目录
[1. Centos 7-5------Client](#1. Centos 7-5——Client)
[2. Centos 7-1------网关服务器](#2. Centos 7-1——网关服务器)
[3. Centos 7-2------Web1](#3. Centos 7-2——Web1)
[4. Centos 7-3------Web2](#4. Centos 7-3——Web2)
[5. Centos 7-4------Nginx](#5. Centos 7-4——Nginx)
[二、在Nginx服务器上搭建LNMP服务,并且能够对外提供Discuz论坛服务;在Web1、Web2服务器上搭建Tomcat 服务。](#二、在Nginx服务器上搭建LNMP服务,并且能够对外提供Discuz论坛服务;在Web1、Web2服务器上搭建Tomcat 服务。)
[7.1安装Oracle JDK](#7.1安装Oracle JDK)
[8.1安装Oracle JDK](#8.1安装Oracle JDK)
[三、为nginx服务配置虚拟主机,新增两个域名 www.kgc.com 和 www.benet.com,使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容,内容自定义。](#三、为nginx服务配置虚拟主机,新增两个域名 www.kgc.com 和 www.benet.com,使用http://www.kgc.com/index.php可访问上一题的Discuz论坛页面。使用http://www.benet.com则访问/var/www/html目录中的index.html文件的内容,内容自定义。)
四、对基于www.benet.com域名的虚拟机主机的nginx服务调优:隐藏nginx版本号,缓存静态图片网页时间为1天,设置防盗链功能。
六、要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。
[要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php。](#要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php。)
[七、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务,将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理,并实现负载均衡](#七、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务,将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理,并实现负载均衡)
八、在网关服务器上设置SNAT/DNAT,使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。
服务器IP地址规划:client:12.0.0.12/24,网关服务器:ens36:12.0.0.1/24、ens33:192.168.241.11/24,Web1:192.168.241.22/24,Web2:192.168.241.23/24,Nginx:192.168.241.24/24。
一、实验环境搭建
Centos7-5作为Client(12.0.0.12/24);Centos7-1作为网关服务器(搭配两块网卡ens33 192.168.241.11/24,ens36 12.0.0.1/24);Centos7-2作为Web1(192.168.241.22/24 提供web1服务);Centos7-3作为Web2(192.168.241.23/24 提供web2服务);Centos7-4作为Nginx服务器(192.168.241.24/24)
1. Centos 7-5------Client
2. Centos 7-1------网关服务器
bash
[root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens33
bash
[root@localhost ~]#cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens36
[root@localhost ~]#vim /etc/sysconfig/network-scripts/ifcfg-ens36
bash
[root@localhost ~]#systemctl restart network
[root@localhost ~]#ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.241.11 netmask 255.255.255.0 broadcast 192.168.241.255
inet6 fe80::de6f:32c8:5a64:a6b2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:51:4b:b5 txqueuelen 1000 (Ethernet)
RX packets 2457 bytes 231114 (225.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1289 bytes 162490 (158.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255
inet6 fe80::8cb:b13b:40ac:6df1 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:51:4b:bf txqueuelen 1000 (Ethernet)
RX packets 557 bytes 36406 (35.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 345 bytes 60396 (58.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 111 bytes 9742 (9.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 111 bytes 9742 (9.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:53:c1:45 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3. Centos 7-2------Web1
bash
[root@node2 ~]#ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.241.22 netmask 255.255.255.0 broadcast 192.168.241.255
inet6 fe80::d9cd:6857:3bdc:7454 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:3e:a0:08 txqueuelen 1000 (Ethernet)
RX packets 1702 bytes 169840 (165.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 674 bytes 72150 (70.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 64 bytes 5568 (5.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 64 bytes 5568 (5.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:fe:22:f2 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4. Centos 7-3------Web2
bash
[root@node3 ~]#ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.241.23 netmask 255.255.255.0 broadcast 192.168.241.255
inet6 fe80::f11e:5019:be57:47b8 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:6b:71:15 txqueuelen 1000 (Ethernet)
RX packets 1174 bytes 121065 (118.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 246 bytes 25828 (25.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 36 bytes 4212 (4.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 4212 (4.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:9d:e9:ac txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5. Centos 7-4------Nginx
bash
[root@G ~]#ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.241.24 netmask 255.255.255.0 broadcast 192.168.241.255
inet6 fe80::871f:7f65:7279:5914 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:8c:91:84 txqueuelen 1000 (Ethernet)
RX packets 1407 bytes 140138 (136.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 481 bytes 45344 (44.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 64 bytes 5248 (5.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 64 bytes 5248 (5.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:d2:18:b8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
二、在Nginx服务器上搭建LNMP服务,并且能够对外提供Discuz论坛服务;在Web1、Web2服务器上搭建Tomcat 服务。
Nginx 搭建LNMP架构
1.Nginx服务器------编译安装Nginx
bash
[root@G ~]#yum -y install pcre-devel zlib-devel gcc gcc-c++ make
#安装依赖环境
[root@G ~]#useradd -M -s /sbin/nologin nginx
#创建程序管理用户Nginx
[root@G opt]#cd /opt
[root@G opt]#wget http://nginx.org/download/nginx-1.18.0.tar.gz
#下载压缩文件
[root@G opt]#ls
nginx-1.18.0.tar.gz
[root@G opt]#tar xf nginx-1.18.0.tar.gz
[root@G opt]#cd nginx-1.18.0/
[root@G nginx-1.18.0]#./configure \
> --prefix=/usr/local/nginx \
> --user=nginx \
> --group=nginx \
> --with-http_stub_status_module
[root@G nginx-1.18.0]#make -j2
[root@G nginx-1.18.0]#make install
[root@G nginx-1.18.0]#ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@G nginx-1.18.0]#vim /lib/systemd/system/nginx.service
[root@G nginx-1.18.0]#cat /lib/systemd/system/nginx.service
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -1 $MAINPID
ExecStop=/bin/kill -3 $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@G nginx-1.18.0]#systemctl daemon-reload
[root@G nginx-1.18.0]#systemctl enable --now nginx.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@G nginx-1.18.0]#systemctl status nginx.service
● nginx.service - nginx
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2024-03-09 12:37:29 CST; 4s ago
Process: 39778 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 39779 (nginx)
CGroup: /system.slice/nginx.service
├─39779 nginx: master process /usr/local/nginx/sbin/nginx
└─39780 nginx: worker process
3月 09 12:37:29 G.D systemd[1]: Starting nginx...
3月 09 12:37:29 G.D systemd[1]: Started nginx.
[root@G nginx-1.18.0]#chown -R nginx:nginx /usr/local/nginx/
2.Nginx服务器------搭建PHP
bash
[root@G ~]#cd /opt
[root@G ~]#yum -y install gd \
> libjpeg libjpeg-devel \
> libpng libpng-devel \
> freetype freetype-devel \
> libxml2 libxml2-devel \
> zlib zlib-devel \
> curl curl-devel \
> openssl openssl-devel
[root@G opt]#rz -E
rz waiting to receive.
[root@G opt]#ls
nginx-1.18.0 nginx-1.18.0.tar.gz php-7.1.10.tar.bz2
[root@G opt]#tar xf php-7.1.10.tar.bz2
[root@G opt]#cd php-7.1.10/
[root@G php-7.1.10]#./configure \
--prefix=/usr/local/php \
--with-mysql-sock=/usr/local/mysql/mysql.sock \
--with-mysqli \
--with-zlib \
--with-curl \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-freetype-dir \
--with-openssl \
--enable-fpm \
--enable-mbstring \
--enable-xml \
--enable-session \
--enable-ftp \
--enable-pdo \
--enable-tokenizer \
--enable-zip
[root@G php-7.1.10]#make -j2
[root@G php-7.1.10]#make install
[root@G php-7.1.10]#ln -s /usr/local/php/bin/* /usr/local/bin/
[root@G php-7.1.10]#ln -s /usr/local/php/sbin/* /usr/local/sbin/
#优化路径
#调整进程服务配置文件
[root@G php-7.1.10]#cp /opt/php-7.1.10/php.ini-development /usr/local/php/lib/php.ini
[root@G php-7.1.10]#vim /usr/local/php/lib/php.ini
-1170G- mysqli.default_socket = /usr/local/mysql/mysql.sock
-939G- date.timezone = Asia/Shangha
[root@G php-7.1.10]#sed -n '939p;1170p' /usr/local/php/lib/php.ini
date.timezone = Asia/Shanghai
mysqli.default_socket = /usr/local/mysql/mysql.sock
[root@G php-7.1.10]#cd /usr/local/php/etc/
[root@G etc]#cp php-fpm.conf.default php-fpm.conf
[root@G etc]#vim php-fpm.conf
[root@G etc]#sed -n '17p' php-fpm.conf
pid = run/php-fpm.pid
#调整扩展配置文件
[root@G etc]#cd /usr/local/php/etc/php-fpm.d/
[root@G php-fpm.d]#cp www.conf.default www.conf
[root@G php-fpm.d]#ls
www.conf www.conf.default
#启动PHP
[root@G php-fpm.d]#cp /opt/php-7.1.10/sapi/fpm/php-fpm.service /usr/lib/systemd/system/php-fpm.service
[root@G php-fpm.d]#systemctl restart php-fpm.service
[root@G php-fpm.d]#systemctl status php-fpm.service
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2024-03-09 13:01:36 CST; 5s ago
Main PID: 47397 (php-fpm)
CGroup: /system.slice/php-fpm.service
├─47397 php-fpm: master process (/usr/local/php/etc/php-fpm.con...
├─47400 php-fpm: pool www
└─47401 php-fpm: pool www
3月 09 13:01:36 G.D systemd[1]: Started The PHP FastCGI Process Manager.
3月 09 13:01:36 G.D systemd[1]: Starting The PHP FastCGI Process Manager...
Hint: Some lines were ellipsized, use -l to show in full.
3.Nginx服务器------编译安装搭建Mysql
bash
[root@G opt]#yum -y install \
> ncurses \
> ncurses-devel \
> bison \
> cmake
#环境依赖包
[root@G opt]#yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel
#安装依赖环境
[root@G opt]#useradd -M -s /sbin/nologin mysql
#创建运行用户
[root@G opt]#rz -E
rz waiting to receive.
[root@G opt]#ls
mysql-boost-5.7.20.tar.gz nginx-1.18.0.tar.gz php-7.1.10.tar.bz2
nginx-1.18.0 php-7.1.10
[root@G opt]#tar xf mysql-boost-5.7.20.tar.gz
[root@G opt]#cd mysql-5.7.20/
[root@G mysql-5.7.20]#cmake \
> -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
> -DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
> -DSYSCONFDIR=/etc \
> -DSYSTEMD_PID_DIR=/usr/local/mysql \
> -DDEFAULT_CHARSET=utf8 \
> -DDEFAULT_COLLATION=utf8_general_ci \
> -DWITH_EXTRA_CHARSETS=all \
> -DWITH_INNOBASE_STORAGE_ENGINE=1 \
> -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
> -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
> -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
> -DMYSQL_DATADIR=/usr/local/mysql/data \
> -DWITH_BOOST=boost \
> -DWITH_SYSTEMD=1
[root@G mysql-5.7.20]#make -j4
[root@G mysql-5.7.20]#make install
[root@G mysql-5.7.20]#vim /etc/my.cnf
#修改mysql配置文件
[root@G mysql-5.7.20]#cat /etc/my.cnf
[client]
port = 3306
socket=/usr/local/mysql/mysql.sock
[mysqld]
user = mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port = 3306
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
[root@G mysql-5.7.20]#chown -R mysql:mysql /usr/local/mysql/
[root@G mysql-5.7.20]#chown mysql:mysql /etc/my.cnf
#更改mysql安装目录和配置文件的属主属组
[root@G mysql-5.7.20]#echo 'export PATH=/usr/local/mysql/bin:/usr/local/mysql/lib:$PATH' >> /etc/profile
#设置路径环境变量
[root@G mysql-5.7.20]#echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@G mysql-5.7.20]#source /etc/profile
[root@G mysql-5.7.20]#echo $PATH
/usr/local/mysql/bin:/usr/local/mysql/lib:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
[root@G mysql-5.7.20]#cd /usr/local/mysql/bin/
[root@G bin]#./mysqld \
> --initialize-insecure \
> --user=mysql \
> --basedir=/usr/local/mysql \
> --datadir=/usr/local/mysql/data
#初始化数据库
[root@G bin]#cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service
/usr/lib/systemd/system/
#添加mysqld系统服务
[root@G bin]#systemctl daemon-reload
[root@G bin]#systemctl start mysqld.service
[root@G bin]#systemctl enable mysqld
Created symlink from /etc/systemd/system/multi-user.target.wants/mysqld.service to /usr/lib/systemd/system/mysqld.service.
[root@G bin]#systemctl status mysqld.service
● mysqld.service - MySQL Server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2024-03-09 13:46:17 CST; 8s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Main PID: 66268 (mysqld)
CGroup: /system.slice/mysqld.service
└─66268 /usr/local/mysql/bin/mysqld --daemonize --pid-file=/usr...
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637646Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637658Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637661Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.637667Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.638510Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.638519Z 0 [Warni...e.
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.642575Z 0 [Note]...ts
3月 09 13:46:17 G.D mysqld[66265]: 2024-03-09T05:46:17.642946Z 0 [Note]...s.
3月 09 13:46:17 G.D mysqld[66265]: Version: '5.7.20' socket: '/usr/loc...on
3月 09 13:46:17 G.D systemd[1]: Started MySQL Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@G ~]#mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> ^DBye
4.配置数据库
bash
[root@G ~]#mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.20 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CREATE DATABASE bbs;
Query OK, 1 row affected (0.00 sec)
mysql> GRANT all ON bbs.* TO 'bbsuser'@'%' IDENTIFIED BY 'admin123';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> GRANT all ON bbs.* TO 'bbsuser'@'localhost' IDENTIFIED BY 'admin123';
Query OK, 0 rows affected, 2 warnings (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> ^DBye
5.配置PHP测试页
bash
[root@G ~]#vim /usr/local/nginx/conf/nginx.conf
[root@G ~]#sed -n '65,71p' /usr/local/nginx/conf/nginx.conf
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
[root@G ~]#systemctl restart nginx
[root@G ~]#systemctl status nginx.service
● nginx.service - nginx
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2024-03-09 13:53:04 CST; 5s ago
Process: 1844 ExecStop=/bin/kill -3 $MAINPID (code=exited, status=0/SUCCESS)
Process: 1849 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 1851 (nginx)
CGroup: /system.slice/nginx.service
├─1851 nginx: master process /usr/local/nginx/sbin/nginx
└─1852 nginx: worker process
3月 09 13:53:04 G.D systemd[1]: Starting nginx...
3月 09 13:53:04 G.D systemd[1]: Started nginx.
[root@G ~]#vim /usr/local/nginx/html/index.php
[root@G ~]#cat /usr/local/nginx/html/index.php
<?php
$link=mysqli_connect('192.168.241.24','bbsuser','admin123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>
[root@G ~]#systemctl restart nginx
6.安装论坛
bash
[root@G ~]#cd /opt
[root@G opt]#unzip Discuz_X3.4_SC_UTF8.zip
[root@G opt]#ls
dir_SC_UTF8 mysql-boost-5.7.20.tar.gz php-7.1.10
Discuz_X3.4_SC_UTF8.zip nginx-1.18.0 php-7.1.10.tar.bz2
mysql-5.7.20 nginx-1.18.0.tar.gz 说明.htm
[root@G opt]#cd dir_SC_UTF8/
[root@G dir_SC_UTF8]#cp -r upload/ /usr/local/nginx/html/bbs
[root@G dir_SC_UTF8]#cd /usr/local/nginx/html/bbs/
[root@G bbs]#ls
admin.php connect.php group.php member.php search.php uc_server
api crossdomain.xml home.php misc.php source
api.php data index.php plugin.php static
archiver favicon.ico install portal.php template
config forum.php m robots.txt uc_client
[root@G bbs]#chown -R nginx.nginx ./config/
[root@G bbs]#chown -R nginx.nginx ./data/
[root@G bbs]#chown -R nginx.nginx ./uc_client/
[root@G bbs]#chown -R nginx.nginx ./uc_server/
[root@G bbs]#chmod -R 777 ./config/
[root@G bbs]#chmod -R 777 ./data/
[root@G bbs]#chmod -R 777 ./uc_client/
[root@G bbs]#chmod -R 777 ./uc_server/
[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf
[root@G bbs]#sed -n '43,46p' /usr/local/nginx/conf/nginx.conf
location / {
root html;
index index.html index.htm index.php;
}
7.Web1------搭建Tomcat
7.1安装Oracle JDK
bash
[root@node2 ~]#cd /opt
[root@node2 opt]#rm -rf *
[root@node2 opt]#ls
[root@node2 opt]#rz -E
rz waiting to receive.
[root@node2 opt]#ls
jdk-8u291-linux-x64.tar.gz
[root@node2 opt]#tar xf jdk-8u291-linux-x64.tar.gz -C /usr/local/
[root@node2 opt]#cd /usr/local/
[root@node2 local]#ls
bin games jdk1.8.0_291 lib64 sbin src
etc include lib libexec share
[root@node2 local]#ln -s jdk1.8.0_291/ jdk
[root@node2 local]#ls
bin games jdk lib libexec share
etc include jdk1.8.0_291 lib64 sbin src
[root@node2 local]#vim /etc/profile.d/jdk.sh
[root@node2 local]#cat /etc/profile.d/jdk.sh
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$PATH
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
[root@node2 local]#. /etc/profile.d/jdk.sh
[root@node2 local]#java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
7.2安装Tomcat
bash
[root@node2 local]#cd /opt
[root@node2 opt]#ls
jdk-8u291-linux-x64.tar.gz
[root@node2 opt]#rz -E
rz waiting to receive.
[root@node2 opt]#ls
apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz
[root@node2 opt]#tar xf apache-tomcat-9.0.16.tar.gz -C /usr/local/
[root@node2 opt]#cd /usr/local/
[root@node2 local]#ls
apache-tomcat-9.0.16 etc include jdk1.8.0_291 lib64 sbin src
bin games jdk lib libexec share
[root@node2 local]#mv apache-tomcat-9.0.16/ tomcat
[root@node2 local]#ls
bin games jdk lib libexec share tomcat
etc include jdk1.8.0_291 lib64 sbin src
[root@node2 local]#cd tomcat/
[root@node2 tomcat]#ls
bin CONTRIBUTING.md logs RELEASE-NOTES webapps
BUILDING.txt lib NOTICE RUNNING.txt work
conf LICENSE README.md temp
[root@node2 tomcat]#useradd -M -s /sbin/nologin tomcat
[root@node2 tomcat]#cat > /usr/lib/systemd/system/tomcat.service <<EOF
> [Unit]
> Description=Tomcat
> After=syslog.target network.target
>
> [Service]
> Type=forking
> ExecStart=/usr/local/tomcat/bin/startup.sh
> ExecStop=/usr/local/tomcat/bin/shutdown.sh
> RestartSec=3
> PrivateTmp=true
> User=tomcat
> Group=tomcat
>
> [Install]
> WantedBy=multi-user.target
>
> EOF
[root@node2 tomcat]#cat /usr/lib/systemd/system/tomcat.service
[Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
[root@node2 tomcat]#chown -R tomcat:tomcat ../tomcat
[root@node2 tomcat]#systemctl daemon-reload
[root@node2 tomcat]#systemctl start tomcat
[root@node2 tomcat]#systemctl status tomcat
● tomcat.service - Tomcat
Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2024-03-09 00:16:33 EST; 4s ago
Process: 4938 ExecStart=/usr/local/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 4954 (catalina.sh)
CGroup: /system.slice/tomcat.service
├─4954 /bin/sh /usr/local/tomcat/bin/catalina.sh start
└─4955 /usr/bin/java -Djava.util.logging.config.file=/usr/local...
Mar 09 00:16:33 node2.localdomain systemd[1]: Starting Tomcat...
Mar 09 00:16:33 node2.localdomain systemd[1]: Started Tomcat.
8.Web2------搭建Tomcat
8.1安装Oracle JDK
bash
[root@node3 ~]#cd /opt
[root@node3 opt]#rm -rf *
[root@node3 opt]#ls
[root@node3 opt]#rz -E
rz waiting to receive.
[root@node3 opt]#rz -E
rz waiting to receive.
[root@node3 opt]#ls
apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz
[root@node3 opt]#tar xf jdk-8u291-linux-x64.tar.gz -C /usr/local/
[root@node3 opt]#cd /usr/local/
[root@node3 local]#ls
bin games jdk1.8.0_291 lib64 sbin src
etc include lib libexec share
[root@node3 local]#ln -s jdk1.8.0_291/ jdk
[root@node3 local]#ls
bin games jdk lib libexec share
etc include jdk1.8.0_291 lib64 sbin src
[root@node3 local]#vim /etc/profile.d/jdk.sh
[root@node3 local]#cat /etc/profile.d/jdk.sh
export JAVA_HOME=/usr/local/jdk
export PATH=$JAVA_HOME/bin:$PATH
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib/:$JRE_HOME/lib/
[root@node3 local]#. /etc/profile.d/jdk.sh
[root@node3 local]#java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
8.2安装Tomcat
bash
[root@node3 local]#cd /opt
[root@node3 opt]#ls
apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz
[root@node3 opt]#tar xf apache-tomcat-9.0.16.tar.gz -C /usr/local/
[root@node3 opt]#ls
apache-tomcat-9.0.16.tar.gz jdk-8u291-linux-x64.tar.gz
[root@node3 opt]#cd /usr/local/
[root@node3 local]#ls
apache-tomcat-9.0.16 etc include jdk1.8.0_291 lib64 sbin src
bin games jdk lib libexec share
[root@node3 local]#mv apache-tomcat-9.0.16/ tomcat
[root@node3 local]#ls
bin games jdk lib libexec share tomcat
etc include jdk1.8.0_291 lib64 sbin src
[root@node3 local]#cd tomcat/
[root@node3 tomcat]#ls
bin CONTRIBUTING.md logs RELEASE-NOTES webapps
BUILDING.txt lib NOTICE RUNNING.txt work
conf LICENSE README.md temp
[root@node3 tomcat]#useradd -M -s /sbin/nologin tomcat
[root@node3 tomcat]#cat > /usr/lib/systemd/system/tomcat.service <<EOF
> [Unit]
> Description=Tomcat
> After=syslog.target network.target
>
> [Service]
> Type=forking
> ExecStart=/usr/local/tomcat/bin/startup.sh
> ExecStop=/usr/local/tomcat/bin/shutdown.sh
> RestartSec=3
> PrivateTmp=true
> User=tomcat
> Group=tomcat
>
> [Install]
> WantedBy=multi-user.target
>
> EOF
[root@node3 tomcat]#cat /usr/lib/systemd/system/tomcat.service
[Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.target
[root@node3 tomcat]#chown -R tomcat:tomcat ../tomcat
[root@node3 tomcat]#systemctl daemon-reload
[root@node3 tomcat]#systemctl start tomcat
[root@node3 tomcat]#systemctl status tomcat
● tomcat.service - Tomcat
Loaded: loaded (/usr/lib/systemd/system/tomcat.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2024-03-09 13:23:13 CST; 3s ago
Process: 37632 ExecStart=/usr/local/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 37647 (catalina.sh)
CGroup: /system.slice/tomcat.service
├─37647 /bin/sh /usr/local/tomcat/bin/catalina.sh start
└─37648 /usr/bin/java -Djava.util.logging.config.file=/usr/loca...
3月 09 13:23:13 node3.node3 systemd[1]: Starting Tomcat...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CATALINA_BASE: /us...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CATALINA_HOME: /us...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CATALINA_TMPDIR: /us...
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using JRE_HOME: /usr
3月 09 13:23:13 node3.node3 startup.sh[37632]: Using CLASSPATH: /us...
3月 09 13:23:13 node3.node3 systemd[1]: Started Tomcat.
Hint: Some lines were ellipsized, use -l to show in full.
三、为 nginx服务配置虚拟主机,新增两个域名 www.kgc.com 和 www.benet.com,使用 http:// www.kgc.com /index.php 可访问上一题的 Discuz 论坛页面。 使用 http:// www.benet.com 则访问/var/www/html目录中的index.html文件的内容,内容自定义。
1.Nginx服务器配置
bash
[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf
[root@G bbs]#sed -n '35,38p' /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.kgc.com;
root /usr/local/nginx/html;
[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf
[root@G bbs]#sed -n '80,84p' /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.benet.com;
root /usr/local/nginx/html;
}
[root@G bbs]#cat /usr/local/nginx/html/index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
2.客户端配置
bash
[root@localhost ~]#vim /etc/hosts
[root@localhost ~]#cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.241.24 www.kgc.com www.benet.com
C:\Windows\System32\drivers\etc/hosts
3.测试
bash
[root@localhost ~]#curl www.benet.com
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
四、对基于www.benet.com域名的虚拟机主机的nginx服务调优:隐藏nginx版本号,缓存静态图片网页时间为1天,设置防盗链功能。
1.Nginx配置
bash
[root@G bbs]#vim /usr/local/nginx/conf/nginx.conf
bash
[root@G bbs]#systemctl restart nginx
2.测试
五、网关服务器搭建NFS服务,提供的文件系统使用LVM类型,共享目录名称为/mnt/nfs;要求根据日期对Discuz论坛服务的访问日志进行日志分割,要求每天生成一份日志文件,保存到NFS服务共享的目录内。
1.网关服务器配置------搭建NFS服务
bash
[root@localhost ~]#alias
alias cp='cp -i'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
alias mv='mv -i'
alias rm='rm -i'
alias scan='echo "- - -" > /sys/class/scsi_host/host0/scan;echo "- - -" > /sys/class/scsi_host/host1/scan;echo "- - -" > /sys/class/scsi_host/host2/scan'
alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'
[root@localhost ~]#
[root@localhost ~]#scan
[root@localhost ~]#lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 60G 0 disk
├─sda1 8:1 0 5G 0 part /boot
└─sda2 8:2 0 54G 0 part
├─centos-root 253:0 0 50G 0 lvm /
└─centos-swap 253:1 0 4G 0 lvm [SWAP]
sdb 8:16 0 20G 0 disk
sdc 8:32 0 20G 0 disk
sr0 11:0 1 4.2G 0 rom
[root@localhost ~]#pvcreate /dev/sdb /dev/sdc
#建物理卷
Physical volume "/dev/sdb" successfully created.
Physical volume "/dev/sdc" successfully created.
[root@localhost ~]#vgcreate vg /dev/sdb /dev/sdc
#建卷组
Volume group "vg" successfully created
[root@localhost ~]#lvcreate -n lvm -L 30G /dev/vg
#建逻辑卷 指定名称lvm 指定大小30G 存放在/dev/vg下
Logical volume "lvm" created.
[root@localhost ~]#mkfs.xfs /dev/vg/lvm
#文件系统xfs格式
meta-data=/dev/vg/lvm isize=512 agcount=4, agsize=1966080 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=7864320, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=3840, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]#mount /dev/vg/lvm /mnt
#挂载
[root@localhost ~]#mkdir /mnt/nfs
[root@localhost ~]#vim /etc/exports
[root@localhost ~]#cat /etc/exports
/mnt/nfs *
[root@localhost ~]#systemctl start nfs
[root@localhost ~]#exportfs -v
/mnt/nfs <world>(ro,sync,wdelay,hide,no_subtree_check,sec=sys,secure,root_squash,no_all_squash)
2.Nginx服务器------共享目录
bash
[root@G bbs]#showmount -e 192.168.241.11
Export list for 192.168.241.11:
/mnt/nfs *
[root@G bbs]#mount 192.168.241.11:/mnt/nfs /mnt/
[root@G bbs]#df
文件系统 1K-块 已用 可用 已用% 挂载点
/dev/mapper/centos-root 52403200 12697156 39706044 25% /
devtmpfs 917604 0 917604 0% /dev
tmpfs 933524 0 933524 0% /dev/shm
tmpfs 933524 9144 924380 1% /run
tmpfs 933524 0 933524 0% /sys/fs/cgroup
/dev/sda1 6281216 182368 6098848 3% /boot
tmpfs 186708 0 186708 0% /run/user/0
tmpfs 186708 12 186696 1% /run/user/42
192.168.241.11:/mnt/nfs 31441920 32768 31409152 1% /mnt
3.日志分割
bash
[root@G ~]#vim split-log.sh
[root@G ~]#cat split-log.sh
#!/bin/bash
day=`date "+%Y-%m-%d"`
log="/usr/local/nginx/logs"
pid=`cat /usr/local/nginx/logs/nginx.pid`
mv /$(log)/access.log /opt/${day}
kill -USR1 ${pid}
sed -i '/.*bbs.*/!p' /opt/${day}
[root@G ~]#crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@G ~]#crontab -l
59 23 * * * bash ~/split-log.sh
六、要求配置location匹配请求地址http://www.kgc.com/test/XXXX,使用户访问该路径下的文件时返回/var/share/nginx/html/目录下的文件内容。
要求使用rewrite将使用域名www.benet.com 请求以 .php 结尾的访问都跳转到域名www.kgc.com上,而且后面的参数保持不变,比如访问http://www.benet.com/bbs/index.php跳转到http://www.kgc.com/bbs/index.php。
1.Nginx服务器配置
bash
[root@G ~]#vim /usr/local/nginx/conf/nginx.conf
bash
[root@G ~]#mkdir /var/share/nginx/html -p
[root@G ~]#nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@G ~]#nginx -s reload
2.测试
七、在Nginx服务器上对基于www.benet.com域名的虚拟机主机设置动静分离由nginx提供静态页面服务,将对 .jsp文件的动态页面请求转发到Tomcat 服务器处理,并实现负载均衡
1.Nginx服务配置
bash
[root@G html]#vim /usr/local/nginx/conf/nginx.conf
bash
[root@G html]#nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@G html]#nginx -s reload
bash
[root@G php]#cd /usr/local/nginx/html/
[root@G html]#ls
50x.html bbs index.html
[root@G html]#mv index.html ..
[root@G html]#ls
50x.html bbs
[root@G html]#echo Welcome back > index.html
[root@G html]#cat index.html
Welcome back
2.Tomcat1服务器配置
bash
[root@node2 ROOT]#ls
asf-logo-wide.svg bg-upper.png tomcat.css tomcat.svg
bg-button.png favicon.ico tomcat.gif WEB-INF
bg-middle.png index.jsp tomcat.png
bg-nav.png RELEASE-NOTES.txt tomcat-power.gif
[root@node2 ROOT]#mv index.jsp ..
[root@node2 ROOT]#ls
asf-logo-wide.svg bg-upper.png tomcat.gif WEB-INF
bg-button.png favicon.ico tomcat.png
bg-middle.png RELEASE-NOTES.txt tomcat-power.gif
bg-nav.png tomcat.css tomcat.svg
[root@node2 ROOT]#echo Tomcat1 > index.jsp
[root@node2 ROOT]#cat index.jsp
Tomcat1
[root@node2 ROOT]#systemctl start tomcat
3.Tomcat2服务器配置
bash
[root@node3 tomcat]#ls
bin CONTRIBUTING.md logs RELEASE-NOTES webapps
BUILDING.txt lib NOTICE RUNNING.txt work
conf LICENSE README.md temp
[root@node3 tomcat]#cd webapps/ROOT/
[root@node3 ROOT]#ls
asf-logo-wide.svg bg-upper.png tomcat.css tomcat.svg
bg-button.png favicon.ico tomcat.gif WEB-INF
bg-middle.png index.jsp tomcat.png
bg-nav.png RELEASE-NOTES.txt tomcat-power.gif
[root@node3 ROOT]#mv index.jsp ..
[root@node3 ROOT]#ls
asf-logo-wide.svg bg-upper.png tomcat.gif WEB-INF
bg-button.png favicon.ico tomcat.png
bg-middle.png RELEASE-NOTES.txt tomcat-power.gif
bg-nav.png tomcat.css tomcat.svg
[root@node3 ROOT]#echo Tomcat2 > index.jsp
[root@node3 ROOT]#cat index.jsp
Tomcat2
[root@node3 ROOT]#systemctl start tomct
Failed to start tomct.service: Unit not found.
[root@node3 ROOT]#systemctl start tomcat
4.测试
八、在网关服务器上设置SNAT/DNAT,使client使用网关服务器的ens36接口的IP地址访问也可实现上一题的效果。
1.代理服务器配置
bash
[root@localhost ~]#vim /etc/sysctl.conf
[root@localhost ~]#tail -n1 /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@localhost ~]#sysctl -p
net.ipv4.ip_forward = 1
[root@localhost ~]#vim /etc/hosts
[root@localhost ~]#cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.241.24 www.kgc.com www.benet.com
[root@localhost ~]#iptables -F
[root@localhost ~]#iptables -t nat -A POSTROUTING -s 192.168.241.11/24 -o ens36 -p tcp --dport 80 -j SNAT --to 12.0.0.1
[root@localhost ~]#iptables -t nat -A PREROUTING -d 12.0.0.1/24 -i ens36 -p tcp --dport 80 -j DNAT --to 192.168.241.11
[root@localhost ~]#iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- ens36 * 0.0.0.0/0 12.0.0.0/24 tcp dpt:80 to:192.168.241.11
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4 260 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
0 0 SNAT tcp -- * ens36 192.168.241.0/24 0.0.0.0/0 tcp dpt:80 to:12.0.0.1