于嘉桐,黄蓉h版系列第116部分,真理罗恩
part.0 使用背景
公司内网服务器不能直接通过internet上网,但为了与外网通信和同步时间等,会指定那么几台服务器可以访问internet。这里就是通过能上网的机器作为代理,制作内网使用的yum仓库。
part.1 环境
内网dns(推荐,非必须,因为可使用ip代替)
一台能上internet的服务器a
不能上internet的服务器能与a服务器通信
part.2 nginx安装
在可连接外网的a中安装nginx
yum install nginx
part.3 nginx配置
在主机a中添加nginx配置
$ cd /etc/nginx/conf.d $ vim proxy.conf
我要评论
server {
listen 80;
#listen [::]:80;
server_name mirrors.yourdomain.com;
index index.htm index.php default.html default.htm default.php;
root /home/wwwroot/html;
location /ubuntu/ {
proxy_pass http://mirrors.aliyun.com/ubuntu/ ;
}
location /centos/ {
proxy_pass http://mirrors.aliyun.com/centos/ ;
}
location /epel/ {
proxy_pass http://mirrors.aliyun.com/epel/ ;
}
}
part.4 配置yum repo 源
修改无法连接外网的主机b 的repo文件。
$ cat /etc/yum.repos.d/centos-7.repo
[base] name=centos-$releasever - base - mirrors.yourdomain.com failovermethod=priority baseurl=http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os gpgcheck=1 gpgkey=http://mirrors.yourdomain.com/centos/rpm-gpg-key-centos-7 #released updates [updates] name=centos-$releasever - updates - mirrors.yourdomain.com failovermethod=priority baseurl=http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates gpgcheck=1 gpgkey=http://mirrors.yourdomain.com/centos/rpm-gpg-key-centos-7 #additional packages that may be useful [extras] name=centos-$releasever - extras - mirrors.yourdomain.com failovermethod=priority baseurl=http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras gpgcheck=1 gpgkey=http://mirrors.yourdomain.com/centos/rpm-gpg-key-centos-7 #additional packages that extend functionality of existing packages [centosplus] name=centos-$releasever - plus - mirrors.yourdomain.com failovermethod=priority baseurl=http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus gpgcheck=1 enabled=0 gpgkey=http://mirrors.yourdomain.com/centos/rpm-gpg-key-centos-7 #contrib - packages by centos users [contrib] name=centos-$releasever - contrib - mirrors.yourdomain.com failovermethod=priority baseurl=http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/ #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib gpgcheck=1 enabled=0 gpgkey=http://mirrors.yourdomain.com/centos/rpm-gpg-key-centos-7
part.5 配置hosts
$ cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.193 mirrors.yourdomain.com # 确保a 主机ip 和后面的反向代理地址
part.6 配置iptables
ping mirrors.yourdomain.com #报错 没有到主机的路由
此时查看b主机中的iptables信息,发现无法访问80,可以在最前添加一条规则。
$ iptables -nvl 8155 28m accept all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate related,established 0 0 accept all -- lo * 0.0.0.0/0 0.0.0.0/0 11761 985k input_direct all -- * * 0.0.0.0/0 0.0.0.0/0 11761 985k input_zones_source all -- * * 0.0.0.0/0 0.0.0.0/0 11761 985k input_zones all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 drop all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate invalid 11756 985k reject all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
$ iptables -i input -p tcp --dport 80 -j accept
part.7 测试是否成功
在b主机中进行,yum makecache操作。来判断是否能进行yum操作。
$ yum clean all $ yum makecache
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对移动技术网的支持。
如对本文有疑问,请在下面进行留言讨论,广大热心网友会与你互动!! 点击进行留言回复
网友评论