客户端通过域名访问，dns解析，nfs共享，访问nginx服务首页内容

综合实验1（web-nginx、nfs-nfs-utils、dns-bind）

任务需求：客户端 通过 访问 www.nihao.com 后，能够 通过 dns 域名解析 ，访问到 nginx 服务 中由 nfs 共享的首页文件 ，内容为：Very good, you have successfully set up the system. 各个 主机能够实现时间同步 ，并且都 开启防火墙来保证服务安装 。

主机规划：

时间同步：

vim /etc/chrony.conf

#定位第3行，删除后添加阿里的时间同步服务地址
server ntp.aliyun.com iburst

systemctl restart chronyd
chronyc sources -v # 多执行几次

timedatect1

[root@client ~]# vim /etc/chrony.conf
[root@client ~]# systemctl restart chronyd
[root@client ~]# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
[root@client ~]# timedatectl
               Local time: Tue 2025-03-18 12:29:38 CST
           Universal time: Tue 2025-03-18 04:29:38 UTC
                 RTC time: Tue 2025-03-18 04:29:37
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: no
              NTP service: active
          RTC in local TZ: no

1. nfs（ip:192.168.88.10）

1. 安装 nfs-utils
   dnf install nfs-utils -y
2. 关闭防火墙，放行selinux，开启服务
   firewall-cmd --permanent --add-service=nfs
   firewall-cmd --reload
   setenforce 0
   systemctl start nfs-server
3. 创建共享目录/nfs/web，配置/etc/exports/nfs/web 192.168.88.40（要共享的主机的IP）
   mkdir /nfs/web -p
   cat > /etc/exports <<EFO
   /nfs/web 192.168.88.40(rw,no_root_squash)
   EFO
4. 重启服务，暴露共享文件showmount -te 192.168.88.10（本机IP=nfs主机IP）
   systemctl restart nfs-server
   showmount -e 192.168.88.10
5. 写首页界面内容 ‘’Very good, you have successfully set up the system.‘’到/nfs/web/
   echo “Very good, you have successfully set up the system.” > /nfs/web/index.html

# 1.安装 nfs-utils
[root@nfs ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@nfs ~]# dnf install nfs-utils -y

# 2.关闭防火墙，放行selinux，开启服务
[root@nfs ~]# firewall-cmd --permanent --add-service=nfs
success
[root@nfs ~]# firewall-cmd --reload 
success
[root@nfs ~]# setenforce 0
[root@nfs ~]# getenforce 0
Permissive
[root@nfs ~]# vim /etc/selinux/config 
[root@nfs ~]# cat /etc/selinux/config 
...
SELINUX=Permissive
# SELINUXTYPE= can take one of these three values:
...
[root@nfs ~]# systemctl start nfs-server
[root@nfs ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
     Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; preset: disabled)
     Active: active (exited) since Tue 2025-03-18 12:41:09 CST; 12s ago
...
 
# 3.创建共享目录，配置 /etc/exports，/nfs/web 192.168.88.40(rw,no_root_squash)（要共享的主机的IP）      
[root@nfs ~]# mkdir /nfs/web -p
[root@nfs ~]# cat > /etc/exports <<EFO
> /nfs/web 192.168.88.40(rw,no_root_squash)
> EFO

# 4.重启服务，暴露共享文件 showmount -te 192.168.88.10（本机IP=nfs主机IP）
[root@nfs ~]# systemctl restart nfs-server
[root@nfs ~]# showmount -e 192.168.88.10
Export list for 192.168.88.10:
/nfs/web 192.168.88.40

# 5.写首页界面内容 ‘’Very good, you have successfully set up the system.‘’到/nfs/web/
#web主机执行挂载，nginx服务启动后，/usr/share/nginx/html/（nginx默认首页文件）为空
[root@server html]# cd /usr/share/nginx/html/
[root@server html]# ls
[root@server html]# ls

[root@nfs web]# echo "Very good, you have successfully set up the system." > /nfs/web/index.html
[root@nfs web]# ls
index.html
#nfs主机写入内容后，web主机同步文件index.html：
[root@server html]# ls
index.html

2. web（ip:192.168.88.40）

1. 安装 nginx 和 nfs
   dnf install nginx nfs-utils -y
2. 关闭防火墙，放行selinux，开启服务
   firewall-cmd --permanent --add-service=http
   firewall-cmd --permanent --add-service=nfs
   firewall-cmd --reload
   setenforce 0
   vim /etc/selinux/config
   systemctl enable --now nginx
   systemctl enable --now nfs-server
3. nginx默认首页目录/usr/share/nginx/html/，执行挂载mount -t nfs 192.168.88.10:/nfs/web /usr/share/nginx/html/
   mount -t nfs 192.168.88.10:/nfs/web /usr/share/nginx/html/
4. 重启服务，放行80端口
   systemctl restart nginx
   firewall-cmd --permanent --add-port=80/tcp
5. 查看是否与nfs主机同步文件 index.html
   cd /usr/share/nginx/html/
   ls

# 1.安装 nginx 和 nfs
[root@server ~]# mount /dev/sr0 /mnt/
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@server ~]# dnf install nginx nfs-utils -y

# 2.关闭防火墙，放行selinux，开启服务
[root@server ~]# firewall-cmd --permanent --add-service=http
success
[root@server html]# firewall-cmd --permanent --add-service=nfs
success
[root@server html]# firewall-cmd --reload 
success
[root@server ~]# setenforce 0
[root@server ~]# getenforce 0
Permissive
[root@server ~]# vim /etc/selinux/config
[root@server ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@server ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
     Active: active (running) since Tue 2025-03-18 12:58:36 CST; 12s ago
...
[root@server html]# systemctl enable --now nfs-server

# 3.nginx默认首页目录 /usr/share/nginx/html/，执行挂载mount -t nfs 192.168.88.10:/nfs/web cd /usr/share/nginx/html/
[root@server ~]# mount -t nfs 192.168.88.10:/nfs/web /usr/share/nginx/html/
[root@server ~]# df /usr/share/nginx/html/
Filesystem             1K-blocks    Used Available Use% Mounted on
192.168.88.10:/nfs/web  46587904 1754880  44833024   4% /usr/share/nginx/html

# 4.重启服务，放行80端口
[root@server nginx]# systemctl restart nginx
[root@server nginx]# firewall-cmd --permanent --add-port=80/tcp
success

# 5.查看是否与nfs主机同步文件index.html
[root@server ~]# cd /usr/share/nginx/html/
[root@server nginx]# ls
[root@server nginx]# ls

[root@nfs web]# echo "Very good, you have successfully set up the system." > /nfs/web/index.html
[root@nfs ~]# cd /nfs/web/
[root@nfs web]# ls
index.html

[root@server nginx]# ls
index.html

3. dns1（ip:192.168.88.20）

1. 安装软件bind
   dnf install bind -y
2. 关闭防火墙，放行selinux，开启服务
   firewall-cmd --permanent --add-service=dns
   firewall-cmd --reload
   setenforce 0
   vim /etc/selinux/config
   systemctl start named
3. 配置/etc/named.conf
   vim /etc/named.conf
4. 写区域数据文件/var/named/nihao.com
   vim /var/named/nihao.com
5. 重启服务，dig解析
   systemctl restart named
   dig -t NS nihao.com @192.168.88.20
   dig -t A www.nihao.com @192.168.88.20

# 1.安装软件bind
[root@master ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@master ~]# dnf install bind -y

# 2.关闭防火墙，放行selinux，开启服务
[root@master ~]# firewall-cmd --permanent --add-service=dns
success
[root@master ~]# firewall-cmd --reload 
success
[root@master ~]# setenforce 0
[root@master ~]# vim /etc/selinux/config 
[root@master ~]# systemctl start named

# 3.配置 /etc/named.conf
[root@master ~]# vim /etc/named.conf 
[root@master ~]# cat /etc/named.conf 
options {
	listen-on port 53 { 192.168.88.20; };
	directory 	"/var/named";
	allow-query     { any; };
};
zone "nihao.com" IN {
	type master;
	file "nihao.com";
};

# 4.写区域数据文件 /var/named/nihao.com
[root@master ~]# vim /var/named/nihao.com
[root@master ~]# cat /var/named/nihao.com
$TTL 	1D
@	IN	SOA	@	admin.nihao.com. (0 1D 2H 3W 2D)
	IN	NS	ns1
	IN	NS	ns2
ns1	IN	A	192.168.88.20
ns2	IN	A	192.168.88.30
www	IN	A	192.168.88.40

# 5.重启服务，dig解析
[root@master ~]# systemctl restart named
[root@master ~]# dig -t NS nihao.com @192.168.88.20

; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @192.168.88.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15782
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 29cb025ea2132c870100000067d91a0b29a018c3b1a57d7c (good)
;; QUESTION SECTION:
;nihao.com.			IN	NS

;; ANSWER SECTION:
nihao.com.		86400	IN	NS	ns1.nihao.com.
nihao.com.		86400	IN	NS	ns2.nihao.com.

;; ADDITIONAL SECTION:
ns1.nihao.com.		86400	IN	A	192.168.88.20
ns2.nihao.com.		86400	IN	A	192.168.88.30

;; Query time: 1 msec
;; SERVER: 192.168.88.20#53(192.168.88.20)
;; WHEN: Tue Mar 18 15:00:27 CST 2025
;; MSG SIZE  rcvd: 134

[root@master ~]# dig -t A www.nihao.com @192.168.88.20

; <<>> DiG 9.16.23-RH <<>> -t A www.nihao.com @192.168.88.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23685
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ea7da527a6170ff70100000067d91a15ef6b98cef1254dbf (good)
;; QUESTION SECTION:
;www.nihao.com.			IN	A

;; ANSWER SECTION:
www.nihao.com.		86400	IN	A	192.168.88.40

;; Query time: 1 msec
;; SERVER: 192.168.88.20#53(192.168.88.20)
;; WHEN: Tue Mar 18 15:00:37 CST 2025
;; MSG SIZE  rcvd: 86

4. dns2（ip:192.168.88.30）

1. 安装软件bind
   dnf install bind -y
2. 关闭防火墙，放行selinux，开启服务
   firewall-cmd --permanent --add-service=dns
   firewall-cmd --reload
   setenforce 0
   vim /etc/selinux/config
   systemctl start named
3. 配置/etc/named.conf
   vim /etc/named.conf
4. 重启服务，dig解析
   systemctl restart named
   dig -t NS nihao.com @192.168.88.30
   dig -t A www.nihao.com @192.168.88.30

# 1.安装软件bind
[root@slave ~]# mount /dev/sr0 /mnt/
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@slave ~]# dnf install bind -y

# 2.关闭防火墙，放行selinux，开启服务
[root@slave ~]# firewall-cmd --permanent --add-service=dns
success
[root@slave ~]# firewall-cmd --reload
success
[root@slave ~]# setenforce 0
[root@slave ~]# vim /etc/selinux/config
[root@slave ~]# systemctl start named

# 3.配置 /etc/named.conf
[root@slave ~]# vim /etc/named.conf 
[root@slave ~]# cat /etc/named.conf 
options {
	listen-on port 53 { 192.168.88.30; };
	directory 	"/var/named";
};
zone "nihao.com" IN {
	type slave;
	masters {192.168.88.20; };
	file "slaves/nihao.com";
};

# 4.重启服务，dig解析
[root@slave ~]# systemctl restart named
[root@slave ~]# dig -t NS nihao.com @192.168.88.30

; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @192.168.88.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63485
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: fc3f65932856c43c0100000067d91c1d185d9375194bcab2 (good)
;; QUESTION SECTION:
;nihao.com.			IN	NS

;; ANSWER SECTION:
nihao.com.		86400	IN	NS	ns1.nihao.com.
nihao.com.		86400	IN	NS	ns2.nihao.com.

;; ADDITIONAL SECTION:
ns1.nihao.com.		86400	IN	A	192.168.88.20
ns2.nihao.com.		86400	IN	A	192.168.88.30

;; Query time: 2 msec
;; SERVER: 192.168.88.30#53(192.168.88.30)
;; WHEN: Tue Mar 18 15:09:17 CST 2025
;; MSG SIZE  rcvd: 134

[root@slave ~]# dig -t A www.nihao.com @192.168.88.30

; <<>> DiG 9.16.23-RH <<>> -t A www.nihao.com @192.168.88.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3127
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dd5d0527e6ab135e0100000067d91c24686845c54a0b7b36 (good)
;; QUESTION SECTION:
;www.nihao.com.			IN	A

;; ANSWER SECTION:
www.nihao.com.		86400	IN	A	192.168.88.40

;; Query time: 0 msec
;; SERVER: 192.168.88.30#53(192.168.88.30)
;; WHEN: Tue Mar 18 15:09:24 CST 2025
;; MSG SIZE  rcvd: 86

5. 客户端 client

客户端的 DNS 设置为两个 dns 主机的 IP

[root@client ~]# nmcli connection modify ens160 ipv4.DNS "192.168.88.30 192.168.88.20"
[root@client ~]# nmcli connection up ens160 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@client ~]# nmcli d show | grep DNS
IP4.DNS[1]:                             192.168.88.30
IP4.DNS[2]:                             192.168.88.20

• 结果：

[root@client ~]# curl www.nihao.com
Very good, you have successfully set up the system.
[root@client ~]# curl 192.168.88.40
Very good, you have successfully set up the system.