当前位置：首页 > news >正文

综合项目：博客

news 来源：原创 2025/5/17 6:49:01

1.运行环境：

主机	主机名	系统	服务
192.168.16.138	Server-Web	Centos	Web
192.168.16.140	Server-NFS	Centos	NFS
192.168.16.141	Server-DNS	Centos	DNS

2.业务需求：

Server-NFS主机配置NFS服务器，将博客网站资源文件共享给Server-web主机
Server-DNS主机配置DNS
Server-web主机配置web服务，通过域名www.openlab.com可以访问到自建的博客网站

3.准备工作

3.1配置静态ip

#Server-web主机：
[root@server-web ~]# nmcli c modify ens33 ipv4.method manual ipv4.addresses '192.168.16.138/24' ipv4.gateway '192.168.16.2' ipv4.dns '114.114.114.114'
[root@server-web ~]# nmcli c reload
[root@server-web ~]# nmcli c up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)#Server-NFS主机：
[root@server-nfs ~]#  nmcli c modify ens33 ipv4.method manual ipv4.addresses '192.168.16.140/24' ipv4.gateway '192.168.16.2' ipv4.dns '114.114.114.114'
[root@server-nfs ~]# nmcli c reload
[root@server-nfs ~]# nmcli c up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)#Server-DNS主机：
[root@server-dns ~]#  nmcli c modify ens33 ipv4.method manual ipv4.addresses '192.168.16.141/24' ipv4.gateway '192.168.16.2' ipv4.dns '114.114.114.114'
[root@server-dns ~]# nmcli c reload
[root@server-dns ~]# nmcli c up ens33
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

3.2修改hosts映射

手动建立主机名与IP的映射关系
允许直接用Server-NFS等主机名代替IP地址操作（如ping Server-NFS）


[root@server-web ~]# vim /etc/hosts
127.0.0.1       Server-Web
192.168.16.138  Server-Web
192.168.16.140  Server-NFS
192.168.16.141  Server-DNS[root@server-nfs ~]# vim /etc/hosts
127.0.0.1       Server-NFS
192.168.16.138  Server-Web
192.168.16.140  Server-NFS
192.168.16.141  Server-DNS[root@server-dns ~]# vim /etc/hosts
127.0.0.1       Server-DNS
192.168.16.138  Server-Web
192.168.16.140  Server-NFS
192.168.16.141  Server-DNS

3.3 开启防火墙

#三台机子都需要开启
[root@server-web ~]# systemctl start firewalld
[root@server-nfs ~]# systemctl start firewalld
[root@server-dns ~]# systemctl start firewalld

3.4 SElinux设置

#Server-Web端关闭
[root@server-web ~]# setenforce 0
#Server-NFS端开启
[root@server-nfs ~]# setenforce 1
#Server-DNS端开启
[root@server-dns ~]# setenforce 1

3.5 时间同步设置

#Server-Web端：
[root@server-web ~]# yum install chrony -y
[root@server-web ~]# vim /etc/chrony.conf 
#使用阿里云的 NTP 服务器（ntp.aliyun.com）进行时间同步：
server  ntp.aliyun.com  iburst
[root@server-web ~]# systemctl restart chronyd
[root@server-web ~]# chronyc sources -V
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    17     6   +452us[ +529us] +/-   36ms
[root@server-web ~]# timedatectl statusLocal time: Thu 2025-05-15 17:07:21 CSTUniversal time: Thu 2025-05-15 09:07:21 UTCRTC time: Thu 2025-05-15 09:07:21Time zone: Asia/Shanghai (CST, +0800)NTP enabled: yes
NTP synchronized: yesRTC in local TZ: noDST active: n/a

Server-NFS端和Server-DNS端进行相同操作进行时钟同步

3.6 配置免密ssh登录

无需每次手动输入密码即可执行文件同步/更新操作
免密SSH可以避免因SELinux策略导致密码认证失败

# 生成RSA类型的SSH密钥对（公钥/私钥）
[root@server-web ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ltpuqAxwIKm7u/V1GOS5BqrbAdVeBU8hvOgf7B0GtS4 root@server-web
The key's randomart image is:
+---[RSA 2048]----+
|     .o.+.       |
| . .  .=.        |
|+ . ..oo..       |
|oo ..+o...       |
|+ ..o.+oS        |
| = ...EB+        |
|. =  o**o.       |
| = = o+oo        |
|*+. +. ..        |
+----[SHA256]-----+# 将公钥复制到192.168.16.140服务器的授权密钥文件中
[root@server-web ~]# ssh-copy-id 192.168.16.140
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.16.140 (192.168.16.140)' can't be established.
ECDSA key fingerprint is SHA256:w8kTZUP7xP6oYVerIBqNlD373FtAud5/0r/g8LyxG3U.
ECDSA key fingerprint is MD5:95:92:e4:51:cb:a7:72:2c:3d:89:3e:05:19:16:0a:87.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.16.140's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh '192.168.16.140'"
and check to make sure that only the key(s) you wanted were added.

同理Server-Web与Server-NFS之间也建立互相免密ssh登录

4.环境搭建

4.1 Server-Web端安装LAMP环境软件

[root@server-web ~]# yum install nginx mariadb-server php* -y

4.2 Server-NFS端上传博客网站

网址：https://cn.wordpress.org/,下载压缩文件
将WordPress上传到Server-NFS端的/目录下
解压压缩包

[root@server-nfs ~]# ls /
bin   dev  home  lib64  mnt  proc  run   srv  tmp  var
boot  etc  lib   media  opt  root  sbin  sys  usr  wordpress-6.8.1-zh_CN.zip
[root@server-nfs wordpress]# cd /
[root@server-nfs wordpress]# unzip wordpress-6.8.1-zh_CN.zip 
[root@server-nfs /]# cd wordpress
[root@server-nfs wordpress]# ls
index.php        wp-admin              wp-content         wp-load.php      wp-signup.php
license.txt      wp-blog-header.php    wp-cron.php        wp-login.php     wp-trackback.php
readme.html      wp-comments-post.php  wp-includes        wp-mail.php      xmlrpc.php
wp-activate.php  wp-config-sample.php  wp-links-opml.php  wp-settings.php

4.3 Server-NFS端设置NFS共享

将Server-NFS端的/wordpress目录共享给Server-Web端

##安装rpcbind服务和NFS工具包
root@server-nfs ~]# yum install rpcbind -y   
[root@server-nfs ~]# yum install nfs-utils -y  #编辑NFS共享配置文件，添加共享目录和访问权限设置。
[root@server-nfs ~]# vim /etc/exports 
##配置具体共享规则：将/wordpress目录共享给192.168.16.138，赋予读写权限(rw)，同步写入(sync)，并将所有访问用户映射为匿名用户(all_squash)。
/wordpress      192.168.16.138(rw,sync,all_squash)#递归修改/wordpress目录权限为777（所有用户可读可写可执行）
[root@server-nfs ~]# chmod -Rf 777 /wordpress 
#永久开放防火墙public区域的mountd服务端口（NFS挂载服务）。
[root@server-nfs ~]# firewall-cmd --permanent --zone public --add-service=mountd  
success
#永久开放防火墙public区域的rpc-bind服务端口（RPC端口映射服务）。
[root@server-nfs ~]# firewall-cmd --permanent --zone public --add-service=rpc-bind
success
#永久开放防火墙public区域的nfs服务端口（NFS主服务）。
[root@server-nfs ~]# firewall-cmd --permanent --zone public --add-service=nfs
success
[root@server-nfs ~]# firewall-cmd --reload
success#启动服务
[root@server-nfs ~]# systemctl start rpcbind
[root@server-nfs ~]# systemctl start nfs-server#递归修改 /wordpress 目录及其内容的 SELinux 安全上下文为 httpd_sys_content_t 类型
[root@server-nfs ~]# chcon -t httpd_sys_content_t /wordpress -Rv

4.4 Server-Web端设置

4.4.1 挂载远程共享目录

#安装NFS客户端工具包
[root@server-web ~]# yum install nfs-utils -y
#查看NFS服务器192.168.16.140上共享的目录列表
[root@server-web ~]# showmount -e 192.168.16.140
Export list for 192.168.16.140:
/wordpress 192.168.16.138#在本地创建挂载点目录/wp
[root@server-web ~]# mkdir /wp
#将NFS服务器上的/wordpress共享目录挂载到本地的/wp目录
[root@server-web ~]# mount -t nfs 192.168.16.140:/wordpress /wp#查看wp目录下的文件（即NFS共享的WordPress文件）
[root@server-web ~]# cd /wp/
[root@server-web wp]# ls
index.php        wp-admin              wp-content         wp-load.php      wp-signup.php
license.txt      wp-blog-header.php    wp-cron.php        wp-login.php     wp-trackback.php
readme.html      wp-comments-post.php  wp-includes        wp-mail.php      xmlrpc.php
wp-activate.php  wp-config-sample.php  wp-links-opml.php  wp-settings.php

4.4.2 nginx设置

#永久允许防火墙在public区域放行HTTP服务
[root@server-web ~]# firewall-cmd --permanent --zone public --add-service=http
success
#永久开放public区域的80/tcp端口（HTTP默认端口）
[root@server-web ~]# firewall-cmd --permanent --zone public --add-port=80/tcp
success
重新加载防火墙配置
[root@server-web ~]# firewall-cmd --reload
success编辑Nginx的主配置文件，并将网站根目录指向/wp
[root@server-web ~]# vim /etc/nginx/nginx.confserver {listen       80;listen       [::]:80;server_name  _;root         /wp;
[root@server-web ~]# systemctl start nginx

4.4.3 修改WordPress配置文件

[root@server-web ~]# cd /wp/
#复制WordPress配置文件样本，创建正式配置文件
[root@server-web wp]# cp wp-config-sample.php wp-config.php
编辑WordPress配置文件，设置数据库连接信息
[root@server-web wp]# vim wp-config.php 
# 设置WordPress使用的数据库名称
define( 'DB_NAME', 'wordpress' );
# 设置连接数据库的用户名
/** Database username */
define( 'DB_USER', 'test1' );# 设置连接数据库的密码
/** Database password */
define( 'DB_PASSWORD', '123456' );

4.4.4 启动数据库并在数据库中创建数据库和用户

[root@server-web ~]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.68-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
#创建名为wordpress的数据库（供WordPress使用）
MariaDB [(none)]> create database wordpress;
Query OK, 1 row affected (0.00 sec)
#创建数据库用户test1并设置密码为123456（仅限本地登录）
MariaDB [(none)]> create user 'test1'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
#授予test1用户对wordpress数据库的完全操作权限
MariaDB [(none)]> grant all on wordpress.* to 'test1'@'localhost';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit

4.4.5 测试

在浏览器输入：192.168.16.138进行测试
在这里插入图片描述

4.5 在Server-DNS端配置DNS

www.openlab.com正向解析为192.168.16.138
安装相关工具包：

# 安装BIND DNS服务器软件包
[root@server-dns ~]# yum install bind -y
# 永久允许public区域的DNS服务通过防火墙
[root@server-dns ~]# firewall-cmd --permanent --zone public --add-service=dns
success
# 重新加载防火墙规则使更改生效
[root@server-dns ~]# firewall-cmd --reload
success
# 启动BIND DNS服务（named服务）
[root@server-dns ~]# systemctl start named

编辑主配置文件：

[root@server-dns ~]# vim /etc/named.conf options {# 修改：监听所有IPv4地址的53端口（DNS服务默认端口）  listen-on port 53 { any; };listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";# 修改：允许任何客户端向此DNS服务器发起查询  allow-query     { any; };

修改区域配置文件，清空添加只保留一个正向解析即可：

[root@server-dns ~]# vim /etc/named.rfc1912.zones # 定义一个名为 "openlab.com" 的正向解析区域
zone "openlab.com" IN {type master;# 区域数据文件的名称file "openlab.com.zone";allow-update { none; };
};

新建区域数据文件并配置解析

[root@server-dns ~]# cd /var/named/
# 复制模板文件创建区域文件（保留原文件属性）
[root@server-dns named]# cp -a named.localhost openlab.com.zone
# 编辑区域文件内容
[root@server-dns named]# vim openlab.com.zone $TTL 1D
@       IN SOA  openlab.com.  admin.qq.com. (  # SOA记录：主域名和管理员邮0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS                      ns.openlab.com. #指定域名服务器记录
ns              IN              A       192.168.16.138  # ns子域名解析到指定IP
www             IN              A       192.168.16.138  #www子域名解析
bbs             IN              A       192.168.16.138	#bbs子域名解析# 启动服务
[root@server-dns named]# systemctl restart named

测试：将Server-Web端的DNS改为192.168.16.141后输入www.openlab.com域名访问

# 修改网络连接的DNS服务器（ens33网卡）
[root@server-web ~]# nmcli c modify ens33 ipv4.dns "192.168.16.141"
# 重启网络服务使配置生效
[root@server-web ~]# nmcli c reload
[root@server-web ~]# nmcli c up ens33
# 测试DNS解析
[root@server-web ~]# nslookup www.openlab.com
Server:		192.168.16.141  # 当前使用的DNS服务器
Address:	192.168.16.141#53  # DNS服务器监听的端口Name:	www.openlab.com
Address: 192.168.16.138   # 解析结果