EX294 练习环境网址和考题网址不一致问题解决方案
问题现象:
在EX294的考题中经常出现wget获取文件
eg:
http://content/rhel9.0/x86_64/dvd/BaseOS
http://classroom/materials/community-general-5.5.0.tar.gz
但是在 mei he学习在线里面实验环境中的网址都是以server1上的域名来的,做题目时还要单独改,不是很方便
http://server1.lab0.example.com/rhel9/BaseOS
http://server1.lab0.example.com/materials/community-general-5.5.0.tar.gz
怎么解决:
为了解决这个问题,保证和原版考题一样的步骤,需要把http://content 和 http://classroom 重定向到http://server1.lab0.example.com(ip: 172.25.0.254)
以下是针对 server1 的 DNS(named)和 Web 服务器(httpd)的详细配置步骤,确保访问 http://content 和 http://classroom 时能正确解析并指向 server1 的 IP 172.15.0.254,且不会跳转到 server1.lab0.example.com。
1. 配置 DNS(named)
确保 content 和 classroom 的域名解析到 server1 的 IP 172.15.0.254,并避免重定向到 server1.lab0.example.com。
步骤 1.1:在server1上安装和配置 named
# 安装 bind
sudo dnf install bind bind-utils -y
# 启动并启用服务
sudo systemctl enable --now named
步骤 1.2:创建 DNS 区域文件
访问http://content 和 http://classroom 都跳转到http://server1.lab0.example.com,那么我们需要创建2个对应的DNS 区域文件.
ps.这里只需要正向区域文件。
-
创建正向区域文件
lab0.example.com.db:sudo vi /var/named/content.db sudo vi /var/named/classroom.db内容示例:
# content 对应的db内容 $TTL 86400 @ IN SOA ns1.content. admin.content. ( 2025042203 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ; Minimum TTL ) @ IN NS ns1.content. ns1 IN A 172.25.0.254 @ IN A 172.25.0.254 # classroom 对应的db内容 $TTL 86400 @ IN SOA ns1.classroom. admin.classroom. ( 2025042201 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 86400 ; Minimum TTL ) @ IN NS ns1.classroom. ns1 IN A 172.25.0.254 @ IN A 172.25.0.254 -
创建反向区域文件
xx.xx.in-addr.arpa.db(可选,如需反向解析):
步骤 1.3:配置 named.conf
sudo vi /etc/named.conf
在 options 块中添加监听地址:
options {
listen-on port 53 { any; }; #为了安全考虑,这里可以指定具体的监听IP, 用any时偷懒的
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; }; # 允许所有客户端查询,这个必须要,不然客户端都是REFUSED
};
在 zone 块中添加正向和反向区域:
zone "classroom" IN {
type master;
file "classroom.db";
allow-update { none; };
allow-query { any; }; # 这里也是需要允许query的
};
zone "content" IN {
type master;
file "content.db";
allow-update { none; };
allow-query { any; };
};
步骤 1.4:验证 DNS 配置
# 检查语法
sudo named-checkconf
sudo named-checkzone lab0.example.com /var/named/lab0.example.com.db
# 重启服务
sudo systemctl restart named
步骤 1.5:客户端添加DNS server IP
从客户端node1 加上nameserver
cat /etc/resolv.conf
nameserver 172.25.0.254 # server1 的 IP
如果未生效,手动设置:
sudo nmcli con mod "你的网络连接名称" ipv4.dns 172.25.0.254
sudo nmcli con up "你的网络连接名称"
2. 配置 Web 服务器(httpd)
确保 content 和 classroom 的域名请求不会重定向到 server1.lab0.example.com。
步骤 2.1:安装和配置 httpd
sudo dnf install httpd -y
sudo systemctl enable --now httpd
步骤 2.2:创建虚拟主机配置文件
为 content 和 classroom 创建配置文件:
-
创建
classroom的虚拟主机:sudo vi /etc/httpd/conf.d/classroom.conf内容示例:
<VirtualHost *:80> ServerName classroom ServerAlias content # 配置一个别名这样都可以用这个文件了 DocumentRoot /var/www/html # 这里就不要重定向了,不然后面wget文件的时候会出现循环重定向,超过20次后失败 # Redirect permanent / http://server1.lab0.example.com/ </VirtualHost> -
创建默认虚拟主机(可选):
sudo vi /etc/httpd/conf.d/default.conf内容示例:
<VirtualHost *:80> ServerName server1.lab0.example.com DocumentRoot /var/www/html ErrorLog /var/log/httpd/server1-error.log CustomLog /var/log/httpd/server1-access.log combined </VirtualHost>
步骤 2.3:创建文档根目录
# 实验环境已经存在,不需要创建了
sudo mkdir -p /var/www/html
sudo chown -R apache:apache /var/www/html
步骤 2.4:验证配置
sudo apachectl configtest
sudo systemctl restart httpd
3. 测试配置
3.1 DNS 解析测试
# 在 node1 上测试解析
dig content
nslookup content
期望输出:
[greg@control ansible]$ nslookup content
Server: 172.25.0.254
Address: 172.25.0.254#53
Name: content
Address: 172.25.0.254
[greg@control ansible]$ dig content
; <<>> DiG 9.16.23-RH <<>> content
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40887
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d529ed611bfc45b90100000068070aabcb4be9a08a16db19 (good)
;; QUESTION SECTION:
;content. IN A
;; ANSWER SECTION:
content. 86400 IN A 172.25.0.254
;; Query time: 1 msec
;; SERVER: 172.25.0.254#53(172.25.0.254)
;; WHEN: Tue Apr 22 11:19:10 CST 2025
;; MSG SIZE rcvd: 80
3.2 Web 服务测试
# 在 node1 上访问
curl -v http://content.lab0.example.com
curl -v http://classroom.lab0.example.com
期望响应:
[greg@control ansible]$ curl -i http://content/materials/
HTTP/1.1 200 OK
Date: Tue, 22 Apr 2025 03:19:30 GMT
Server: Apache/2.4.53 (Red Hat Enterprise Linux)
Content-Length: 3635
Content-Type: text/html;charset=ISO-8859-1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /materials</title>
</head>
<body>
<h1>Index of /materials</h1>
<table>
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/">Parent Directory</a> </td><td> </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/compressed.gif" alt="[ ]"></td><td><a href="ansible-posix-1.5.1.tar.gz">ansible-posix-1.5.1...></a></td><td align="right">2023-02-11 18:27 </td><td align="right">171K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/compressed.gif" alt="[ ]"></td><td><a href="community-general-6.3.0.tar.gz">community-general-6...></a></td><td align="right">2023-02-11 18:48 </td><td align="right">2.2M</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/compressed.gif" alt="[ ]"></td><td><a href="community-proxysql-1.5.1.tar.gz">community-proxysql-1..></a></td><td align="right">2023-02-10 20:48 </td><td align="right"> 75K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/compressed.gif" alt="[ ]"></td><td><a href="community-rabbitmq-1.2.3.tar.gz">community-rabbitmq-1..></a></td><td align="right">2023-02-10 20:44 </td><td align="right"> 97K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/compressed.gif" alt="[ ]"></td><td><a href="community-zabbix-1.9.1.tar.gz">community-zabbix-1.9..></a></td><td align="right">2023-02-10 20:48 </td><td align="right">288K</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="hardware.empty">hardware.empty</a> </td><td align="right">2025-04-21 15:48 </td><td align="right">117 </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="hosts.j2">hosts.j2</a> </td><td align="right">2021-07-13 18:14 </td><td align="right">158 </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="hosts.yml">hosts.yml</a> </td><td align="right">2025-04-21 08:46 </td><td align="right">221 </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="name_list.yml">name_list.yml</a> </td><td align="right">2021-07-13 18:14 </td><td align="right">141 </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="rhel-system-roles-1.20.1-1.el9_1.noarch.rpm">rhel-system-roles-1...></a></td><td align="right">2025-04-03 22:53 </td><td align="right">2.0M</td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="salaries.yml">salaries.yml</a> </td><td align="right">2025-04-21 17:24 </td><td align="right">419 </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="topsec.yml">topsec.yml</a> </td><td align="right">2023-02-12 03:48 </td><td align="right">419 </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/unknown.gif" alt="[ ]"></td><td><a href="user_list.yml">user_list.yml</a> </td><td align="right">2025-04-21 16:37 </td><td align="right">380 </td><td> </td></tr>
<tr><th colspan="5"><hr></th></tr>
</table>
</body></html>
4. 防火墙配置
确保 server1 允许 HTTP 和 DNS 流量:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=dns
sudo firewall-cmd --reload
PS. 有问题记得用journalctl 查看日志,然后喂给AI问,我用的通义,还不错。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
