECTED_SITE" ngx_reload } ngx_disable_site() { [[ ! "$SELECTED_SITE" ]] && ngx_select_site "is_enabled" [[ ! -e "$NGINX_SITES_AVAILABLE/$SELECTED_SITE" ]] && ngx_error "Site does not appear to be \'available\'. - Not Removing" [[ ! -e "$NGINX_SITES_ENABLED/$SELECTED_SITE" ]] && ngx_error "Site does not appear to be enabled." rm -f "$NGINX_SITES_ENABLED/$SELECTED_SITE" ngx_reload } ngx_list_site() { echo "Available sites:" ngx_sites "available" echo "Enabled Sites" ngx_sites "enabled" } ## # Helper Functions ## ngx_select_site() { sites_avail=($NGINX_SITES_AVAILABLE/*) sa="${sites_avail[@]##*/}" sites_en=($NGINX_SITES_ENABLED/*) se="${sites_en[@]##*/}" case "$1" in not_enabled) sites=$(comm -13 <(printf "%s\n" $se) <(printf "%s\n" $sa));; is_enabled) sites=$(comm -12 <(printf "%s\n" $se) <(printf "%s\n" $sa));; esac ngx_prompt "$sites" } ngx_prompt() { sites=($1) i=0 echo "SELECT A WEBSITE:" for site in ${sites[@]}; do echo -e "$i:\t${sites[$i]}" ((i++)) done read -p "Enter number for website: " i SELECTED_SITE="${sites[$i]}" } ngx_sites() { case "$1" in available) dir="$NGINX_SITES_AVAILABLE";; enabled) dir="$NGINX_SITES_ENABLED";; esac for file in $dir/*; do echo -e "\t${file#*$dir/}" done } ngx_reload() { read -p "Would you like to reload the Nginx configuration now? (Y/n) " reload [[ "$reload" != "n" && "$reload" != "N" ]] && invoke-rc.d nginx reload } ngx_error() { echo -e "${0##*/}: ERROR: $1" [[ "$2" ]] && ngx_help exit 1 } ngx_help() { echo "Usage: ${0##*/} [options]" echo "Options:" echo -e "\t<-e|--enable> <site>\tEnable site" echo -e "\t<-d|--disable> <site>\tDisable site" echo -e "\t<-l|--list>\t\tList sites" echo -e "\t<-h|--help>\t\tDisplay help" echo -e "\n\tIf <site> is left out a selection of options will be presented." echo -e "\tIt is assumed you are using the default sites-enabled and" echo -e "\tsites-disabled located at $NGINX_CONF_DIR." } ## # Core Piece ## case "$1" in -e|--enable) ngx_enable_site;; -d|--disable) ngx_disable_site;; -l|--list) ngx_list_site;; -h|--help) ngx_help;; *) ngx_error "No Options Selected" 1; ngx_help;; esac
使用方法:
- 显示当前站点列表
sudo nginx_modsite -l
- 启用站点test_website
sudo nginx_modsite -e test_website
- 关闭站点test_website
sudo nginx_modsite -d test_website
引用:http://serverfault.com/questions/424452/nginx-enable-site-command
拒绝DNS污染和UDP干扰,在Openwrt路由器上部署DNSCrypt,加密查询DNS
博主的网络环境比较差,这要感谢该死的宽带通呵呵呵
经查该运行商阻挡了境外udp的通信,导致原本想通过shadowsocks的udp隧道来进行加密DNS查询的方案失败
通过搜索我发现我们可以直接安装DNSCrypt来达到我们的目的,官方网站在https://dnscrypt.org/,DNSCrypt是OpenDNS发布的加密DNS工具,可加密DNS流量,阻止常见的DNS攻击,如重放攻击、观察攻击、时序攻击、中间人攻击和解析伪造攻击。DNSCrypt支持Openwrt,是防止DNS污染的绝佳工具!
我们可以使用opkg进行安装
opkg update opkg install dnscrypt-proxy
安装完成之后,我们使用下面命令启动dnscrypt-proxy并设置开机启动,5353端口将自动被监听。
/etc/init.d/dnscrypt-proxy start /etc/init.d/dnscrypt-proxy enable
然后我们可以在luci中配置Chinadns的上游服务器中加入127.0.0.1::5353,注意Chinadns的默认端口为5353,需要换一个(比如我设置为5354),或者你换dnscrypt-proxy的默认端口也可以,dnscrypt-proxy的配置文件在/etc/config。然后我们到【网络】–>【DHCP/DNS】,把DNS转发设置为127.0.0.1#5354,然后换到【HOSTS和解析文件】选项卡,把【忽略解析文件】给打开(默认配置为/tmp/resolv.conf.auto)
下面是配置的大概过程
我们可以测试dnscrypt-proxy的解析结果,首先使用天朝局域网,这里是我的上游服务器。
dig @192.168.199.1 www.youtube.com
; <<>> DiG 9.9.8-P3 <<>> @192.168.199.1 www.youtube.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15703 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;www.youtube.com. IN A ;; ANSWER SECTION: www.youtube.com. 18829 IN CNAME youtube-ui.l.google.com. youtube-ui.l.google.com. 600 IN CNAME youtube-ui-china.l.google.com. youtube-ui-china.l.google.com. 600 IN A 37.61.54.158 ;; AUTHORITY SECTION: google.com. 109949 IN NS ns2.google.com. google.com. 109949 IN NS ns3.google.com. google.com. 109949 IN NS ns1.google.com. google.com. 109949 IN NS ns4.google.com. ;; ADDITIONAL SECTION: ns1.google.com. 110089 IN A 216.239.32.10 ns2.google.com. 113947 IN A 216.239.34.10 ns3.google.com. 115317 IN A 216.239.36.10 ns4.google.com. 171663 IN A 216.239.38.10 ;; Query time: 4 msec ;; SERVER: 192.168.199.1#53(192.168.199.1) ;; WHEN: Wed Jun 22 15:51:18 HKT 2016 ;; MSG SIZE rcvd: 250
37.61.54.158,一个很明显的污染地址,看看下面这个庞大的列表orz
然后使用我们的dnscrypt-proxy
dig @127.0.0.1 www.youtube.com -p 5353
; <<>> DiG 9.9.8-P3 <<>> @127.0.0.1 www.youtube.com -p 5353 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9816 ;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.youtube.com. IN A ;; ANSWER SECTION: www.youtube.com. 84137 IN CNAME youtube-ui.l.google.com. youtube-ui.l.google.com. 900 IN CNAME youtube-ui-china.l.google.com. youtube-ui-china.l.google.com. 180 IN A 173.194.72.101 youtube-ui-china.l.google.com. 180 IN A 173.194.72.139 youtube-ui-china.l.google.com. 180 IN A 173.194.72.113 youtube-ui-china.l.google.com. 180 IN A 173.194.72.100 youtube-ui-china.l.google.com. 180 IN A 173.194.72.102 youtube-ui-china.l.google.com. 180 IN A 173.194.72.138 ;; Query time: 277 msec ;; SERVER: 127.0.0.1#5353(127.0.0.1) ;; WHEN: Wed Jun 22 15:52:18 HKT 2016 ;; MSG SIZE rcvd: 205
这样就获取到正确的DNS了