搭建基于DNS主从架构、NFS共享存储及Nginx服务的完整环境
客户端通过访问 www.nihao.com 后,能够通过 dns 域名解析,访问到 nginx 服务中由 nfs 共享的首页文件,内容为:Very good, you have successfully set up the system. 各个主机能够实现时间同步,并且都开启防火墙来保证服务安装。
| Web服务器 | redhat9.5 | 192.168.116.8 | web | nginx |
| nfs服务器 | redhat9.5 | 192.168.116.9 | nfs | nfs-utils |
| DNS主服务器 | redhat9.5 | 192.168.116.18 | dns1 | bind |
| DNS从服务器 | redhat9.5 | 192.168.116.28 | dns2 | bind |
| 客户端 | redhat9.5 | 192.168.116.7 | client | bind-utils |
1.基础配置
web服务器执行:
# 修改主机名为:web
[root@localhost ~]# hostnamectl hostname web
# 配置IP
[root@localhost ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 a04877ab-0ad0-3541-b02e-67e2636bcff3 ethernet ens160
lo b904953d-1181-4d69-91d4-75e864d8b4d2 loopback lo
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.116.8/24 ipv4.dns 223.5.5.5 ipv4.gateway 192.168.116.2 connection.autoconnect yesnfs服务器执行:
# 修改主机名为:nfs
[root@localhost ~]# hostnamectl hostname nfs
# 更改主机IP
[root@localhost ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 a04877ab-0ad0-3541-b02e-67e2636bcff3 ethernet ens160
lo 95b9d995-9050-4839-a38c-bdbc3930c19a loopback lo
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.116.9 ipv4.dns 223.5.5.5 ipv4.gateway 192.168.116.2 connection.autoconnect yes
DNS主服务器执行:
# 修改主机名为:dns1
[root@localhost ~]# hostnamectl hostname dns1
# 配置主机IP
[root@localhost ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 a04877ab-0ad0-3541-b02e-67e2636bcff3 ethernet ens160
lo cb173537-b6ec-40f1-906b-6192e9f06b91 loopback lo
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.116.9/24 ipv4.dns 223.5.5.5 ipv4.gateway 192.168.116.2 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160DNS从服务器执行:
#修改主机名为:dns2
[root@localhost ~]# hostnamectl hostname dns2
#配置主机IP
[root@localhost ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 a04877ab-0ad0-3541-b02e-67e2636bcff3 ethernet ens160
lo 75f0b6c8-e8e4-4de4-84b6-f5129a25723c loopback lo
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.116.28/24 ipv4.dns 223.5.5.5 ipv4.gateway 192.168.116.2 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160客户端执行:
#修改主机名:client
[root@localhost ~]# hostnamectl hostname client
#配置主机IP
[root@localhost ~]# nmcli c show
NAME UUID TYPE DEVICE
ens160 a04877ab-0ad0-3541-b02e-67e2636bcff3 ethernet ens160
lo 5c659b87-7b1e-455d-9382-efd899a08107 loopback lo
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 192.168.116.7/24 ipv4.dns 223.5.5.5 ipv4.gateway 192.168.116.2 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160 2、关闭SELinux
#web服务器
[root@web ~]# sed -i 's/SELINUX=enforcing/SELINUX=Permissive/g' /etc/selinux/config
[root@web ~]# setenforce 0
#dns1
[root@dns1 ~]# sed -i 's/SELINUX=enforcing/SELINUX=Permissive/g' /etc/selinux/config
[root@dns1 ~]# setenforce 0
#dns2
[root@dns2 ~]# sed -i 's/SELINUX=enforcing/SELINUX=Permissive/g' /etc/selinux/config
[root@dns2 ~]# setenforce 0
#client
[root@client ~]# sed -i 's/SELINUX=enforcing/SELINUX=Permissive/g' /etc/selinux/config
[root@client ~]# setenforce 03、NFS服务器配置
#挂载驱动
[root@nfs ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
#下载nfs服务
[root@nfs ~]# dnf install nfs-utils -y
#创建文件目录/nfs_share/webroot
[root@nfs ~]# mkdir /nfs/data -p
#写入内容到index.html中
[root@nfs ~]# echo "Very good, you have successfully set up the system." > /nfs/data/index.html
#修改文件夹权限为755
[root@nfs ~]# chmod -R 755 /nfs/data
#编辑/etc/exports
[root@nfs ~]# vim /etc/exports
[root@nfs ~]# cat /etc/exports
/nfs/data 192.168.116.0/24(rw,sync,no_root_squash)
# 设置nfs-server服务为开机自启动,并立即启动
[root@nfs ~]# systemctl enable --now nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
# 将NFS 服务添加到防火墙的允许列表中,并进行重载
[root@nfs ~]# firewall-cmd --permanent --add-service=nfs
success
[root@nfs ~]# firewall-cmd --reload
success
#暴露共享目录
[root@nfs ~]# showmount -e localhost
Export list for localhost:
/nfs/data 192.168.116.8
#或者
[root@nfs ~]# showmount -e 192.168.116.9
Export list for 192.168.116.9:
/nfs/data 192.168.116.0/244、Web服务器配置
# 先挂载
[root@web ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
# 下载nginx
[root@web ~]# dnf install nginx nfs-utils -y
[root@web ~]# systemctl start nfs-server
[root@web ~]# firewall-cmd --permanent --add-service=nfs
Warning: ALREADY_ENABLED: nfs
success
[root@web ~]# firewall-cmd --reload
success
#创建挂载目录
[root@web ~]# mkdir /var/nginx -p
# 将创建的目录挂载到服务端的共享目录
[root@web ~]# mount -t nfs 192.168.116.9:/nfs/data /var/nginx
# 查看是否挂载成功
[root@web ~]# df -h
df: /usr/share/nginx/html: Stale file handle
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 1.8G 0 1.8G 0% /dev/shm
tmpfs 726M 9.1M 717M 2% /run
efivarfs 256K 56K 196K 23% /sys/firmware/efi/efivars
/dev/mapper/rhel-root 45G 1.7G 43G 4% /
/dev/nvme0n1p2 960M 225M 736M 24% /boot
/dev/nvme0n1p1 599M 7.1M 592M 2% /boot/efi
tmpfs 363M 0 363M 0% /run/user/0
/dev/sr0 11G 11G 0 100% /mnt
192.168.116.9:/nfs/data 45G 1.7G 43G 4% /var/nginx
#新建并编写nfs.conf文件
[root@web ~]# vim /etc/nginx/conf.d/nfs.conf
[root@web ~]# cat /etc/nginx/conf.d/nfs.conf
server {
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
server_name 192.168.116.8;
root /var/nginx;
}
# 验证配置文件是否有效
[root@web ~]# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# 启动nginx
[root@web ~]# systemctl start nginx
[root@web ~]# systemctl enable --now nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
#放行80端口
[root@web ~]# systemctl restart nginx
[root@web ~]# firewall-cmd --permanent --add-port=80/tcp
success
[root@web ~]# firewall-cmd --reload
success
#查看防火墙列表
[root@web ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client http nfs ssh
ports: 80/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@web ~]# curl http://192.168.116.8
Very good, you have successfully set up the system.
5、DNS主服务器搭建
[root@dns1 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@dns1 ~]# dnf install bind -y
[root@dns1 ~]# vim /etc/named.conf
[root@dns1 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.116.18; };
directory "/var/named";
allow-query { any; };
zone "nihao.com" IN {
type master;
file "nihao.com";
allow-transfer {192.168.116.28;}; // 允许从服务器同步
};
[root@dns1 ~]# vim /var/named/nihao.com
[root@dns1 ~]# cat /var/named/nihao.com
$TTL 1D
@ IN SOA @ admin.nihao.com.(0 1D 2H 3W 2D)
IN NS dns1.nihao.com.
IN NS dns2.nihao.com.
dns1 A 192.168.116.18
dns2 A 192.168.116.28
www A 192.168.116.8
[root@dns1 ~]# named-checkzone nihao.com /var/named/nihao.com
zone nihao.com/IN: loaded serial 0
OK
# 启动 dns 服务
[root@dns1 ~]# systemctl start named
#测试dns解析
[root@dns1 ~]# dig -t NS nihao.com @192.168.116.18
; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @192.168.116.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31085
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: afae3cf0316dc0960100000067daf596e185c990749aafe2 (good)
;; QUESTION SECTION:
;haha.com. IN NS
;; ANSWER SECTION:
nihao.com. 86400 IN NS dns2.nihao.com.
nihao.com. 86400 IN NS dns1.nihao.com.
;; ADDITIONAL SECTION:
dns1.nihao.com. 86400 IN A 192.168.116.18
dns2.nihao.com. 86400 IN A 192.168.116.28
;; Query time: 1 msec
;; SERVER: 192.168.220.18#53(192.168.116.18)
;; WHEN: Thu Mar 20 00:49:26 CST 2025
;; MSG SIZE rcvd: 135
[root@dns1 ~]# dig -t A nihao.com @192.168.116.18
; <<>> DiG 9.16.23-RH <<>> -t A nihao.com @192.168.116.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39548
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 8856bb033879b81b0100000067daf62bf1c229b1646e8bdf (good)
;; QUESTION SECTION:
;nihao.com. IN A
;; AUTHORITY SECTION:
nihao.com. 86400 IN SOA nihao.com. admin.nihao.com. 0 86400 7200 1814400 172800
;; Query time: 0 msec
;; SERVER: 192.168.116.18#53(192.168.220.18)
;; WHEN: Thu Mar 20 00:51:55 CST 2025
;; MSG SIZE rcvd: 107
#放行dns端口
[root@dns1 ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns1 ~]# firewall-cmd --reload
success
6、DNS从服务器搭建
[root@dns2 ~]# dnf install bind -y
[root@dns2 ~]# rpm -qc bind
/etc/logrotate.d/named
/etc/named.conf
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/sysconfig/named
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
[root@dns2 ~]# vim /etc/named.conf
[root@dns2 ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.116.28; };
directory "/var/named";
};
zone "nihao.com" IN {
type slave;
masters { 192.168.116.18; }; // 指向主服务器IP
file "slaves/nihao.com";
};
[root@dns2 ~]# firewall-cmd --permanent --add-service=dns
success
[root@dns2 ~]# firewall-cmd --reload
success
[root@dns2 ~]# systemctl start named
[root@dns2 ~]# dig -t NS nihao.com @192.168.116.28
; <<>> DiG 9.16.23-RH <<>> -t NS nihao.com @192.168.116.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65469
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 0e397fc93bd993350100000067daf885688114579eacee16 (good)
;; QUESTION SECTION:
;nihao.com. IN NS
;; ANSWER SECTION:
nihao.com. 86400 IN NS dns1.nihao.com.
nihao.com. 86400 IN NS dns2.nihao.com.
;; ADDITIONAL SECTION:
dns1.nihao.com. 86400 IN A 192.168.220.18
dns2.nihao.com. 86400 IN A 192.168.220.28
;; Query time: 0 msec
;; SERVER: 192.168.220.28#53(192.168.220.28)
;; WHEN: Thu Mar 20 01:01:57 CST 2025
;; MSG SIZE rcvd: 135
[root@dns2 ~]# dig -t A www.nihao.com @192.168.116.28
; <<>> DiG 9.16.23-RH <<>> -t A www.nihao.com @192.168.116.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58746
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 7e673e57b9af1f080100000067daf8d44d51e0627a59d73a (good)
;; QUESTION SECTION:
;www.nihao.com. IN A
;; ANSWER SECTION:
www.nihao.com. 86400 IN A 192.168.116.8
;; Query time: 1 msec
;; SERVER: 192.168.220.28#53(192.168.116.28)
;; WHEN: Thu Mar 20 01:03:16 CST 2025
;; MSG SIZE rcvd: 85
7、客户端测试与验证
[root@client ~]# echo "nameserver 192.168.116.18" > /etc/resolv.conf
[root@client ~]# echo "nameserver 192.168.116.28" >> /etc/resolv.conf
[root@client ~]# dig www.nihao.com +short
192.168.116.8
[root@client ~]# curl http://www.nihao.com
Very good, you have successfully set up the system.
8、通用配置
#时间同步
#安装系统同步时间工具chrony
[root@dns2 ~]# dnf install -y chrony
#启动服务
[root@dns2 ~]# systemctl enable --now chronyd
# 查看同步状态
[root@dns2 ~]# chronyc tracking
Reference ID : CA760182 (time.neu.edu.cn)
Stratum : 3
Ref time (UTC) : Wed Mar 19 17:06:06 2025
System time : 0.001468271 seconds fast of NTP time
Last offset : +0.000037576 seconds
RMS offset : 0.012627055 seconds
Frequency : 2.937 ppm slow
Residual freq : +0.020 ppm
Skew : 5.613 ppm
Root delay : 0.079887263 seconds
Root dispersion : 0.005645145 seconds
Update interval : 259.5 seconds
Leap status : Normal
#防火墙统一管理
systemctl enable --now firewalld
# 按需放行服务(示例:Web服务器放行HTTP)
firewall-cmd --add-service=http --permanent && firewall-cmd --reload总结:
- DNS 主从架构:实现了高可用性和负载均衡的 DNS 服务,主从服务器之间可以同步域名解析记录,确保 DNS 服务的冗余和高可用性。
- NFS 共享存储:实现了跨多台机器的文件共享,NFS 服务确保文件可以在多个节点之间共享,并支持动态扩展。
- Nginx 服务:通过配置负载均衡,成功分担了流量,并保证了 Web 服务的高可用性。
本次目标是构建一个稳定、高效且高可用的多服务环境。通过本次实操,我深入理解了 DNS 主从架构、NFS 文件共享以及 Nginx 负载均衡的配置与实现。在过程中,学习了如何通过多服务的协作提高系统的稳定性和可扩展性。此外,遇到的问题和解决方案增强了我的故障排除能力和系统调优经验。
原文地址:https://blog.csdn.net/qq_74430033/article/details/146419182
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.kler.cn/a/596789.html 如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.kler.cn/a/596789.html 如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!