CentOS9 Openresty代理Bind主从配置

操作系统	IP	服务
CentOS9	192.168.8.73	Bind服务
CentOS9	192.168.8.74	Bind服务
CentOS9	192.168.8.71	openresty代理
CentOS9	192.168.8.72	openresty代理

1. 第一步下载openresty安装包

wget -c https://openresty.org/download/openresty-1.25.3.1.tar.gz

1. 第二步解压软件包到opt目录下

[root@bind-m-74 opt]# tar xf openresty-1.25.3.1.tar.gz

1. 下载缺少的依赖包

yum -y install perl-devel openssl-devel pcre-devel gcc gcc-c++ autoconf make zlib-devel 

1. 编译安装openresty依赖包

./configure ; echo $?

1. 编译完成后继续安装到没有报错就完成安装了。

 make && make install ; echo $?

1. 进入到编译安装完成的目录中：

cd /usr/local/openresty

1. 进入到70 主的配置文件中：

[root@bind-m-74 conf]# cat /usr/local/openresty/nginx/conf/nginx.conf

#user  nobody;

worker_processes  1;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

    #                  '$status $body_bytes_sent "$http_referer" '

    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;

    #tcp_nopush     on;

    #keepalive_timeout  0;

    keepalive_timeout  65;

    #gzip  on;

    server {

        listen       80;

        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {

            root   html;

            index  index.html index.htm;

        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html

        #

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80

        #

        #location ~ \.php$ {

        #    proxy_pass   http://127.0.0.1;

        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

        #

        #location ~ \.php$ {

        #    root           html;

        #    fastcgi_pass   127.0.0.1:9000;

        #    fastcgi_index  index.php;

        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

        #    include        fastcgi_params;

        #}

        # deny access to .htaccess files, if Apache's document root

        # concurs with nginx's one

        #

        #location ~ /\.ht {

        #    deny  all;

        #}

    }

    # another virtual host using mix of IP-, name-, and port-based configuration

    #

    #server {

    #    listen       8000;

    #    listen       somename:8080;

    #    server_name  somename  alias  another.alias;

    #    location / {

    #        root   html;

    #        index  index.html index.htm;

    #    }

    #}

    # HTTPS server

    #

    #server {

    #    listen       443 ssl;

    #    server_name  localhost;

    #    ssl_certificate      cert.pem;

    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;

    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;

    #    ssl_prefer_server_ciphers  on;

    #    location / {

    #        root   html;

    #        index  index.html index.htm;

    #    }

    #}

}

stream {

 upstream bind-ms {

 server 192.168.8.73:53;

 server 192.168.8.74:53;

# access_log logs/proxy-bind-access.log ;

# error_log logs/proxy-bind-error.log error;

 }

 server {

 listen 53 udp;

 proxy_pass bind-ms;

 proxy_timeout 120s;

# access_log logs/proxy-bind-access.log ;

 error_log logs/proxy-bind-error.log error;

 }

}

2.Openrestry从的主配置：

[root@zabbixguo130 conf]# cat nginx.conf

#user  nobody;

worker_processes  1;

#error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

    #                  '$status $body_bytes_sent "$http_referer" '

    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;

    #tcp_nopush     on;

    #keepalive_timeout  0;

    keepalive_timeout  65;

    #gzip  on;

#    server {

#       listen       80;

#        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

#        location / {

#            root   html;

#            index  index.html index.htm;

#       }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html

        #

#        error_page   500 502 503 504  /50x.html;

#        location = /50x.html {

#            root   html;

#        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80

        #

        #location ~ \.php$ {

        #    proxy_pass   http://127.0.0.1;

        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

        #

        #location ~ \.php$ {

        #    root           html;

        #    fastcgi_pass   127.0.0.1:9000;

        #    fastcgi_index  index.php;

        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;

        #    include        fastcgi_params;

        #}

        # deny access to .htaccess files, if Apache's document root

        # concurs with nginx's one

        #

        #location ~ /\.ht {

        #    deny  all;

        #}

#    }

    # another virtual host using mix of IP-, name-, and port-based configuration

    #

    #server {

    #    listen       8000;

    #    listen       somename:8080;

    #    server_name  somename  alias  another.alias;

    #    location / {

    #        root   html;

    #        index  index.html index.htm;

    #    }

    #}

    # HTTPS server

    #

    #server {

    #    listen       443 ssl;

    #    server_name  localhost;

    #    ssl_certificate      cert.pem;

    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;

    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;

    #    ssl_prefer_server_ciphers  on;

    #    location / {

    #        root   html;

    #        index  index.html index.htm;

    #    }

    #}

}

stream {

 upstream bind-ms {

 server 192.168.8.140:53;

 server 192.168.8.141:53;

# access_log logs/proxy-bind-access.log ;

# error_log logs/proxy-bind-error.log error;

 }

 server {

 listen 53 udp;

 proxy_pass bind-ms;

 proxy_timeout 120s;

# access_log logs/proxy-bind-access.log ;

 error_log logs/proxy-bind-error.log error;

 }

}

74最后测试没问题

root@localhost openresty-1.25.3.1]# dig www.guomc.com @192.168.8.74

; <<>> DiG 9.16.23-RH <<>> www.guomc.com @192.168.8.74

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9671

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: 007304b61ca0838e0100000065afa306c1aac70cf7cdb798 (good)

;; QUESTION SECTION:

;www.guomc.com. IN A

;; ANSWER SECTION:

www.guomc.com. 7200 IN A 192.168.8.74

www.guomc.com. 7200 IN A 192.168.8.73

;; Query time: 4 msec

;; SERVER: 192.168.8.74#53(192.168.8.74)

;; WHEN: Tue Jan 23 19:29:12 CST 2024

;; MSG SIZE  rcvd: 102

[root@localhost openresty-1.25.3.1]#

73 测试

[root@localhost openresty-1.25.3.1]# dig www.guomc.com @192.168.8.73

; <<>> DiG 9.16.23-RH <<>> www.guomc.com @192.168.8.73

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63818

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: 7fecde1f7d393f840100000065afa2fb0df23893e2778884 (good)

;; QUESTION SECTION:

;www.guomc.com. IN A

;; ANSWER SECTION:

www.guomc.com. 7200 IN A 192.168.8.77

www.guomc.com. 7200 IN A 192.168.8.75

www.guomc.com. 7200 IN A 192.168.8.74

www.guomc.com. 7200 IN A 192.168.8.73

www.guomc.com. 7200 IN A 192.168.8.76

;; Query time: 4 msec

;; SERVER: 192.168.8.73#53(192.168.8.73)

;; WHEN: Tue Jan 23 19:29:00 CST 2024

;; MSG SIZE  rcvd: 150

最后重新启动openrestry