part.0 使用背景
公司內(nèi)網(wǎng)服務(wù)器不能直接通過Internet上網(wǎng)�����,但為了與外網(wǎng)通信和同步時間等���,會指定那么幾臺服務(wù)器可以訪問Internet。這里就是通過能上網(wǎng)的機器作為代理�,制作內(nèi)網(wǎng)使用的yum倉庫。
part.1 環(huán)境
內(nèi)網(wǎng)dns(推薦���,非必須��,因為可使用IP代替)
一臺能上Internet的服務(wù)器A
不能上Internet的服務(wù)器能與A服務(wù)器通信
part.2 nginx安裝
在可連接外網(wǎng)的A中安裝nginx
part.3 nginx配置
在主機A中添加nginx配置
$ cd /etc/nginx/conf.d
$ vim proxy.conf
server {
listen 80;
#listen [::]:80;
server_name mirrors.yourdomain.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/html;
location /ubuntu/ {
proxy_pass http://mirrors.aliyun.com/ubuntu/ ;
}
location /centos/ {
proxy_pass http://mirrors.aliyun.com/centos/ ;
}
location /epel/ {
proxy_pass http://mirrors.aliyun.com/epel/ ;
}
}
part.4 配置yum repo 源
修改無法連接外網(wǎng)的主機B 的repo文件�����。
$ cat /etc/yum.repos.d/CentOS-7.repo
[base]
name=CentOS-$releasever - Base - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
part.5 配置hosts
$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.193 mirrors.yourdomain.com
# 確保A 主機IP 和后面的反向代理地址
part.6 配置iptables
ping mirrors.yourdomain.com
#報錯 沒有到主機的路由
此時查看B主機中的iptables信息�����,發(fā)現(xiàn)無法訪問80�,可以在最前添加一條規(guī)則。
$ iptables -nvL
8155 28M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
11761 985K INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
11761 985K INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
11761 985K INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
11756 985K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
$ iptables -I INPUT -p tcp --dport 80 -j ACCEPT
part.7 測試是否成功
在B主機中進行���,yum makecache操作����。來判斷是否能進行yum操作����。
$ yum clean all
$ yum makecache
總結(jié)
以上就是這篇文章的全部內(nèi)容了,希望本文的內(nèi)容對大家的學習或者工作具有一定的參考學習價值��,如果有疑問大家可以留言交流��,謝謝大家對腳本之家的支持�����。
