Of Stack

The nginx reverse agent performs a step by step explanation of the yum configuration

  • 2020-05-15 03:40:47
  • OfStack

part.0 USES the background

The company's Intranet servers cannot access the Internet directly via Internet, but in order to synchronize with the extranet letter and time, it will specify which servers can access Internet. This is the yum warehouse, which is made for Intranet use by an internet-enabled machine as an agent.

part. 1 environment

Intranet dns (recommended, not required, since IP can be used instead)

1 server with access to Internet, A

Servers that cannot access Internet can communicate with A servers

part. 2 nginx installation

Install nginx in A, which can be connected to an external network 


yum install nginx

part. 3 nginx configuration

Add the nginx configuration to host A 


$ cd /etc/nginx/conf.d
$ vim proxy.conf

server {
  listen 80;
  #listen [::]:80;
  server_name mirrors.yourdomain.com;
  index index.html index.htm index.php default.html default.htm default.php;
  root /home/wwwroot/html;

  location /ubuntu/ {
   proxy_pass http://mirrors.aliyun.com/ubuntu/ ;
  }

  location /centos/ {
   proxy_pass http://mirrors.aliyun.com/centos/ ;
  }

  location /epel/ {
   proxy_pass http://mirrors.aliyun.com/epel/ ;
  }
 }

part.4 configure the yum repo source

Modify the repo file of host B that cannot connect to the external network. 


$ cat /etc/yum.repos.d/CentOS-7.repo

[base]
name=CentOS-$releasever - Base - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/
  http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/
  http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/
  http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/
  http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.yourdomain.com
failovermethod=priority
baseurl=http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/
  http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7

hosts part. 5 configuration 


$ cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1   localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.193 mirrors.yourdomain.com
#  Make sure that A  The host IP  And the reverse proxy address behind

iptables part. 6 configuration 


ping mirrors.yourdomain.com
# An error   There is no route to the host

At this point, you can check the iptables information in the B host. If you find that 80 cannot be accessed, you can add a rule in the first place. 


$ iptables -nvL

 8155 28M ACCEPT  all -- *  *  0.0.0.0/0   0.0.0.0/0   ctstate RELATED,ESTABLISHED
 0  0 ACCEPT  all -- lo  *  0.0.0.0/0   0.0.0.0/0   
11761 985K INPUT_direct all -- *  *  0.0.0.0/0   0.0.0.0/0   
11761 985K INPUT_ZONES_SOURCE all -- *  *  0.0.0.0/0   0.0.0.0/0   
11761 985K INPUT_ZONES all -- *  *  0.0.0.0/0   0.0.0.0/0   
 0  0 DROP  all -- *  *  0.0.0.0/0   0.0.0.0/0   ctstate INVALID
11756 985K REJECT  all -- *  *  0.0.0.0/0   0.0.0.0/0   reject-with icmp-host-prohibited

$ iptables -I INPUT -p tcp --dport 80 -j ACCEPT

part.7 test for success

The yum makecache operation is performed in the B host. To determine whether an yum operation can be performed. 


$ yum clean all
$ yum makecache

conclusion

Related articles: