任务需求:
客户端通过访问 www.nihao.com 后,能够通过 dns 域名解析,访问到 nginx 服务中由 nfs 共享的首页文件,内容为:Very good, you have successfully set up the system. 各个主机能够实现时间同步,并且都开启防火墙来保证服务安装。
| 作用 | 系统 | IP | 主机名 | 软件 |
| web服务器 | redhat9.5 | 172.25.250.8 | web | nginx |
| nfs 服务器 | redhat9.5 | 172.25.250.9 | nfs | nfs-utils |
| DNS 主服务器 | redhat9.5 | 172.25.250.18 | dns1 | bind |
| DNS 从服务器 | redhat9.5 | 172.25.250.28 | dns2 | bind |
| 客户端 | redhat9.5 | 172.25.250.7 | client | bind-utils |
前期准备:
准备五台虚拟机,修改主机名和IP地址
每一台虚拟机都要写仓库并且挂载
web服务器:
#修改主机名
[root@localhost ~]# hostnamectl hostname web
#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4..addresses 172.25.250.8/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
#重新加载网络
[root@localhost ~]# nmcli c up ens160
NFS服务器:
#修改主机名
[root@localhost ~]# hostnamectl hostname nfs
#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.9/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
#重新加载网络
[root@localhost ~]# nmcli c up ens160
DNS主服务器:
#修改主机名
[root@localhost ~]# hostnamectl hostname dns1
#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.18 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
#重新加载网络
[root@localhost ~]# nmcli c up ens160
DNS从服务器:
#修改主机名
[root@localhost ~]# hostnamectl hostname dns2
#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.28/24 ipv4.dns 223.5.5.5 connection.autoconnect yes
#重新加载网络
[root@localhost ~]# nmcli c up ens160
client客户端:
为什么客户端的DNS要这样配置:
1、客户端通过curl命令访问Nginx服务器时,需要经过DNS解析。
2、DNS配置专门用于解析指向特定Nginx服务器的域名。
3、如果从其他机器访问该Nginx服务器,必须通过正确的DNS解析进行定位。
4、若不这样做,可能会解析到其他同名地址,导致出现冲突或重定向错误。
5、即使解析出来的名字相同,但实际内容可能不是预期的。
#修改主机名
[root@localhost ~]# hostnamectl hostname client
#修改网络()
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.7/24 ipv4.gateway 172.25.250.2 ipv4.dns 172.25.250.18 +ipv4.dns 172.25.250.28 connection.autoconnect yes
#重新加载网络
[root@localhost ~]# nmcli c up ens160
[root@client ~]# nmcli d show ens160
GENERAL.DEVICE: ens160
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 00:0C:29:F1:5C:F9
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: ens160
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/3
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: 172.25.250.7/24
IP4.GATEWAY: 172.25.250.2
IP4.ROUTE[1]: dst = 172.25.250.0/24, nh = 0.0.0.0, mt = 100
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 172.25.250.2, mt = 100
IP4.DNS[1]: 172.25.250.18
IP4.DNS[2]: 172.25.250.28
IP6.ADDRESS[1]: fe80::20c:29ff:fef1:5cf9/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 1024
web服务器下载nginx和nfs-utils
#挂载光盘文件
[root@web ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
#下载软件
[root@web ~]# dnf install nginx nfs-utils -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
BaseOS 1.8 MB/s | 2.7 kB 00:00
AppStream 1.9 MB/s | 3.2 kB 00:00
Dependencies resolved.
======================================================================================
Package Architecture Version Repository Size
======================================================================================
Installing:
nfs-utils x86_64 1:2.5.4-27.el9 os 463 k
nginx x86_64 2:1.20.1-20.el9 app 40 k
Installing dependencies:
gssproxy x86_64 0.8.4-7.el9 os 114 k
libev x86_64 4.33-5.el9 os 56 k
libnfsidmap x86_64 1:2.5.4-27.el9 os 65 k
libverto-libev x86_64 0.3.2-3.el9 os 15 k
nginx-core x86_64 2:1.20.1-20.el9 app 574 k
nginx-filesystem noarch 2:1.20.1-20.el9 app 11 k
quota x86_64 1:4.09-2.el9 os 202 k
quota-nls noarch 1:4.09-2.el9 os 79 k
redhat-logos-httpd noarch 90.4-2.el9 app 18 k
rpcbind x86_64 1.2.6-7.el9 os 62 k
sssd-nfs-idmap x86_64 2.9.5-4.el9 os 44 k
Transaction Summary
======================================================================================
Install 13 Packages
Total size: 1.7 M
Installed size: 4.6 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch 1/13
Installing : nginx-filesystem-2:1.20.1-20.el9.noarch 1/13
Installing : libnfsidmap-1:2.5.4-27.el9.x86_64 2/13
Installing : nginx-core-2:1.20.1-20.el9.x86_64 3/13
Installing : redhat-logos-httpd-90.4-2.el9.noarch 4/13
Running scriptlet: rpcbind-1.2.6-7.el9.x86_64 5/13
Installing : rpcbind-1.2.6-7.el9.x86_64 5/13
Running scriptlet: rpcbind-1.2.6-7.el9.x86_64 5/13
Created symlink /etc/systemd/system/multi-user.target.wants/rpcbind.service → /usr/lib/systemd/system/rpcbind.service.
Created symlink /etc/systemd/system/sockets.target.wants/rpcbind.socket → /usr/lib/systemd/system/rpcbind.socket.
Installing : quota-nls-1:4.09-2.el9.noarch 6/13
Installing : quota-1:4.09-2.el9.x86_64 7/13
Installing : libev-4.33-5.el9.x86_64 8/13
Installing : libverto-libev-0.3.2-3.el9.x86_64 9/13
Installing : gssproxy-0.8.4-7.el9.x86_64 10/13
Running scriptlet: gssproxy-0.8.4-7.el9.x86_64 10/13
Running scriptlet: nfs-utils-1:2.5.4-27.el9.x86_64 11/13
Installing : nfs-utils-1:2.5.4-27.el9.x86_64 11/13
Running scriptlet: nfs-utils-1:2.5.4-27.el9.x86_64 11/13
Installing : nginx-2:1.20.1-20.el9.x86_64 12/13
Running scriptlet: nginx-2:1.20.1-20.el9.x86_64 12/13
Installing : sssd-nfs-idmap-2.9.5-4.el9.x86_64 13/13
Running scriptlet: sssd-nfs-idmap-2.9.5-4.el9.x86_64 13/13
Verifying : gssproxy-0.8.4-7.el9.x86_64 1/13
Verifying : libev-4.33-5.el9.x86_64 2/13
Verifying : libnfsidmap-1:2.5.4-27.el9.x86_64 3/13
Verifying : libverto-libev-0.3.2-3.el9.x86_64 4/13
Verifying : nfs-utils-1:2.5.4-27.el9.x86_64 5/13
Verifying : quota-1:4.09-2.el9.x86_64 6/13
Verifying : quota-nls-1:4.09-2.el9.noarch 7/13
Verifying : rpcbind-1.2.6-7.el9.x86_64 8/13
Verifying : sssd-nfs-idmap-2.9.5-4.el9.x86_64 9/13
Verifying : nginx-2:1.20.1-20.el9.x86_64 10/13
Verifying : nginx-core-2:1.20.1-20.el9.x86_64 11/13
Verifying : nginx-filesystem-2:1.20.1-20.el9.noarch 12/13
Verifying : redhat-logos-httpd-90.4-2.el9.noarch 13/13
Installed products updated.
Installed:
gssproxy-0.8.4-7.el9.x86_64 libev-4.33-5.el9.x86_64
libnfsidmap-1:2.5.4-27.el9.x86_64 libverto-libev-0.3.2-3.el9.x86_64
nfs-utils-1:2.5.4-27.el9.x86_64 nginx-2:1.20.1-20.el9.x86_64
nginx-core-2:1.20.1-20.el9.x86_64 nginx-filesystem-2:1.20.1-20.el9.noarch
quota-1:4.09-2.el9.x86_64 quota-nls-1:4.09-2.el9.noarch
redhat-logos-httpd-90.4-2.el9.noarch rpcbind-1.2.6-7.el9.x86_64
sssd-nfs-idmap-2.9.5-4.el9.x86_64
Complete!
nfs服务器下载nfs-utils
#挂载光盘文件
[root@nfs ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
#下载软件
[root@nfs ~]# dnf install nfs-utils -y
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.
BaseOS 919 kB/s | 2.7 kB 00:00
AppStream 1.8 MB/s | 3.2 kB 00:00
Dependencies resolved.
======================================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================================
Installing:
nfs-utils x86_64 1:2.5.4-27.el9 os 463 k
Installing dependencies:
gssproxy x86_64 0.8.4-7.el9 os 114 k
libev x86_64 4.33-5.el9 os 56 k
libnfsidmap x86_64 1:2.5.4-27.el9 os 65 k
libverto-libev x86_64 0.3.2-3.el9 os 15 k
quota x86_64 1:4.09-2.el9 os 202 k
quota-nls noarch 1:4.09-2.el9 os 79 k
rpcbind x86_64 1.2.6-7.el9 os 62 k
sssd-nfs-idmap x86_64 2.9.5-4.el9 os 44 k
Transaction Summary
======================================================================================================================================
Install 9 Packages
Total size: 1.1 M
Installed size: 2.9 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : libnfsidmap-1:2.5.4-27.el9.x86_64 1/9
Running scriptlet: rpcbind-1.2.6-7.el9.x86_64 2/9
Installing : rpcbind-1.2.6-7.el9.x86_64 2/9
Running scriptlet: rpcbind-1.2.6-7.el9.x86_64 2/9
Created symlink /etc/systemd/system/multi-user.target.wants/rpcbind.service → /usr/lib/systemd/system/rpcbind.service.
Created symlink /etc/systemd/system/sockets.target.wants/rpcbind.socket → /usr/lib/systemd/system/rpcbind.socket.
Installing : quota-nls-1:4.09-2.el9.noarch 3/9
Installing : quota-1:4.09-2.el9.x86_64 4/9
Installing : libev-4.33-5.el9.x86_64 5/9
Installing : libverto-libev-0.3.2-3.el9.x86_64 6/9
Installing : gssproxy-0.8.4-7.el9.x86_64 7/9
Running scriptlet: gssproxy-0.8.4-7.el9.x86_64 7/9
Running scriptlet: nfs-utils-1:2.5.4-27.el9.x86_64 8/9
Installing : nfs-utils-1:2.5.4-27.el9.x86_64 8/9
Running scriptlet: nfs-utils-1:2.5.4-27.el9.x86_64 8/9
Installing : sssd-nfs-idmap-2.9.5-4.el9.x86_64 9/9
Running scriptlet: sssd-nfs-idmap-2.9.5-4.el9.x86_64 9/9
Verifying : gssproxy-0.8.4-7.el9.x86_64 1/9
Verifying : libev-4.33-5.el9.x86_64 2/9
Verifying : libnfsidmap-1:2.5.4-27.el9.x86_64 3/9
Verifying : libverto-libev-0.3.2-3.el9.x86_64 4/9
Verifying : nfs-utils-1:2.5.4-27.el9.x86_64 5/9
Verifying : quota-1:4.09-2.el9.x86_64 6/9
Verifying : quota-nls-1:4.09-2.el9.noarch 7/9
Verifying : rpcbind-1.2.6-7.el9.x86_64 8/9
Verifying : sssd-nfs-idmap-2.9.5-4.el9.x86_64 9/9
Installed products updated.
Installed:
gssproxy-0.8.4-7.el9.x86_64 libev-4.33-5.el9.x86_64 libnfsidmap-1:2.5.4-27.el9.x86_64 libverto-libev-0.3.2-3.el9.x86_64
nfs-utils-1:2.5.4-27.el9.x86_64 quota-1:4.09-2.el9.x86_64 quota-nls-1:4.09-2.el9.noarch rpcbind-1.2.6-7.el9.x86_64
sssd-nfs-idmap-2.9.5-4.el9.x86_64
Complete!
DNS主从服务器和客户端安装bind
[root@dns1 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@dns1 ~]# dnf install bind -y
[root@dns2 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@dns2 ~]# dnf install bind -y
[root@client ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@client ~]# dnf install bind -y
搭建NFS服务:
#创建共享目录
[root@nfs ~]# mkdir /nfs
#写入数据
[root@nfs ~]# cd /nfs
[root@nfs nfs]# vim index.html
#查看写入数据
[root@nfs ~]# cat /nfs/index.html
Very good, you have successfully set up the system.
#配置共享存储
[root@nfs nfs]# cd
[root@nfs ~]# vim /etc/exports
[root@nfs ~]# cat /etc/exports
/nfs 172.25.250.0/24(rw)
#重启服务
[root@nfs ~]# systemctl restart nfs-server.service
#查看共享列表是否暴露成功
[root@nfs ~]# showmount -e 172.25.250.9
Export list for 172.25.250.9:
/nfs 172.25.250.0/24
#关闭selinux和放行防火墙规则
[root@nfs ~]# setenforce 0
[root@nfs ~]# firewall-cmd --permanent --add-service=nfs
success
#重新加载防火墙
[root@nfs ~]# firewall-cmd --reload
success
#为了能够写文件,我们还需要将 NFS 服务端的共享目录的写权限加上
[root@nfs ~]# chmod o+w /nfs
[root@nfs ~]# ll -d /nfs
drwxr-xrwx. 2 root root 24 Mar 25 21:55 /nfs
web服务器上配置
#创建挂载目录
[root@web ~]# mkdir /nfs/data -p
#执行挂载
[root@web ~]# mount -t nfs 172.25.250.9:/nfs /nfs/data
#查看是否挂载生效
[root@web ~]# df -h /nfs/data
Filesystem Size Used Avail Use% Mounted on
172.25.250.9:/nfs 45G 1.7G 43G 4% /nfs/data
#配置一个web服务
[root@web ~]# vim /etc/nginx/conf.d/nihao.conf
#创建日志目录
[root@web ~]# mkdir -p /var/log/nginx/data
#验证配置文件是都有效
[root@web ~]# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
#启动nginx服务
[root@web ~]# systemctl start nginx
#关闭selinux和http服务
[root@web ~]# setenforce 0
[root@web ~]# firewall-cmd --permanent --add-service=http
success
#重新加载防火墙
[root@web ~]# firewall-cmd --reload
success
打开浏览器,输入http://172.25.250.8来访问,得到以下结果,说明nginx服务配置完成
或者使用curl命令来访问
[root@web ~]# curl 172.25.250.8
Very good, you have successfully set up the system.
[root@web ~]# curl http://172.25.250.8
Very good, you have successfully set up the system.
[root@web ~]# curl http://172.25.250.8 -I
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Tue, 25 Mar 2025 14:33:14 GMT
Content-Type: text/html
Content-Length: 52
Last-Modified: Tue, 25 Mar 2025 13:55:59 GMT
Connection: keep-alive
ETag: "67e2b5ef-34"
Accept-Ranges: bytes
配置DNS主从服务器:
配置DNS主服务器
#修改主配置文件
[root@dns1 ~]# vim /etc/named.conf
[root@dns1 ~]# cat /etc/named.conf
options {
listen-on port 53 { 172.25.250.18; };
directory "/var/named";
};
zone "nihao.com" IN {
type master;
file "nihao.com";
};
#配置区域数据文件
[root@dns1 ~]# vim /var/named/nihao.com
[root@dns1 ~]# cat /var/named/nihao.com
$TTL 1D
@ IN SOA @ admin.nihao.com. (0 1D 1H 1W 3H)
IN NS ns1
IN NS ns2
ns1 IN A 172.25.250.18
ns2 IN A 172.25.250.28
www IN A 172.25.250.8
#检查配置语法
[root@dns1 ~]# named-checkconf
[root@dns1 ~]# named-checkzone nihao.com /var/named/nihao.com
zone nihao.com/IN: loaded serial 0
OK
#测试DNS解析----启动dns服务
[root@dns1 ~]# systemctl start named
[root@dns1 ~]# ps -ef | grep named
named 13864 1 1 22:48 ? 00:00:00 /usr/sbin/named -u named -c /etc/named.conf
root 13880 13354 0 22:48 pts/1 00:00:00 grep --color=auto named
#测试
[root@dns1 ~]# dig -t NS nihao.com @172.25.250.18
; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @172.25.250.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2042d1fcd20890670100000067e2c24ff14451ee8512241d (good)
;; QUESTION SECTION:
;nihao.com. IN NS
;; ANSWER SECTION:
nihao.com. 86400 IN NS ns2.nihao.com.
nihao.com. 86400 IN NS ns1.nihao.com.
;; ADDITIONAL SECTION:
ns1.nihao.com. 86400 IN A 172.25.250.18
ns2.nihao.com. 86400 IN A 172.25.250.28
;; Query time: 1 msec
;; SERVER: 172.25.250.18#53(172.25.250.18)
;; WHEN: Tue Mar 25 22:48:47 CST 2025
;; MSG SIZE rcvd: 134
#放行dns服务
[root@dns1 ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns1 ~]# firewall-cmd --reload
success
配置DNS从服务器
#查看配置文件所在路径
[root@dns2 ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
#修改主配置文件
[root@dns2 ~]# vim /etc/named.conf
[root@dns2 ~]# cat /etc/named.conf
options {
listen-on port 53 { 172.25.250.28; };
directory "/var/named";
};
zone "nihao.com" IN {
type slave;
masters { 172.25.250.18; };
file "slave/nihao.com";
};
#放行dns服务
[root@dns2 ~]# firewall-cmd --permanent --add-service=dns
4success
[root@dns2 ~]# firewall-cmd --reload
success
#启动dns服务
[root@dns2 ~]# systemctl start named
#测试dns解析
[root@dns2 ~]# dig -t NS nihao.com @172.25.250.28
; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @172.25.250.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34591
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: af8b925d0cef09200100000067e2c4aef10a3c96081ec68b (good)
;; QUESTION SECTION:
;nihao.com. IN NS
;; ANSWER SECTION:
nihao.com. 86400 IN NS ns2.nihao.com.
nihao.com. 86400 IN NS ns1.nihao.com.
;; ADDITIONAL SECTION:
ns1.nihao.com. 86400 IN A 172.25.250.18
ns2.nihao.com. 86400 IN A 172.25.250.28
;; Query time: 2 msec
;; SERVER: 172.25.250.28#53(172.25.250.28)
;; WHEN: Tue Mar 25 22:58:54 CST 2025
;; MSG SIZE rcvd: 134
[root@dns2 ~]# dig -t A www.nihao.com @172.25.250.28
; <<>> DiG 9.16.23-RH <<>> -t A www.nihao.com @172.25.250.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45156
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7ca6aaa9c33060700100000067e2c537603de197c88415c4 (good)
;; QUESTION SECTION:
;www.nihao.com. IN A
;; ANSWER SECTION:
www.nihao.com. 86400 IN A 172.25.250.8
;; Query time: 1 msec
;; SERVER: 172.25.250.28#53(172.25.250.28)
;; WHEN: Tue Mar 25 23:01:11 CST 2025
;; MSG SIZE rcvd: 86
在客户端上测试服务是否搭建完成
[root@client ~]# curl www.nihao.com
Very good, you have successfully set up the system.
访问成功,返回所写的内容即是服务搭建完成
