The nginx reverse agent performs a step by step explanation of the yum configuration
- 2020-05-15 03:40:47
- OfStack
part.0 USES the background
The company's Intranet servers cannot access the Internet directly via Internet, but in order to synchronize with the extranet letter and time, it will specify which servers can access Internet. This is the yum warehouse, which is made for Intranet use by an internet-enabled machine as an agent.
part. 1 environment
Intranet dns (recommended, not required, since IP can be used instead)
1 server with access to Internet, A
Servers that cannot access Internet can communicate with A servers
part. 2 nginx installation
Install nginx in A, which can be connected to an external network
yum install nginx
part. 3 nginx configuration
Add the nginx configuration to host A
$ cd /etc/nginx/conf.d
$ vim proxy.conf
server {
listen 80;
#listen [::]:80;
server_name mirrors.yourdomain.com;
index index.html index.htm index.php default.html default.htm default.php;
root /home/wwwroot/html;
location /ubuntu/ {
proxy_pass http://mirrors.aliyun.com/ubuntu/ ;
}
location /centos/ {
proxy_pass http://mirrors.aliyun.com/centos/ ;
}
location /epel/ {
proxy_pass http://mirrors.aliyun.com/epel/ ;
}
}
part.4 configure the yum repo source
Modify the repo file of host B that cannot connect to the external network.
$ cat /etc/yum.repos.d/CentOS-7.repo
[base]
name=CentOS-$releasever - Base - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/
http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7
hosts part. 5 configuration
$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.193 mirrors.yourdomain.com
# Make sure that A The host IP And the reverse proxy address behind
iptables part. 6 configuration
ping mirrors.yourdomain.com
# An error There is no route to the host
At this point, you can check the iptables information in the B host. If you find that 80 cannot be accessed, you can add a rule in the first place.
$ iptables -nvL
8155 28M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
11761 985K INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
11761 985K INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
11761 985K INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
11756 985K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
$ iptables -I INPUT -p tcp --dport 80 -j ACCEPT
part.7 test for success
The yum makecache operation is performed in the B host. To determine whether an yum operation can be performed.
$ yum clean all
$ yum makecache
conclusion