利用 Nginx 反向代理搭建本地 yum 服务器

在政府，医院等单位有网络安全要求，对内外网进行物理隔离，然而内网主机无法访问互联网下载安装包，通过Nginx 反向代理搭建本地yum服务器实现内网主机安装包下载。

Centos 8.2 部署 Nginx Server
系统版本

[root@yum-server ~]# cat  /etc/redhat-release 
CentOS Linux release 8.2.2004 (Core)

配置Nginx 源

# cat nginx.repo 
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

安装 nginx

dnf install nginx

查看nginx软件包信息

nginx 配置文件

[root@yum-server /]# egrep -v "*#|^$" /etc/nginx/conf.d/default.conf 
server {
    listen       1888;
    location /software/ {
        root   /mnt/nginx;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        charset utf-8,gbk,gb2312;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /mnt/nginx;
    }
     location /centos/ {
         proxy_pass http://mirrors.aliyun.com/centos/;
     }
     location /zabbix/ {
         proxy_pass http://mirrors.aliyun.com/zabbix/;
     }
     location = /nginx_status {
        stub_status on;
        access_log /var/log/nginx/status.log;
        allow 127.0.0.1;
        deny all;
     }
}

nginx 发布文件目录

• autoindex on; # 开启目录文件列表
• autoindex_exact_size on; # 显示出文件的确切大小，单位是bytes
• autoindex_localtime on; # 显示的文件时间为文件的服务器时间
• charset utf-8,gbk,gb2312; # 避免中文乱码

防火墙配置

firewall-cmd    --add-port=1888/tcp --permanent
firewall-cmd    --reload

目录访问测试

内网主机repo文件

# cat Centos-7.repo 
[base]
name=CentOS-$releasever - Base - 172.168.1.176:1888
baseurl=http://172.168.1.176:1888/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://172.168.1.176:1888/centos/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-$releasever - Updates - 172.168.1.176:1888
baseurl=http://172.168.1.176:1888/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://172.168.1.176:1888/centos/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - 172.168.1.176:1888
baseurl=http://172.168.1.176:1888/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://172.168.1.176:1888/centos/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - 172.168.1.176:1888
baseurl=http://172.168.1.176:1888/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://172.168.1.176:1888/centos/RPM-GPG-KEY-CentOS-7

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - 172.168.1.176:1888
baseurl=http://172.168.1.176:1888/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://172.168.1.176:1888/centos/RPM-GPG-KEY-CentOS-7

# cat zabbix.repo 
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://172.168.1.176:1888/zabbix/zabbix/4.2/rhel/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://172.168.1.176:1888/zabbix/RPM-GPG-KEY-ZABBIX-A14FE591

[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch 
baseurl=http://172.168.1.176:1888/zabbix/non-supported/rhel/7/$basearch/
enabled=1
gpgkey=http://172.168.1.176:1888/zabbix/RPM-GPG-KEY-ZABBIX
gpgcheck=1

清除缓存,生成缓存,查看rpm

yum clean all
yum makecache
yum list 

yum 测试