运行环境:
Serve-web 192.168.48.130
Serve-NFS-DNS 192.168.48.131
业务需求:
Serve-NFS-DNS配置NFS和DNS,将博客网站资源分享给Serveb-web
Serve-web,配置web服务,通过域名www.openlab.com可以访问到自建的博客网站
1.准备工作
1.1恢复快照
1.2配置静态ip
主机192.168.37.130
[root@server xiaoyun]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.37.130/24 ipv4.gateway 192.168.37.2 ipv4.dns 114.114.114.114
[root@server xiaoyun]# nmcli c reload
[root@server xiaoyun]# nmcli c up ens160
主机192.168.37.131
[root@client anuo]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.37.131/24 ipv4.gateway 192.168.37.2 ipv4.dns 114.114.114.114
[root@client ~]# nmcli c reload
[root@client ~]# nmcli c up ens160
2.2修改主机名和hosts映射
[root@server xiaoyun]# hostnamectl set-hostname Server-web
[root@server xiaoyun]# vim /etc/hosts
[root@server xiaoyun]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 Server-web
192.168.37.130 Server-web
192.168.37.131 Server-NFS-DNS
[root@server xiaoyun]# reboot
[root@client anuo]# hostnamectl set-hostname Server-NFS-DNS
[root@client anuo]# vim /etc/hosts
[root@client anuo]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 Server-web
192.168.37.130 Server-web
192.168.37.131 Server-NFS-DNS
[root@client anuo]# reboot
2.3开启防火墙
两台机子都执行
[root@Server-web ~]# systemctl restart firewalld
2.4selinux设置
[root@Server-web ~]# setenforce 0
[root@Server-NFS-DNS ~]# setenforce 1
2.5配置ssh免密登录
[root@Server-web ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:xg2k7wg17ymO9dvwVLkTVKi0NfvlkwWwqWDsot5e4dM root@Server-web
The key's randomart image is:
+---[RSA 3072]----+
| . .o. |
| + . ++. |
| + =. ++o . |
| . B +oo.. o|
| . . S o +. oo|
| o B + . o.o.|
| . + O E o .|
| . = + * . |
| o.+ o.o |
+----[SHA256]-----+
[root@Server-web ~]# ssh-copy-id 192.168.37.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.37.131 (192.168.37.131)' can't be established.
ED25519 key fingerprint is SHA256:hinCsuqKRLFj66LvSqSx2zo120RIgi7lG/k75y6Wx/Q.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.37.131's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.37.131'"
and check to make sure that only the key(s) you wanted were added.
[root@Server-NFS-DNS ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:mcaa46d+AV1pkZ/G3BFQNB+TYv4yq1TFXyONvHWXQK8 root@Server-NFS-DNS
The key's randomart image is:
+---[RSA 3072]----+
| .+o*=+.|
| = .oB++|
| . o +o*.X=|
| ...o *.B *|
| .S . E. .|
| +. .o . |
| + . . + |
| . .o . . |
| .++ .. |
+----[SHA256]-----+
[root@Server-NFS-DNS ~]# ssh-copy-id 192.168.37.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.37.130 (192.168.37.130)' can't be established.
ED25519 key fingerprint is SHA256:KItwbszP0WRE0ARngFqalx2yJxUWwsTFvPpY4qtyVrs.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: 192.168.37.128
~/.ssh/known_hosts:4: 192.168.37.100
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.37.130's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.37.130'"
and check to make sure that only the key(s) you wanted were added.
[root@Server-NFS-DNS ~]# ssh 192.168.37.130
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Tue Oct 24 16:25:24 2023 from 192.168.37.1
[root@Server-web ~]# exit
注销
Connection to 192.168.37.130 closed.
2.6配置时间服务器
Chrony是一个开源自由的网络时间协议 NTP 的客户端和服务器软件。
使系统主机的时间与时间服务器的时间同步
Chrony由两个程序组成:chronyd(后台运行的守护进程)和chronyc(用户界面)
两台机子都操作
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst #只需修改这一行
[root@Server-web ~]# systemctl restart chronyd
[root@Server-web ~]# chronyc source -v #显示正在使用的 NTP 源服务器的详细状态,以及每个服务器的状态和时间偏移量
[root@Server-web ~]# timedatectl status #查看当前时间/日期/时区
2.环境搭建
2.1Server-web端安装LAMP环境软件
[root@Server-web yum.repos.d]# yum install httpd mariadb-server php* -y
2.2Server-NFS-DNS安装博客软件
在https://cn.wordpress.org/download/下载压缩文件wordpress-6.3.2-zh_CN.zip
通过xftp上传到根目录下,并解压
[root@Server-NFS-DNS wordpress]# unzip wordpress-6.3.2-zh_CN.zip
[root@Server-NFS-DNS /]# cd wordpress/
[root@Server-NFS-DNS wordpress]# ls
index.php wp-admin wp-content wp-load.php wp-signup.php
license.txt wp-blog-header.php wp-cron.php wp-login.php wp-trackback.php
readme.html wp-comments-post.php wp-includes wp-mail.php xmlrpc.php
wp-activate.php wp-config-sample.php wp-links-opml.php wp-settings.php
2.3Server-NFS-DNS设置DNS共享
将Server-NFS-DNS根目录下的/workpress共享给Sever-Web
[root@Server-NFS-DNS ~]# yum install rpcbind -y
[root@Server-NFS-DNS ~]# yum install nfs-utilsu -y
[root@Server-NFS-DNS ~]# yum install nfs-utils -y
[root@Server-NFS-DNS ~]# vim /etc/exports #修改配置文件
[root@Server-NFS-DNS ~]# cat /etc/exports
/wordpress 192.168.37.130(rw,sync,all_squash)
[root@Server-NFS-DNS ~]# chmod -Rf 777 /wordpress #设置权限
-R : 对目前目录下的所有文件与子目录进行相同的权限变更(即以递归的方式逐个变更)
[root@Server-NFS-DNS ~]# systemctl restart --now firewalld #防火墙添加服务放行
[root@Server-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-service=mountd
[root@Server-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-service=rpc-bind
[root@Server-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-service=nfs
[root@Server-NFS-DNS ~]# firewall-cmd --reload
[root@Server-NFS-DNS ~]# systemctl restart rpcbind #启动服务
[root@Server-NFS-DNS ~]# systemctl restart nfs-server
[root@Server-NFS-DNS ~]# chcon -t httpd_sys_content_t /wordpress -Rv #设置selinux上下文策略
2.4Serve-Web挂载远程目录
[root@Server-web ~]# yum install rpcbind -y
[root@Server-web ~]# yum install nfs-utils -y
[root@Server-web ~]# showmount -e 192.168.37.131 #显示NFS服务器上所有的共享目录
Export list for 192.168.37.131:
/wordpress 192.168.37.130
[root@Server-web ~]# mkdir /wp #新建本地挂载目录
[root@Server-web ~]# mount -t nfs 192.168.37.131:/wordpress /wp
[root@Server-web ~]# cd /wp
[root@Server-web wp]# ls
index.php wp-config-sample.php wp-mail.php
license.txt wp-content wp-settings.php
readme.html wp-cron.php wp-signup.php
wp-activate.php wp-includes wp-trackback.php
wp-admin wp-links-opml.php xmlrpc.php
wp-blog-header.php wp-load.php
wp-comments-post.php wp-login.php
2.5httpd设置
[root@Server-web wp]# cd ~
[root@Server-web ~]# firewall-cmd --permanent --zone public --add-service=http
success #http服务放行
[root@Server-web ~]# firewall-cmd --reload
success
[root@Server-web ~]# vim /etc/httpd/conf/httpd.conf #修改http配置文件
124 DocumentRoot "/wp"
129 <Directory "/wp">
2.6修改wordpress配置文件
[root@Server-web ~]# cd /wp
[root@Server-web wp]# cp wp-config-sample.php wp-config.php # 根据模板拷贝配置文件
[root@Server-web wp]# vim wp-config
wp-config.php wp-config-sample.php
[root@Server-web wp]# vim wp-config.php
# 定位23行修改后半部分
define('DB_NAME', 'wordpress'); # WordPress数据库的名称
define( 'DB_USER', 'test1' ); # MySQL数据库用户名
define('DB_PASSWORD', '123456'); # MySQL数据库密码
2.7启动数据库
[root@Server-web wp]# cd ~
[root@Server-web ~]# systemctl start mysqld
2.8在数据库中创建数据库和用户,并重启数据库和http服务
MariaDB [(none)]> create database wordpress; #创建数据库
MariaDB [(none)]> create user 'test1'@'localhost' identified by '123456'; #第一
个''为数据库账号,@后面的''内容为数据库可以登录的地址,localhost意为只能本机登录。用户和密码与
wordpress配置文件一样
MariaDB [(none)]> grant all on wordpress.* to 'test1'@'localhost'; # 给用户授权
MariaDB [(none)]> exit
[root@Server-web ~]# systemctl restart httpd
[root@Server-web ~]# systemctl restart mariadb.service
6.测试
6.1在Server-NFS-DNS端配置DNS
原则:www.openlab.com 正向解析为 192.168.37.130
[root@Server-NFS-DNS ~]# cd ~
[root@Server-NFS-DNS ~]# yum install bind -y
[root@Server-NFS-DNS ~]# firewall disable --now firewalld
[root@Server-NFS-DNS ~]# systemctl start named
6.2编辑主配置文件
[root@Server-NFS-DNS named]# vim /etc/named.conf
[root@Server-NFS-DNS named]# cat /etc/named.conf
options{
listen-on port 53 {any;};
directory "/var/named";
allow-query {any;};
};
#修改区域配置文件
zone "openlab.com" IN {
type master;
file "openlab.com.zone";
};
6.3新建区域数据文件并配置解析
[root@Server-NFS-DNS ~]# cd /var/named
[root@Server-NFS-DNS named]# cp -a named.localhost openlab.com.zone
[root@Server-NFS-DNS named]# cat /var/named/openlab.com.zone
$TTL 1D
@ IN SOA openlab.com. adimin.openlab.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.openlab.com.
ns IN A 192.168.37.130
www IN A 192.168.37.130
bbs IN A 192.168.37.130
[root@Server-NFS-DNS named]# systemctl restart named
测试:将Server-Web端的DNS改为192.168.48.131后输入www.openlab.com域名访问
[root@Server-web wp]# vim /etc/NetworkManager/system-connections/ens160.nmconnection
dns=192.168.37.131