CentOS7利用DNS和Nginx代理做内网域名解析

1，为了将生产环境和开发区分开，方便开发，将利用DNS和Nginx代理做内网域名解析。

环境要求：

    服务器：CentOS7 64位  IP:192.168.1.49

         DNS

          Nginx1.1

    客户端：CentOS7 64位 IP：192.168.1.45

        Gitlab

2.1,安装DNS服务

 [root@local ~]# yum install bind bind-bind-libs

2.2,修改/etc/named.conf配置文件

   [root@local ~]#vim /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

options {

//      listen-on port 53 { 127.0.0.1; };//开启监听端口53，接受任意IP连接  

//      listen-on-v6 port 53 { ::1; };//支持IP V6  

        directory       "/var/named";//所有的正向反向区域文件都在这个目录下创建  

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

//      allow-query     { localhost; };//允许IP查询  

        /* 

         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

         - If you are building a RECURSIVE (caching) DNS server, you need to enable 

           recursion. 

         - If your recursive DNS server has a public IP address, you MUST enable access 

           control to limit queries to your legitimate users. Failing to do so will

           cause your server to become part of large scale DNS amplification 

           attacks. Implementing BCP38 within your network would greatly

           reduce such attack surface 

        */

        recursion yes;

        dnssec-enable no;

        dnssec-validation no;

        /* Path to ISC DLV key */

//      bindkeys-file "/etc/named.iscdlv.key";

//      managed-keys-directory "/var/named/dynamic";

//      pid-file "/run/named/named.pid";

//      session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

zone "." IN {

        type hint;

        file "named.ca";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

注：注释掉以上信息

启动DNS服务

   [root@local ~]#systemctl start named.service 

查看端口是否启用

   [root@local ~]#ss -tunl | grep :53

wKioL1fdMzLgWdd6AAAY05NoPs0612.png-wh_50

2.3，编辑/etc/named.rfc1912.zones配置文件，在文件尾部添加以下行

   [root@local ~]#vim /etc/named.rfc1912.zones

zone "local.yaok.com" IN {

        type master;

        file "local.yaok.com.zone";

};

重读配置文件

   [root@local ~]#rndc reload

查看DNS状态

   [root@local ~]#rndc status

wKioL1fdNBfCcki9AAAk35Xh-fA225.png-wh_50

2.4编辑/var/named/local.yaok.com.zone 配置文件

   [root@local ~]# vim /var/named/local.yaok.com.zone 

wKiom1fdNHmBtSjcAAAce-cfIYI940.png-wh_50

检查配置文件语法错误，没有语法错误

 [root@local ~]# named-checkzone "local.yaok.com" /var/named/local.yaok.com.zone

wKioL1fdNPzQTteLAAAThqDfHN0073.png-wh_50

进入/var/named/目录

   [root@local ~]# cd /var/named/

更改local.yaok.com.zone 的改组为named

   [root@local named]# chown :named local.yaok.com.zone 

修改local.yaok.com.zone 文件权限为640

   [root@local named]# chmod 640 local.yaok.com.zone

 重读配置文件

   [root@local ~]#rndc reload

配置域名解析是否正确，可以正常解析

 [root@local named]# dig -t A local.yaok.com @192.168.1.49

wKiom1fdNjuiThU3AABd1omc1GQ867.png-wh_50

3.1，安装Nginx

 [root@local ~]# yum install niginx

启动Nginx服务

 [root@local ~]# /usr/sbin/nginx

查看80端口是否正常启动

[root@local ~]# ss -tunl |grep 80

wKioL1fdNyvQfmNrAAAK8txH2nc736.png-wh_50

先备份nginx.conf配置文件

 [root@local ~]#cp /etc/nginx/nginx.conf{,.bak}

3.2，修改nginx.conf配置文件

 [root@local ~]# vim /etc/nginx/nginx.conf

添加以下配置文件

 upstream server {

       server 192.168.1.45;

     }

 server {

  listen    80;

  server_name  git.local.yaok.com;

  location / {

   proxy_pass http://server;

   proxy_redirect off;

   proxy_set_header Host $host;

   proxy_set_header X-Real-IP $remote_addr;

   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        }

   }

测试Nginx语法是否有错

 [root@local usr]# sbin/nginx -t

wKiom1fdOKnCzpZDAAAZc3Au5Vg566.png-wh_50

重读Nginx配置文件

 [root@local usr]#sbin/nginx -s reload

3.3,检测访问结果是否正确

 [root@local usr]# curl -i http://git.local.yaok.com

wKioL1fdORHRieZQAABeAwaZ9D8740.png-wh_50

4，使用客户端来访问

wKioL1fdOYjzDMdHAADVUmXah2Q074.png-wh_50

3.4，修改nginx.conf配置文件

 [root@local ~]# vim /etc/nginx/nginx.conf

 upstream mavenserver {

         server 192.168.0.6;

     }

  #maven

  server {

   listen    80;

   server_name  maven.yaok.com;

   #root  /nexus/index.html;   

  location / {

   proxy_pass http://192.168.0.6:8081;

   proxy_redirect off;

   proxy_set_header Host $host;

   proxy_set_header X-Real-IP $remote_addr;

   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        }

   }

wKioL1feVqnTOw_-AAICSKUMm4w161.png-wh_50

©著作权归作者所有：来自51CTO博客作者sqtce的原创作品，如需转载，请注明出处，否则将追究法律责任

CentOS7利用DNS和Nginx代理