docker容器化业务

 

1、环境准备:

image-20221025224829703

设备 IP地址 作用 系统版本
mysql-master 192.168.100.213 Nginx-Web服务器 Ubuntu2004
mysql-slave 192.168.100.214 Nginx-Web服务器 Ubuntu2004
harbor1 192.168.100.215 反向代理web+负载均衡 Ubuntu2004
harbor2 192.168.100.216 DNS服务器 Ubuntu2004
nginx-harbor 192.168.100.217 测试 Ubuntu2004
docker1 192.168.100.211 jpress容器、wordpress容器、kodbox容器 Ubuntu2004
docker2 192.168.100.212 jpress、wordpress、kodbox Ubuntu2004
Nginx1 192.168.100.113 反向代理+负载均衡jpress、wordpress、kodbox Rocky8.6
Nginx2 192.168.100.114 反向代理+负载均衡jpress、wordpress、kodbox Rocky8.6
keepalived-master 192.168.100.111、192.168.100.88(vip) VIP Rocky8.6
keepalived-slave 192.168.100.112、192.168.100.88(vip) VIP Rocky8.6
firewalld 192.168.100.219、172.20.0.246 防火墙 Ubuntu2004
客户端路由器 172.20.0.245、10.0.0.101 客户端路由器 Ubuntu2004
DNS 10.0.0.28 客户端DNS Rocky8.6
client 10.0.0.199 测试 Rocky9

2、构建基础镜像

 #构建ubuntu系统基础镜像
 [root@DY-ubuntu-01 ubuntu_base]#vim Dockerfile 
 ​
 FROM ubuntu:20.04
 LABEL maintainer="www.wang.org" version="ubuntu_base:v1.0"
 ​
 RUN sed -i 's/archive.ubuntu.com/mirrors.ustc.edu.cn/g' /etc/apt/sources.list && \
     apt update && \
     apt  -y install tree wget vim curl iproute2 tzdata zip unzip && \
     rm -rf /etc/localtime && \
     ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
     rm -rf /var/lib/apt/lists/*
 [root@DY-ubuntu-01 ubuntu_base]#docker build -t ubuntu_base:v1.0 .
 #构建php基础镜像
 [root@DY-ubuntu-01 php]#vim Dockerfile
 FROM ubuntu_base:v1.0
 LABEL maintarner="www.wang.org" version="ubuntu_php:v1.1"
 ​
 ADD php-7.4.30.tar.gz /usr/local/src/
 ​
 RUN apt update && \
     apt -y install gcc make libssl-dev libxml2-dev libsqlite3-dev libcurl3-dev libxml2 sqlite3 pkg-config zlib1g-dev libonig-dev libkrb5-dev libssl-dev libbz2-dev libcurl4-openssl-dev libpng-dev libjpeg-dev libfreetype-dev g++ libonig-dev libxslt-dev libzip-dev && \
     cd /usr/local/src/php-7.4.30 && \
     ./configure --prefix=/apps/php74 --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-mbstring --enable-xml --enable-sockets --enable-fpm --enable-maintainer-zts --disable-fileinfo && \
     make && make install && \
     useradd -r -u 888 nginx && \
     rm -rf /usr/local/src/php-7.4.30
 ​
 COPY php.ini /usr/local/src/php-7.4.30/
 COPY www.conf /apps/php74/etc/php-fpm.d/
 COPY php-fpm.conf /apps/php74/etc/
 ​
 [root@DY-ubuntu-01 php]#docker build -t ubuntu_php:v1.1 .
 #构建nginx基础镜像:
 [root@DY-ubuntu-01 nginx]#vim Dockerfile
 FROM ubuntu_php:v1.1
 LABEL maintainer="www.wang.org" version="ubuntu_nginx:v1.0"
 ​
 ADD nginx-1.22.0.tar.gz /usr/local/src/
 ​
 RUN apt update && \
     apt install -y nfs-kernel-server nfs-common openssh-server openssl libpcre3 libpcre3-dev
 RUN cd /usr/local/src/nginx-1.22.0 && \
     ./configure --prefix=/apps/nginx && \
     make && make install && \
     ln -s /apps/nginx/sbin/nginx /usr/bin && \
     mkdir /apps/nginx/conf/conf.d && \
     rm -rf /usr/local/src/nginx-1.22.0/*
 ​
 ADD nginx.conf /apps/nginx/conf/nginx.conf
 ​
 RUN chown -R nginx.nginx /apps/nginx/
 ​
 COPY run_nginx.sh /usr/local/sbin/
 ​
 EXPOSE 80 443
 ​
 CMD ["run_nginx.sh"]
 ​
 [root@DY-ubuntu-01 nginx]#vim run_nginx.sh 
 #!/bin/bash
 /apps/php74/sbin/php-fpm
 /apps/nginx/sbin/nginx -g "daemon off;"
 ​
 [root@DY-ubuntu-01 nginx]#docker build -t ubuntu_nginx:v1.0 .

3、搭建harbor

 #192.168.100.215、192.168.100.216都执行:
 #准备harbor安装脚本,脚本参照:https://blog.51cto.com/dayu/5787187
 [root@DY-ubuntu-06 ~]#bash install_harbor.sh   
 [root@DY-ubuntu-05 ~]#vim /etc/docker/daemon.json
 ​
 {
   "registry-mirrors": ["https://pgavrk5n.mirror.aliyuncs.com"],
   "insecure-registries": ["192.168.100.215","192.168.100.216","harbor.wang.org"]
 }
 [root@DY-ubuntu-05 ~]#systemctl restart docker
 [root@DY-ubuntu-05 ~]#vim /etc/hosts
 192.168.100.217 harbor.wang.org
 ​
 [root@DY-ubuntu-05 ~]#vim /apps/harbor/harbor.yml
 hostname: 192.168.100.215       #改为本机IP
 [root@DY-ubuntu-05 ~]#cd /apps/harbor/
 [root@DY-ubuntu-05 harbor]#./prepare
 [root@DY-ubuntu-05 harbor]#docker-compose down
 [root@DY-ubuntu-05 harbor]#docker-compose up -d
 ​
 #浏览器分别登陆215和216设置harbor复制规则,具体请参照https://blog.51cto.com/dayu/5786146

4、nginx反向代理harbor

 #192.168.100.217:
 [root@DY-ubuntu-07 conf]#cd certs/
 [root@DY-ubuntu-07 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 2650 -out ca.crt
 [root@DY-ubuntu-07 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.wang.org.key -out harbor.wang.org.csr 
 [root@DY-ubuntu-07 certs]#openssl x509 -req -days 3650 -in harbor.wang.org.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out harbor.wang.org.crt
 [root@DY-ubuntu-07 certs]#cat harbor.wang.org.crt ca.crt > harbor.wang.org.pem
 [root@DY-ubuntu-07 certs]#cd
 [root@DY-ubuntu-07 ~]#vim /apps/nginx/conf/conf.d/harbor.wang.org.conf 
 ​
 upstream harbor {
     hash $remote_addr;
     server 192.168.100.215;
     server 192.168.100.216;
 }
 ​
 server {
     listen 80;
     server_name harbor.wang.org;
     return 302 https://$server_name$request_uri;
 }
 ​
 server {
     listen 443 ssl http2;
     ssl_certificate /apps/nginx/conf/certs/harbor.wang.org.pem;
     ssl_certificate_key /apps/nginx/conf/certs/harbor.wang.org.key;
     ssl_session_cache shared:sslcache:20m;
     ssl_session_timeout 10m;
     server_name harbor.wang.org;
     client_max_body_size 10g;
     location / {
         proxy_pass http://harbor;
     }
 }
 ​

5、构建jpress业务镜像

 [root@DY-ubuntu-01 jpress]#vim Dockerfile 
 ​
 FROM ubuntu_base:v1.0
 LABEL maintainer="www.wang.org" version="ubuntu_jpress:v1.0"
 ​
 ADD jdk-8u341-linux-x64.tar.gz /usr/local/
 ​
 RUN cd /usr/local && \
     ln -s jdk1.8.0_341/ jdk && \
     echo "export JAVA_HOME=/usr/local/jdk\nexport PATH=$PATH:/usr/local/jdk/bin" > /etc/profile.d/jdk.sh
 ​
 ENV JAVA_HOME /usr/local/jdk
 ENV PATH $PATH:${JAVA_HOME}/bin
 ​
 ADD apache-tomcat-9.0.65.tar.gz /usr/local/
 ​
 RUN cd /usr/local && \
     ln -s apache-tomcat-9.0.65 tomcat
 ​
 COPY jpress-v5.0.2.war /data/jpress/
 COPY server.xml /usr/local/tomcat/conf/server.xml
 COPY run_tomcat.sh /usr/local/tomcat/bin/run_tomcat.sh
 ​
 RUN cd /data/jpress && \
     mv jpress-v5.0.2.war ROOT.war && \
     groupadd -g 808 -r tomcat && \
     useradd -u 808 -g tomcat -M -r tomcat && \
     chown -R tomcat.tomcat /data/jpress/ /usr/local/tomcat/
 ​
 CMD ["/usr/local/tomcat/bin/run_tomcat.sh"]
 ​
 [root@DY-ubuntu-01 jpress]#ls
 Dockerfile                   jdk-8u341-linux-x64.tar.gz  run_tomcat.sh
 apache-tomcat-9.0.65.tar.gz  jpress-v5.0.2.war           server.xml
 [root@DY-ubuntu-01 jpress]#vim server.xml 
 ......
 <Server port="-1" shutdown="SHUTDOWN">
 ......
 <Host name="localhost"  appBase="/data/jpress" unpackWARs="true" autoDeploy="false">
 .....
 ​
 [root@DY-ubuntu-01 jpress]#vim run_tomcat.sh
 echo "nameserver 180.76.76.76" > /etc/resolv.conf
 su - tomcat -c "usr/local/tomcat/bin/catalina.sh start"
 tail -f /etc/hosts
 ​
 [root@DY-ubuntu-01 jpress]#docker build -t ubuntu_tomcat:v1.0 .
 [root@DY-ubuntu-01 jpress]#docker run -d  -p 8080:80 ubuntu_wordpress:v1.0

6、搭建主从数据库

 #主数据库(192.168.100.213):
 [root@DY-ubuntu-03 ~]#systemctl restart mysql
 [root@DY-ubuntu-03 ~]#vim /etc/my.cnf
 [mysqld]
 server-id=213
 log-bin
 datadir=/data/mysql
 socket=/data/mysql/mysql.sock
 log-error=/data/mysql/mysql.log
 pid-file=/data/mysql/mysql.pid
 default_authentication_plugin=mysql_native_password
 ​
 [root@DY-ubuntu-03 ~]#mysql -uroot -p123456
 mysql> show master logs;
 +-------------------------+-----------+-----------+
 | Log_name                | File_size | Encrypted |
 +-------------------------+-----------+-----------+
 | DY-ubuntu-03-bin.000001 |       180 | No        |
 | DY-ubuntu-03-bin.000002 |       515 | No        |
 | DY-ubuntu-03-bin.000003 |       157 | No        |
 ​
 mysql> create user repluser@'192.168.100.%' identified by '123456';
 mysql> grant replication slave on *.* to repluser@'192.168.100.%';
 ​
 #从数据库(192.168.100.214):
 [root@DY-ubuntu-04 ~]#vim /etc/my.cnf 
 [root@DY-ubuntu-04 ~]#systemctl restart mysql
 [root@DY-ubuntu-04 ~]#mysql -uroot -p123456
 ​
 CHANGE MASTER TO           
    MASTER_HOST='192.168.100.213',
    MASTER_USER='repluser',
    MASTER_PASSWORD='123456',
    MASTER_PORT=3306,
    MASTER_LOG_FILE='DY-ubuntu-03-bin.000003',
    MASTER_LOG_POS=157,
    MASTER_CONNECT_RETRY=10;
 ​
 ​
 mysql> start slave;
 mysql> show slave status\G
 ​

7、Jpress连接数据库

#数据库(192.168.100.213):
mysql> create database jpress;
mysql> create user jpress@'192.168.100.%' identified by '123456';
mysql> grant all on jpress.* to jpress@'192.168.100.%';

mysql> show grants for jpress@'192.168.100.%';
+----------------------------------------------------------------+
| Grants for jpress@192.168.100.%                                |
+----------------------------------------------------------------+
| GRANT USAGE ON *.* TO `jpress`@`192.168.100.%`                 |
| GRANT ALL PRIVILEGES ON `jpress`.* TO `jpress`@`192.168.100.%` |
+----------------------------------------------------------------+
2 rows in set (0.00 sec)
#浏览器输入192.168.100.211:8080 连接数据库即可

8、构建wordpress镜像

[root@DY-ubuntu-01 wordpress]#vim Dockerfile
FROM ubuntu_nginx:v1.0
LABEL maintarner="www.wang.org" version="ubuntu_wordpress.1.0"

ADD wordpress-6.0.2-zh_CN.tar.gz /data/
COPY wordpress.wang.org.conf /apps/nginx/conf/conf.d/wordpress.wang.org.conf

RUN chown -R nginx.nginx /data/wordpress

[root@DY-ubuntu-01 wordpress]#docker build -t ubuntu_wordpress:v1.0 .
[root@DY-ubuntu-01 wordpress]#docker run -d  -p 9090:80 ubuntu_wordpress:v1.0
#数据库(192.168.100.213):
mysql> create database wordpress;
mysql> create user wordpress@'192.168.100.%' identified by '123456';
mysql> grant all on wordpress.* to wordpress@'192.168.100.%';
mysql> show grants for wordpress@'192.168.100.%';

#客户端解析,浏览器输入wordpress.wang.org 连接数据库即可

9、构建kodbox镜像

[root@DY-ubuntu-01 kodbox]#vim Dockerfile 
FROM ubuntu_nginx:v1.0
LABEL maintarner="www.wang.org" version="ubuntu_kodbox.1.0"


ADD kodbox-1.35.031.tar.gz  /data/
COPY kodbox.wang.org.conf /apps/nginx/conf/conf.d/kodbox.wang.org.conf

RUN apt update && \
    apt -y install libapache2-mod-php7.4 php7.4-mysql php7.4-json php7.4-xml php7.4-mbstring php7.4-zip php7.4-gd php7.4-curl

RUN cd /data && \
    mv kodbox-1.35.031 kodbox && \
    chown -R nginx.nginx /data/kodbox

[root@DY-ubuntu-01 kodbox]#vim kodbox.wang.org.conf 
server {
    listen 80;
    server_name kodbox.wang.org;
    root /data/kodbox;
    index index.php index.html index.htm;
    location ~ \.php$|ping {
        root /data/kodbox;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

[root@DY-ubuntu-01 kodbox]#docker build -t ubuntu_kodbox:v1.0 .
[root@DY-ubuntu-01 kodbox]#docker run -d -p 6060:80 ubuntu_kodbox:v1.0
#数据库(192.168.100.213):
mysql> create database kodbox;
mysql> create user kodbox@'192.168.100.%' identified by '123456';
mysql> grant all on kodbox.* to kodbox@'192.168.100.%';

#客户端解析,浏览器输入kodbox.wang.org 连接数据库即可

10、搭建nginx反向代理

#nginx反向代理服务器(192.168.100.113、192.168.100.114):
[root@node3 conf.d]# vim jpress.wang.org.conf 

upstream jpress {
    hash $remote_addr;
    server 192.168.100.211:8080;
    server 192.168.100.212:8080;                                                            
}

server {
    listen 80;
    server_name jpress.wang.org;
    location / {
        proxy_pass http://jpress;
    }
}

[root@node3 conf.d]# vim kodbox.wang.org.conf 

upstream kodbox {
    hash $remote_addr;
    server 192.168.100.211:6060;
    server 192.168.100.212:6060;
}

server {
    listen 80;
    server_name kodbox.wang.org;
    location / {
        proxy_pass http://kodbox;     
        proxy_set_header host $http_host;
    }
}

[root@node3 conf.d]# vim wordpress.wang.org.conf 

upstream wordpress {
    hash $remote_addr;
    server 192.168.100.211:9090;
    server 192.168.100.212:9090;
}

server {
    listen 80;
    server_name wordpress.wang.org;                                                         
    location / {
        proxy_pass http://wordpress;
        proxy_set_header host $http_host;
    }
}
[root@node3 conf.d]# nginx -s reload

11、搭建keepalived

#keepalived_master(192.168.100.111):
[root@node111 ~]# hostnamectl set-hostname node111.wang.org
[root@node111 ~]# vim /etc/hosts
192.168.100.111 node111.wang.org
192.168.100.112 node112.wang.org
[root@node111 ~]# ssh-keygen
[root@node111 ~]# ssh-copy-id node111.wang.org
[root@node111 ~]# ssh-copy-id node112.wang.org 

[root@node111 ~]# yum install -y keepalived ipvsadm
[root@node111 ~]# vim /etc/keepalived/keepalived.conf

global_defs {
   notification_email {
     root@wang.org
   }
   notification_email_from root@wang.org
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node111
   vrrp_skip_check_adv_addr
  # vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
  # vrrp_mcast_group4 224.0.0.18
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.100.88  dev eth0 label eth0:1
    }
    unicast_src_ip 192.168.100.111
    unicast_peer {
        192.168.100.112
    }
}
virtual_server 192.168.100.88 80 {                                                                                                                                                      
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 50
    protocol TCP
    sorry_server 127.0.0.1 80
    real_server 192.168.100.113 80 {
        weight 1
        HTTP_GET {
            url {
              path /
#              digest 640205b7b0fc66c1ea91c463fac6334d
              status_code 200
            }
            connect_timeout 2
            retry 3
            delay_before_retry 1
        }
    }
    real_server 192.168.100.114 80 {
        weight 1
#        HTTP_GET {
#            url {
#              path /
#              digest 640205b7b0fc66c1ea91c463fac6334d
#              status_code 200
#            }
         TCP_CHECK {
            connect_timeout 2
            retry 3
            delay_before_retry 1
            connect_port 80
         }
        }
    }
[root@node111 ~]# scp /etc/keepalived/keepalived.conf 192.168.100.112:/etc/keepalived/keepalived.conf

[root@node111 ~]# systemctl restart keepalived.service
[root@node111 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.88:80 rr persistent 50
  -> 192.168.100.113:80           Route   1      0          0         
  -> 192.168.100.114:80           Route   1      0          0  
#keepalived_slave(192.168.100.112):
[root@node112 ~]# hostnamectl set-hostname node112.wang.org
[root@node112 ~]# vim /etc/hosts
192.168.100.111 node111.wang.org
192.168.100.112 node112.wang.org
[root@node112 ~]# ssh-keygen
[root@node112 ~]# ssh-copy-id node111.wang.org
[root@node112 ~]# ssh-copy-id node112.wang.org 

[root@node112 ~]# yum install -y keepalived ipvsadm
[root@node112 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
   notification_email {
     root@wang.org
   }
   notification_email_from root@wang.org
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id node112
   vrrp_skip_check_adv_addr
  # vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
  # vrrp_mcast_group4 224.0.0.18
}

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 60
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.100.88  dev eth0 label eth0:1                                               
    }
    unicast_src_ip 192.168.100.112
    unicast_peer {
        192.168.100.111
    }
}
virtual_server 192.168.100.88 80 {                                                           
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 50
    protocol TCP
    sorry_server 127.0.0.1 80
    real_server 192.168.100.113 80 {
        weight 1
        HTTP_GET {
            url {
              path /
#              digest 640205b7b0fc66c1ea91c463fac6334d
              status_code 200
            }
            connect_timeout 2
            retry 3
            delay_before_retry 1
        }
    }
    real_server 192.168.100.114 80 {
        weight 1
#        HTTP_GET {
#            url {
#              path /
#              digest 640205b7b0fc66c1ea91c463fac6334d
#              status_code 200
#            }
         TCP_CHECK {
            connect_timeout 2
            retry 3
            delay_before_retry 1
            connect_port 80
         }
        }
    }

[root@node112 ~]# systemctl restart keepalived.service
[root@node112 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.100.88:80 rr persistent 50
  -> 192.168.100.113:80           Route   1      0          0         
  -> 192.168.100.114:80           Route   1      0          0 
#所有后端服务器:(192.168.100.113、192.168.100.114):
[root@node3 ~]# echo 1 > /proc/sys/net/ipv4/conf/enp1s0/arp_ignore
[root@node3 ~]# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
[root@node3 ~]# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore 
[root@node3 ~]# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
[root@node3 ~]# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
[root@node3 ~]# ifconfig lo:0 192.168.100.88 netmask 255.255.255.255 broadcast 192.168.100.88 up
[root@node3 ~]# route add -host 192.168.100.88 dev lo:0

12、部署防火墙

#firewalld(192.168.100.219):
[root@DY-ubuntu-09 ~]#iptables -t nat -A PREROUTING -d 172.20.0.246 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.88:80

[root@DY-ubuntu-09 ~]#echo 1 > /proc/sys/net/ipv4/ip_forward

[root@DY-ubuntu-09 ~]#iptables  -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -d 172.20.0.246/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.100.88:80

#keepalived和nginx反向代理服务器需要把默认路由指向防火墙(192.168.100.111-114)
[root@node3 ~]# route del default 
[root@node3 ~]# route add default gw 192.168.100.219 dev eth0
[root@node3 ~]# route -n

13、部署客户端路由

#10.0.0.101:
[root@ubuntu2004 ~]#echo 1 > /proc/sys/net/ipv4/ip_forward

[root@ubuntu2004 ~]#iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE 

[root@ubuntu2004 ~]#iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE

14、部署DNS

# DNS(10.0.0.28):
[root@dns ~]# vim /etc/named.conf 
//  listen-on port 53 { 127.0.0.1; };
//  listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file   "/var/named/data/named.secroots";
    recursing-file  "/var/named/data/named.recursing";
//  allow-query     { localhost; };

[root@dns ~]# vim /etc/named.rfc1912.zones 
zone "wang.org" IN {
    type master;
    file "wang.org.zone";
};
[root@dns ~]# cd /var/named/
[root@dns named]# cp -p named.localhost wang.org.zone
[root@dns named]# vim wang.org.zone
$TTL 1D
@   IN SOA  admin admin.wang.org. (
                    0   ; serial
                    1D  ; refresh
                    1H  ; retry
                    1W  ; expire
                    3H )    ; minimum
    NS  admin
admin      A    10.0.0.28
jpress     A    172.20.0.246
wordpress  A    172.20.0.246
kodbox     A    172.20.0.246

[root@dns named]# named-checkconf     #检查配置文件语法是否有问题,如果需要检查zone文件的语法是否有问题,需要安装上bind-utils
[root@dns named]# systemctl restart named

[root@rocky8 named]#route del default 
[root@rocky8 named]#route add default gw 10.0.0.101 dev eth0

15、客户端测试

#10.0.0.199:
[root@rocky9 ~]#route del default 
[root@rocky9 ~]#route add default gw 10.0.0.101 dev eth0
[root@rocky9 ~]#curl wordpress.wang.org -kL
[root@rocky9 ~]#curl kodbox.wang.org -kL
[root@rocky9 ~]#curl jpress.wang.org -kL
posted @ 2022-10-26 21:57  大雨转暴雨  阅读(61)  评论(0编辑  收藏  举报