练习四
任务需求:客户端通过访问 www.nihao.com 后,能够通过 dns 域名解析,访问到 nginx 服务中由 nfs 共享的首页文件,内容为:Very good, you have successfully set up the system. 各个主机能够实现时间同步,并且都开启防火墙来保证服务安装。
主机规划
| 作用 | 系统 | IP | 主机名 | 软件 |
|---|---|---|---|---|
| web 服务器 | redhat9.5 | 192.168.72.8 | web | nginx |
| nfs 服务器 | redhat9.5 | 192.168.72.9 | nfs | nfs-utils |
| DNS 主服务器 | redhat9.5 | 192.168.72.18 | dns1 | bind |
| DNS 从服务器 | redhat9.5 | 192.168.72.28 | dns2 | bind |
| 客户端 | redhat9.5 | 192.168.72.7 | client | bind-utils |
此处我们采用 192.168.23.0 网段。
基础配置
# 首先修改好各个虚拟机的主机名称,然后安装对应服务
[root@web ~]# dnf install -y vim net-tools wget curl # 每台都安装
[root@web ~]# dnf install -y nginx
[root@nfs ~]# dnf install -y nfs-utils
[root@dns1 ~]# dnf install -y bind bind-utils
[root@dns2 ~]# dnf install -y bind bind-utils
# 设置SELinux,其他虚拟机同理
[root@web ~]# sed -i "s/^SELINUX=enforcing$/SELINUX=permissive/g" /etc/selinux/config
[root@web ~]# setenforce 0
# IP配置
[root@web ~]# nmcli c modify ens160 ipv4.method manual ipv4.dns 223.5.5.5 ipv4.gateway 192.168.23.2 connection.autoconnect yes
[root@web ~]# nmcli c up ens160
[root@nfs ~]# nmcli c modify ens160 ipv4.method manual ipv4.dns 223.5.5.5 ipv4.gateway 192.168.23.2 connection.autoconnect yes
[root@nfs ~]# nmcli c up ens160
...
# 放行防火墙,全都执行
# 允许 HTTP 和 NFS
[root@web ~]# firewall-cmd --add-service=http --permanent
[root@web ~]# firewall-cmd --add-service=nfs --permanent
# 允许 DNS
[root@web ~]# firewall-cmd --add-service=dns --permanent
[root@web ~]# firewall-cmd --reload 配置 NFS 服务器
# 创建共享目录并设置权限
[root@nfs ~]# mkdir -p /nfs/share
[root@nfs ~]# chmod 777 /nfs/share
[root@nfs ~]# echo "Very good, you have successfully set up the system." > /nfs/share/index.html
# 编辑导出文件
[root@nfs ~]# vim /etc/exports
[root@nfs ~]# cat /etc/exports
/nfs/share 192.168.23.0/24(rw)
# 重启服务并导出共享
[root@server ~]# systemctl restart nfs-server.service
[root@nfs ~]# exportfs -a
# 查看共享列表
[root@nfs ~]# showmount -e 192.168.23.110
Export list for 192.168.23.110:
/nfs/share 192.168.23.0/24
# web 端 挂载 NFS 共享
[root@web ~]# mkdir -p /nfs/data
[root@web ~]# mount 192.168.23.9:nfs/share /nfs/data/
# 查看挂载
[root@web ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
...
192.168.23.110:/nfs/share 45G 1.7G 43G 4% /nfs/data
# 共享成功
[root@web ~]# ls /nfs/data/
index.html配置 Web 服务器
# 创建配置文件
[root@web ~]# vim /etc/nginx/conf.d/nihao.conf
[root@web ~]# cat /etc/nginx/conf.d/nihao.conf
server {
listen 80;
server_name www.nihao.com;
location / {
root /nfs/data/;
index index.html;
}
access_log /var/log/nginx/nihao_access.log;
error_log /var/log/nginx/nihao_error.log;
}
# 验证配置文件是否有效
[root@web ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# 重启 nginx 服务
[root@web ~]# systemctl restart nginx
# 放行 80 端口
[root@web ~]# firewall-cmd --permanent --add-port=80/tcp
success
[root@web ~]# firewall-cmd --reload
success
[root@web ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http nfs ssh
ports: 80/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# 访问测试
[root@web ~]# curl 192.168.23.120
Very good, you have successfully set up the system.
# 在浏览器中访问也可成功配置 DNS 服务器
DNS 主服务器
# 编辑配置文件
[root@dns1 ~]# vim /etc/named.conf
[root@dns1 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.23.18; };
directory "/var/named";
allow-query { any; };
};
zone "nihao.com" IN {
type master;
file "named.nihao";
};
# 创建区域文件
[root@dns1 ~]# vim /var/named/nihao.com
[root@dns1 ~]# cat /var/named/nihao.com
$TTL 1D
@ IN SOA @ admin.nihao.com. (
0
1D
1H
1W
3H
)
IN NS dns1
IN NS dns2
dns1 IN A 192.168.23.18
dns2 IN A 192.168.23.28
www IN A 192.168.23.8
# 检查语法
[root@dns1 ~]# named-checkconf
[root@dns1 ~]# named-checkzone nihao.com /var/named/nihao.com
zone named.nihao/IN: loaded serial 0
OK
# 放行dns服务
[root@dns1 ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns1 ~]# firewall-cmd --reload
success
# 启动服务
[root@dns1 ~]# systemctl start named
# 测试
[root@dns1 ~]# dig -t NS nihao.com @192.168.23.18
; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @192.168.23.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33261
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: e1fff3b55157e8c40100000067dd9bdf6413b426e37b22a7 (good)
;; QUESTION SECTION:
;nihao.com. IN NS
;; ANSWER SECTION:
nihao.com. 86400 IN NS dns2.nihao.com.
nihao.com. 86400 IN NS dns1.nihao.com.
;; ADDITIONAL SECTION:
dns1.nihao.com. 86400 IN A 192.168.23.18
dns2.nihao.com. 86400 IN A 192.168.23.28
;; Query time: 1 msec
;; SERVER: 192.168.23.121#53(192.168.23.18)
;; WHEN: Sat Mar 22 01:03:27 CST 2025
;; MSG SIZE rcvd: 136
[root@dns1 ~]# dig -t A www.nihao.com @localhost
; <<>> DiG 9.16.23-RH <<>> -t A www.nihao.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10479
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 837700d53e1a335f0100000067dda8385100719c201d76dc (good)
;; QUESTION SECTION:
;www.nihao.com. IN A
;; ANSWER SECTION:
www.nihao.com. 86400 IN A 192.168.23.120
;; Query time: 1 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Mar 22 01:56:08 CST 2025
;; MSG SIZE rcvd: 86DNS 从服务器
# 添加相应的从区域配置
[root@dns2 ~]# vim /etc/named.conf
[root@dns2 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.23.28; };
directory "/var/named";
allow-query { any; };
};
zone "nihao.com" IN {
type slave;
file "slaves/nihao.com";
masters { 192.168.23.18; }; # DNS 主服务器的 IP 地址
};
# 检查语法
[root@dns2 ~]# named-checkconf
[root@dns2 ~]# named-checkzone nihao.com /var/named/slaves/nihao.com
zone named.nihao/IN: loaded serial 0
OK
# 放行dns服务
[root@dns2 ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns2 ~]# firewall-cmd --reload
success
# 启动服务
[root@dns2 ~]# systemctl restart named
# 测试
[root@dns2 ~]# dig -t NS nihao.com @192.168.23.28
; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @192.168.23.122
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46829
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 586b1174f309e1a50100000067dd9fd4ef875dd122e0a5a5 (good)
;; QUESTION SECTION:
;nihao.com. IN NS
;; Query time: 1 msec
;; SERVER: 192.168.23.122#53(192.168.23.28)
;; WHEN: Sat Mar 22 01:20:20 CST 2025
;; MSG SIZE rcvd: 66
[root@dns2 ~]# dig -t A www.nihao.com @192.168.23.28
; <<>> DiG 9.16.23-RH <<>> -t A www.nihao.com @192.168.23.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36168
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ef03521d1b3ff5450100000067dda7bd7574cd4fd6911d00 (good)
;; QUESTION SECTION:
;www.nihao.com. IN A
;; ANSWER SECTION:
www.nihao.com. 86400 IN A 192.168.23.8
;; Query time: 1 msec
;; SERVER: 192.168.23.122#53(192.168.23.28)
;; WHEN: Sat Mar 22 01:54:05 CST 2025
;; MSG SIZE rcvd: 86配置时间同步
# 全部主机都执行
[root@web ~]# dnf install -y chrony
[root@web ~]# systemctl start chronyd
# 查看时间状态,可以在 /etc/chrony.conf 中配置适合的 NTP 服务器
[root@web ~]# timedatectl status
Local time: Sat 2025-03-22 00:47:39 CST
Universal time: Fri 2025-03-21 16:47:39 UTC
RTC time: Fri 2025-03-21 16:47:39
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no客户端测试
[root@client ~]# curl http://www.nihao.com
[root@client ~]# ping www.nihao.com
PING game-website-f45.pages.dev (172.66.44.73) 56(84) bytes of data.
64 bytes from 172.66.44.73 (172.66.44.73): icmp_seq=1 ttl=128 time=163 ms
64 bytes from 172.66.44.73 (172.66.44.73): icmp_seq=2 ttl=128 time=164 ms
[root@client ~]# curl 192.168.23.120
Very good, you have successfully set up the system.