CentOS7利用DNS和Nginx代理做内网域名解析
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CentOS7利用DNS和Nginx代理做内网域名解析相关的知识,希望对你有一定的参考价值。
1,为了将生产环境和开发区分开,方便开发,将利用DNS和Nginx代理做内网域名解析。
环境要求:
服务器:CentOS7 64位 IP:192.168.1.49
DNS
nginx1.1
客户端:CentOS7 64位 IP:192.168.1.45
Gitlab
2.1,安装DNS服务
[[email protected] ~]# yum install bind bind-bind-libs
2.2,修改/etc/named.conf配置文件
[[email protected] ~]#vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1; };//开启监听端口53,接受任意IP连接
// listen-on-v6 port 53 { ::1; };//支持IP V6
directory "/var/named";//所有的正向反向区域文件都在这个目录下创建
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };//允许IP查询
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
// pid-file "/run/named/named.pid";
// session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
注:注释掉以上信息
启动DNS服务
[[email protected] ~]#systemctl start named.service
查看端口是否启用
[[email protected] ~]#ss -tunl | grep :53
2.3,编辑/etc/named.rfc1912.zones配置文件,在文件尾部添加以下行
[[email protected] ~]#vim /etc/named.rfc1912.zones
zone "local.yaok.com" IN {
type master;
file "local.yaok.com.zone";
};
重读配置文件
[[email protected] ~]#rndc reload
查看DNS状态
[[email protected] ~]#rndc status
2.4编辑/var/named/local.yaok.com.zone 配置文件
[[email protected] ~]# vim /var/named/local.yaok.com.zone
检查配置文件语法错误,没有语法错误
[[email protected] ~]# named-checkzone "local.yaok.com" /var/named/local.yaok.com.zone
进入/var/named/目录
[[email protected] ~]# cd /var/named/
更改local.yaok.com.zone 的改组为named
[[email protected] named]# chown :named local.yaok.com.zone
修改local.yaok.com.zone 文件权限为640
[[email protected] named]# chmod 640 local.yaok.com.zone
重读配置文件
[[email protected] ~]#rndc reload
配置域名解析是否正确,可以正常解析
[[email protected] named]# dig -t A local.yaok.com @192.168.1.49
3.1,安装Nginx
[[email protected] ~]# yum install niginx
启动Nginx服务
[[email protected] ~]# /usr/sbin/nginx
查看80端口是否正常启动
[[email protected] ~]# ss -tunl |grep 80
先备份nginx.conf配置文件
[[email protected] ~]#cp /etc/nginx/nginx.conf{,.bak}
3.2,修改nginx.conf配置文件
[[email protected] ~]# vim /etc/nginx/nginx.conf
添加以下配置文件
upstream server {
server 192.168.1.45;
}
server {
listen 80;
server_name git.local.yaok.com;
location / {
proxy_pass http://server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
测试Nginx语法是否有错
[[email protected] usr]# sbin/nginx -t
重读Nginx配置文件
[[email protected] usr]#sbin/nginx -s reload
3.3,检测访问结果是否正确
[[email protected] usr]# curl -i http://git.local.yaok.com
4,使用客户端来访问
以上是关于CentOS7利用DNS和Nginx代理做内网域名解析的主要内容,如果未能解决你的问题,请参考以下文章