CentOS7利用DNS和Nginx代理作內網域名解析
CentOS7利用DNS和Nginx代理作內網域名解析
1,爲了將生產環境和開發區分開,方便開發,將利用DNS和Nginx代理作內網域名解析。html
環境要求:nginx
服務器:CentOS7 64位 IP:192.168.1.49git
DNSvim
Nginx1.1服務器
客戶端:CentOS7 64位 IP:192.168.1.45session
Gitlabcurl
2.1,安裝DNS服務maven
[root@local ~]# yum install bind bind-bind-libside
2.2,修改/etc/named.conf配置文件測試
[root@local ~]#vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1; };//開啓監聽端口53,接受任意IP鏈接
// listen-on-v6 port 53 { ::1; };//支持IP V6
directory "/var/named";//全部的正向反向區域文件都在這個目錄下建立
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };//容許IP查詢
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
// pid-file "/run/named/named.pid";
// session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
注:註釋掉以上信息
啓動DNS服務
[root@local ~]#systemctl start named.service
查看端口是否啓用
[root@local ~]#ss -tunl | grep :53
2.3,編輯/etc/named.rfc1912.zones配置文件,在文件尾部添加如下行
[root@local ~]#vim /etc/named.rfc1912.zones
zone "local.yaok.com" IN {
type master;
file "local.yaok.com.zone";
};
重讀配置文件
[root@local ~]#rndc reload
查看DNS狀態
[root@local ~]#rndc status
2.4編輯/var/named/local.yaok.com.zone 配置文件
[root@local ~]# vim /var/named/local.yaok.com.zone
檢查配置文件語法錯誤,沒有語法錯誤
[root@local ~]# named-checkzone "local.yaok.com" /var/named/local.yaok.com.zone
進入/var/named/目錄
[root@local ~]# cd /var/named/
更改local.yaok.com.zone 的改組爲named
[root@local named]# chown :named local.yaok.com.zone
修改local.yaok.com.zone 文件權限爲640
[root@local named]# chmod 640 local.yaok.com.zone
重讀配置文件
[root@local ~]#rndc reload
配置域名解析是否正確,能夠正常解析
[root@local named]# dig -t A local.yaok.com @192.168.1.49
3.1,安裝Nginx
[root@local ~]# yum install niginx
啓動Nginx服務
[root@local ~]# /usr/sbin/nginx
查看80端口是否正常啓動
[root@local ~]# ss -tunl |grep 80
先備份nginx.conf配置文件
[root@local ~]#cp /etc/nginx/nginx.conf{,.bak}
3.2,修改nginx.conf配置文件
[root@local ~]# vim /etc/nginx/nginx.conf
添加如下配置文件
upstream server {
server 192.168.1.45;
}
server {
listen 80;
server_name git.local.yaok.com;
location / {
proxy_pass http://server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
測試Nginx語法是否有錯
[root@local usr]# sbin/nginx -t
重讀Nginx配置文件
[root@local usr]#sbin/nginx -s reload
3.3,檢測訪問結果是否正確
[root@local usr]# curl -i http://git.local.yaok.com
4,使用客戶端來訪問
3.4,修改nginx.conf配置文件
[root@local ~]# vim /etc/nginx/nginx.conf
upstream mavenserver {
server 192.168.0.6;
}
#maven
server {
listen 80;
server_name maven.yaok.com;
#root /nexus/index.html;
location / {
proxy_pass http://192.168.0.6:8081;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- 1. dns域名解析和反向代理
- 2. Linux配置內網DNS、域名解析
- 3. linux dns server bind9 內網域名解析
- 4. DNS域名解析理解
- 5. 搭建nginx反向代理用作內網域名轉發
- 6. nginx反向代理用作內網域名轉發
- 7. DNS域名解析原理
- 8. CentOS7配置域名解析服務DNS
- 9. CentOS7 配置Dns域名解析器
- 10. DNS域名解析
- 更多相關文章...
- • 網站 域名 - 網站主機教程
- • Spring中Bean的作用域 - Spring教程
- • 互聯網組織的未來:剖析GitHub員工的任性之源
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 升級Gradle後報錯Gradle‘s dependency cache may be corrupt (this sometimes occurs
- 2. Smarter, Not Harder
- 3. mac-2019-react-native 本地環境搭建(xcode-11.1和android studio3.5.2中Genymotion2.12.1 和VirtualBox-5.2.34 )
- 4. 查看文件中關鍵字前後幾行的內容
- 5. XXE萌新進階全攻略
- 6. Installation failed due to: ‘Connection refused: connect‘安卓studio端口占用
- 7. zabbix5.0通過agent監控winserve12
- 8. IT行業UI前景、潛力如何?
- 9. Mac Swig 3.0.12 安裝
- 10. Windows上FreeRDP-WebConnect是一個開源HTML5代理,它提供對使用RDP的任何Windows服務器和工作站的Web訪問
- 1. dns域名解析和反向代理
- 2. Linux配置內網DNS、域名解析
- 3. linux dns server bind9 內網域名解析
- 4. DNS域名解析理解
- 5. 搭建nginx反向代理用作內網域名轉發
- 6. nginx反向代理用作內網域名轉發
- 7. DNS域名解析原理
- 8. CentOS7配置域名解析服務DNS
- 9. CentOS7 配置Dns域名解析器
- 10. DNS域名解析