首页 > 代码库 > CentOS7利用DNS和Nginx代理做内网域名解析
CentOS7利用DNS和Nginx代理做内网域名解析
1,为了将生产环境和开发区分开,方便开发,将利用DNS和Nginx代理做内网域名解析。
环境要求:
服务器:CentOS7 64位 IP:192.168.1.49
DNS
Nginx1.1
客户端:CentOS7 64位 IP:192.168.1.45
Gitlab
2.1,安装DNS服务
[root@local ~]# yum install bind bind-bind-libs
2.2,修改/etc/named.conf配置文件
[root@local ~]#vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
// listen-on port 53 { 127.0.0.1; };//开启监听端口53,接受任意IP连接
// listen-on-v6 port 53 { ::1; };//支持IP V6
directory "/var/named";//所有的正向反向区域文件都在这个目录下创建
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; };//允许IP查询
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
// bindkeys-file "/etc/named.iscdlv.key";
// managed-keys-directory "/var/named/dynamic";
// pid-file "/run/named/named.pid";
// session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
注:注释掉以上信息
启动DNS服务
[root@local ~]#systemctl start named.service
查看端口是否启用
[root@local ~]#ss -tunl | grep :53
2.3,编辑/etc/named.rfc1912.zones配置文件,在文件尾部添加以下行
[root@local ~]#vim /etc/named.rfc1912.zones
zone "local.yaok.com" IN {
type master;
file "local.yaok.com.zone";
};
重读配置文件
[root@local ~]#rndc reload
查看DNS状态
[root@local ~]#rndc status
2.4编辑/var/named/local.yaok.com.zone 配置文件
[root@local ~]# vim /var/named/local.yaok.com.zone
检查配置文件语法错误,没有语法错误
[root@local ~]# named-checkzone "local.yaok.com" /var/named/local.yaok.com.zone
进入/var/named/目录
[root@local ~]# cd /var/named/
更改local.yaok.com.zone 的改组为named
[root@local named]# chown :named local.yaok.com.zone
修改local.yaok.com.zone 文件权限为640
[root@local named]# chmod 640 local.yaok.com.zone
重读配置文件
[root@local ~]#rndc reload
配置域名解析是否正确,可以正常解析
[root@local named]# dig -t A local.yaok.com @192.168.1.49
3.1,安装Nginx
[root@local ~]# yum install niginx
启动Nginx服务
[root@local ~]# /usr/sbin/nginx
查看80端口是否正常启动
[root@local ~]# ss -tunl |grep 80
先备份nginx.conf配置文件
[root@local ~]#cp /etc/nginx/nginx.conf{,.bak}
3.2,修改nginx.conf配置文件
[root@local ~]# vim /etc/nginx/nginx.conf
添加以下配置文件
upstream server {
server 192.168.1.45;
}
server {
listen 80;
server_name git.local.yaok.com;
location / {
proxy_pass http://server;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
测试Nginx语法是否有错
[root@local usr]# sbin/nginx -t
重读Nginx配置文件
[root@local usr]#sbin/nginx -s reload
3.3,检测访问结果是否正确
[root@local usr]# curl -i http://git.local.yaok.com
4,使用客户端来访问
CentOS7利用DNS和Nginx代理做内网域名解析