centos搭建内网DNS配合nginx反向代理-陌上烟雨遥

需求：在内网已部署一个苹果CMS，但每次访问都要通过IP很不方便，需要转变为用域名访问
在这里插入图片描述

方法一：
给每个需要访问该网站的人添加一条hosts记录；如果只是几个人这方法的确很快，但是如果上百人甚至上千人一个个去添加hosts显然是不理智的行为

方法二：在内网搭建一个DNS服务器添加解析记录即可

IP地址：192.168.111.68
环境：


<span class="token punctuation">[</span>root@DNS-Server named<span class="token punctuation">]</span> CentOS Linux release <span class="token number">7.7</span>.1908 <span class="token punctuation">(</span>Core<span class="token punctuation">)</span> 
<span class="token punctuation">[</span>root@DNS-Server named<span class="token punctuation">]</span> CentOS Linux release <span class="token number">7.7</span>.1908 <span class="token punctuation">(</span>Core<span class="token punctuation">)</span> 
[root@DNS-Server named] CentOS Linux release 7.7.1908 (Core)

安装DNS软件


yum <span class="token function">install</span> <span class="token function">vim</span> bind*-y 
yum <span class="token function">install</span> <span class="token function">vim</span> bind*-y 
yum install vim bind*-y

修改配置文件


 <span class="token function">vim</span> /etc/named.conf 
 <span class="token function">vim</span> /etc/named.conf 
 vim /etc/named.conf

在这里插入图片描述
配置域名解析

注：添加的内容可直接填写在/etc/named.conf或填写/etc/named.rfc1912.zones或自定义；本次实验填写在/etc/named.rfc1912.zones中。


 <span class="token function">vim</span> /etc/named.rfc1912.zones  
 <span class="token function">vim</span> /etc/named.rfc1912.zones  
 vim /etc/named.rfc1912.zones

在这里插入图片描述
创建正向解析文件


<span class="token function">vim</span> virgo.com.zone <span class="token variable">$TTL</span> 1D @ IN SOA virgo.com. root.virgo.com. <span class="token punctuation">(</span> <span class="token number">0</span> <span class="token punctuation">;</span> serial 1D <span class="token punctuation">;</span> refresh 1H <span class="token punctuation">;</span> retry 1W <span class="token punctuation">;</span> expire 3H <span class="token punctuation">)</span> <span class="token punctuation">;</span> minimum @ IN NS dns.virgo.com. dns IN A <span class="token number">192.168</span>.111.68 //DNS服务器地址 www IN A <span class="token number">192.168</span>.111.58 //视频服务器IP地址 
<span class="token function">vim</span> virgo.com.zone <span class="token variable">$TTL</span> 1D @ IN SOA virgo.com. root.virgo.com. <span class="token punctuation">(</span> <span class="token number">0</span> <span class="token punctuation">;</span> serial 1D <span class="token punctuation">;</span> refresh 1H <span class="token punctuation">;</span> retry 1W <span class="token punctuation">;</span> expire 3H <span class="token punctuation">)</span> <span class="token punctuation">;</span> minimum @ IN NS dns.virgo.com. dns IN A <span class="token number">192.168</span>.111.68 //DNS服务器地址 www IN A <span class="token number">192.168</span>.111.58 //视频服务器IP地址 
vim virgo.com.zone $TTL 1D @ IN SOA virgo.com. root.virgo.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.virgo.com. dns IN A 192.168.111.68 //DNS服务器地址 www IN A 192.168.111.58 //视频服务器IP地址

由于暂时用不到反向解析，暂且跳过
重启服务：systemctl restart named
客户端配置DNS：
在这里插入图片描述
登录苹果CMS后台配置域名；www.virgo.com

客户端刷新DNS缓存：

测试访问即可

思考：上述搭建DNS仅是内网使用，如果查询的域名在内网DNS并没指向怎么办呢?添加转发地址即可。


options <span class="token punctuation">{<!-- --></span> listen-on port <span class="token number">53</span> <span class="token punctuation">{<!-- --></span> any<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> //默认是any，表示允许所有网段的主机。可以改成自己所在的内网网段 listen-on-v6 port <span class="token number">53</span> <span class="token punctuation">{<!-- --></span> ::1<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> directory <span class="token string">"/var/named"</span><span class="token punctuation">;</span> //定义named的固定工作路径 dump-file <span class="token string">"/var/named/data/cache_dump.db"</span><span class="token punctuation">;</span> statistics-file <span class="token string">"/var/named/data/named_stats.txt"</span><span class="token punctuation">;</span> memstatistics-file <span class="token string">"/var/named/data/named_mem_stats.txt"</span><span class="token punctuation">;</span> allow-query <span class="token punctuation">{<!-- --></span> any<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> //表示接收所有网段 recursion <span class="token function">yes</span><span class="token punctuation">;</span> forward first<span class="token punctuation">;</span> //下面这两行配置很重要，这个配置后，当客户端采用我们自己配置的内网DNS的NS服务器后，当访问别的网站，内网NS解析不了的就转发给8.8.8.8的DS服务器解析，保证能正常上网。 forwarders <span class="token punctuation">{<!-- --></span> <span class="token number">223.5</span>.5.5<span class="token punctuation">;</span> //阿里云的DNS服务器 <span class="token number">223.6</span>.6.6<span class="token punctuation">;</span> <span class="token number">8.8</span>.8.8<span class="token punctuation">;</span> <span class="token number">8.8</span>.4.4<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> 
options <span class="token punctuation">{<!-- --></span> listen-on port <span class="token number">53</span> <span class="token punctuation">{<!-- --></span> any<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> //默认是any，表示允许所有网段的主机。可以改成自己所在的内网网段 listen-on-v6 port <span class="token number">53</span> <span class="token punctuation">{<!-- --></span> ::1<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> directory <span class="token string">"/var/named"</span><span class="token punctuation">;</span> //定义named的固定工作路径 dump-file <span class="token string">"/var/named/data/cache_dump.db"</span><span class="token punctuation">;</span> statistics-file <span class="token string">"/var/named/data/named_stats.txt"</span><span class="token punctuation">;</span> memstatistics-file <span class="token string">"/var/named/data/named_mem_stats.txt"</span><span class="token punctuation">;</span> allow-query <span class="token punctuation">{<!-- --></span> any<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> //表示接收所有网段 recursion <span class="token function">yes</span><span class="token punctuation">;</span> forward first<span class="token punctuation">;</span> //下面这两行配置很重要，这个配置后，当客户端采用我们自己配置的内网DNS的NS服务器后，当访问别的网站，内网NS解析不了的就转发给8.8.8.8的DS服务器解析，保证能正常上网。 forwarders <span class="token punctuation">{<!-- --></span> <span class="token number">223.5</span>.5.5<span class="token punctuation">;</span> //阿里云的DNS服务器 <span class="token number">223.6</span>.6.6<span class="token punctuation">;</span> <span class="token number">8.8</span>.8.8<span class="token punctuation">;</span> <span class="token number">8.8</span>.4.4<span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> <span class="token punctuation">}</span><span class="token punctuation">;</span> 
options { listen-on port 53 { any; }; //默认是any，表示允许所有网段的主机。可以改成自己所在的内网网段 listen-on-v6 port 53 { ::1; }; directory "/var/named"; //定义named的固定工作路径 dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; //表示接收所有网段 recursion yes; forward first; //下面这两行配置很重要，这个配置后，当客户端采用我们自己配置的内网DNS的NS服务器后，当访问别的网站，内网NS解析不了的就转发给8.8.8.8的DS服务器解析，保证能正常上网。 forwarders { 223.5.5.5; //阿里云的DNS服务器 223.6.6.6; 8.8.8.8; 8.8.4.4; }; };

参考文档：https://www.cnblogs.com/kevingrace/p/5570312.html

拓展：搭配nginx代理服务
在这里插入图片描述
DNS配置文件：
注：192.168.107.130为DNS服务器、192.168.107.115为nginx服务器


<span class="token variable">$TTL</span> 1D @ IN SOA virgo.com. root.virgo.com. <span class="token punctuation">(</span> <span class="token number">0</span> <span class="token punctuation">;</span> serial 1D <span class="token punctuation">;</span> refresh 1H <span class="token punctuation">;</span> retry 1W <span class="token punctuation">;</span> expire 3H <span class="token punctuation">)</span> <span class="token punctuation">;</span> minimum @ IN NS dns.virgo.com. dns IN A <span class="token number">192.168</span>.107.130 j IN A <span class="token number">192.168</span>.107.115 s IN A <span class="token number">192.168</span>.107.115 <span class="token function">v</span> IN A <span class="token number">192.168</span>.107.115 u IN A <span class="token number">192.168</span>.107.115 vm IN A <span class="token number">192.168</span>.107.115 z IN A <span class="token number">192.168</span>.107.115 
<span class="token variable">$TTL</span> 1D @ IN SOA virgo.com. root.virgo.com. <span class="token punctuation">(</span> <span class="token number">0</span> <span class="token punctuation">;</span> serial 1D <span class="token punctuation">;</span> refresh 1H <span class="token punctuation">;</span> retry 1W <span class="token punctuation">;</span> expire 3H <span class="token punctuation">)</span> <span class="token punctuation">;</span> minimum @ IN NS dns.virgo.com. dns IN A <span class="token number">192.168</span>.107.130 j IN A <span class="token number">192.168</span>.107.115 s IN A <span class="token number">192.168</span>.107.115 <span class="token function">v</span> IN A <span class="token number">192.168</span>.107.115 u IN A <span class="token number">192.168</span>.107.115 vm IN A <span class="token number">192.168</span>.107.115 z IN A <span class="token number">192.168</span>.107.115 
$TTL 1D @ IN SOA virgo.com. root.virgo.com. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum @ IN NS dns.virgo.com. dns IN A 192.168.107.130 j IN A 192.168.107.115 s IN A 192.168.107.115 v IN A 192.168.107.115 u IN A 192.168.107.115 vm IN A 192.168.107.115 z IN A 192.168.107.115

nginx配置文件：
配置文件中一个server表示一个服务


 worker_processes <span class="token number">1</span><span class="token punctuation">;</span>    pid logs/nginx.pid<span class="token punctuation">;</span>  events <span class="token punctuation">{<!-- --></span> worker_connections <span class="token number">1024</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> http <span class="token punctuation">{<!-- --></span> include mime.types<span class="token punctuation">;</span> default_type application/octet-stream<span class="token punctuation">;</span>     sendfile on<span class="token punctuation">;</span>   keepalive_timeout <span class="token number">65</span><span class="token punctuation">;</span>  server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name j.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.111.180<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name s.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.107.91<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name v.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.107.114/<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name z.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.107.119/zabbix/<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name vm.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass https://192.168.107.112<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> 
 worker_processes <span class="token number">1</span><span class="token punctuation">;</span>    pid logs/nginx.pid<span class="token punctuation">;</span>  events <span class="token punctuation">{<!-- --></span> worker_connections <span class="token number">1024</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> http <span class="token punctuation">{<!-- --></span> include mime.types<span class="token punctuation">;</span> default_type application/octet-stream<span class="token punctuation">;</span>     sendfile on<span class="token punctuation">;</span>   keepalive_timeout <span class="token number">65</span><span class="token punctuation">;</span>  server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name j.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.111.180<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name s.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.107.91<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name v.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.107.114/<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name z.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass http://192.168.107.119/zabbix/<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> server <span class="token punctuation">{<!-- --></span> listen <span class="token number">80</span><span class="token punctuation">;</span> server_name vm.virgo.com<span class="token punctuation">;</span> proxy_set_header X-Forwarded-Host <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-Server <span class="token variable">$host</span><span class="token punctuation">;</span> proxy_set_header X-Forwarded-For <span class="token variable">$proxy_add_x_forwarded_for</span><span class="token punctuation">;</span> location / <span class="token punctuation">{<!-- --></span> proxy_pass https://192.168.107.112<span class="token punctuation">;</span><span class="token punctuation">}</span> error_page <span class="token number">500</span> <span class="token number">502</span> <span class="token number">503</span> <span class="token number">504</span> /50x.html<span class="token punctuation">;</span> location <span class="token operator">=</span> /50x.html <span class="token punctuation">{<!-- --></span> root html<span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> 
 worker_processes 1;    pid logs/nginx.pid;  events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream;     sendfile on;   keepalive_timeout 65;  server { listen 80; server_name j.virgo.com; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://192.168.111.180;} error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name s.virgo.com; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://192.168.107.91;} error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name v.virgo.com; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://192.168.107.114/;} error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name z.virgo.com; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://192.168.107.119/zabbix/;} error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name vm.virgo.com; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass https://192.168.107.112;} error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } }