RHCE web解析、dns配置、firewalld配置实验
- 实验一
- 1.清理软件包
- 2.安装软件包
- 3.配置web服务
- 查看默认测试页面
- 报错讲解
- 1
- 2
- 4.安装DNS解析需要的bind软件包
- 5.修改网络配置,查错,修改权限
- 实验二
- 配置文件
- haha.conf
- named.conf
- named.haha
实验一
1、学习方法
重复
2、方法论1、安装软件包2、写配置3、启动服务
3、关注的点1、html http socket(ip+port) uri = url(路径) + urn(名称) 服务 软件 服务名称 协议 socketdns bind named dns协议 udp53(dns只是查询,需要速度够快,所以选择udp)web服务器http nginx nginx http tcp80/443 2、协议 http https 80 443 8080 8000 81 http dns tcp/ip协议 卷 1/2/33、配置文件,参数 web服务: /etc/nginx/nginx.conf 查看主配置文件 /etc/nginx/conf.d/(这个路径下写web解析配置文件eg.xixi.conf,主机名,根目录,日志) dns服务: /etc/named.conf (dns主配置文件,端口,数据文件目录,区域zone,服务器类型master) /var/named/ (dns区域数据文件eg.named.xixi)4、日志 /var/log/messages /var/log/*.log /var/log/secure.log 4、web服务 /nginx echo $? echo $? 引用某个变量 ? 保存上一条命令的执行结果/退出码 return code 0 正常 1-255 不正常 解析的流程:
只要访问了就有缓存
缓存 --> /etc/hosts 本地解析 --> DNS
解析的流程:
操作系统的缓存(当操作系统启动后,通过某个软件来访问了这个主机()主机名,那么这个操作系统的某个位置上就有这个主机名对应的ip地址的记录条目的缓存,如果是浏览器访问,浏览器有访问,其他工具访问,就在其他位置有缓存)只要有访问,就一定有缓存
如果缓存里面没有,就去 /etc/hosts 本地解析没有的话,就去DNS
mount /dev/sr0 /mnt 挂载镜像dnf install nginx -y 安装nginx软件(仓库、挂载)vim /etc/nginx/nginx.conf 查看主配置文件 写配置保存不了(安装过程有问题,是否有挂载)rpm -qa | grep nginx 查询是否安装成功systemctl start nginx 启动服务systemctl status nginx 查看服务状态,active(running)成功ps -ef | grep nginx 过滤服务进程(确定服务是否启动成功)一个服务启动成功后,一个主进程(master process)和多个工作进程(work process)netstat -lntup | grep nginx 查看服务网络连接find / -name nginx.pid 查找服务守护文件ll /run/nginx.pid (这个进程的进程文件)这个文件被删除,nginx服务就崩塌了run目录, 程序运行时相关的文件所在路径(内存文件系统)rm -rf /run/nginx.pid netstat -lntup | grep nginxps -ef | grep nginx 未能删除curl localhost 访问,有结果,index.html文件的内容ls
echo $? 查询访问结果 0 正常 1-255 不正常,echo表示显示
ls haha
echo $? $?表示引用某个变量? 会保存上一条命令的执行结果/退出码cd /etc/nginx/conf.d/
ll
vim /etc/nginx/nginx.conf 主配置文件
cd /usr/share/nginx/html 主配置文件中,说明服务默认内容目录,usr 是软件资源所在目录
ll
ll /usr/share/testpage/index.html 查看默认测试页面,返回为这个文件的具体信息及文件名称
rm -rf /usr/share/testpage/index.html ll /usr/share/nginx/html/ index.html ->../../testpage/index.html文件无法再访问
curl localhost 403被拒绝
curl localhost/index.html 404页面的内容(index.html无法访问就指到404.html去)<>....
llecho 404 > 404.html
curl localhost/index.html 返回404
echo welcome to test page > index.html
curl localhost/index.html 返回写入到welcome to test page
llcd /etc/nginx/conf.d/
ll
vim haha.conf 虚拟主机的配置 server_name(www) root(var) access_log error_log(注意;)systemctl restart nginx
systemctl status nginx
## mkdir /var/log/nginx/haha 创建日志目录
systemctl restart nginx
systemctl status nginxcurl localhost 可访问到 welcome to test page
cat haha.conf
ping www.haha.com ping主机名,ping的地址不是我们的ip,是一个互联网地址(因为没有做解析,或者说是我们做的解析是互联网上的dns帮我们做的解析) 创建dns服务()
ip ad
dnf install bind -y 安装bind软件
dnf remove bind -y
find / -name bind 查找指定名称的文件(/sys/bus是总线相关的文件)
find / -name named
rm -rf /var/named/
rm -rf /etc/named.conf.rpmsave
dnf install bind -y 安装
rpm -qa | grep bind 查询ll /etc/named.conf
vim /etc/named.conf 编辑dns主配置文件
listen,ip改为自己的,zone haha.com,服务器类型master,file,named.haha
原本监听地址默认的是环回地址,服务只能用于本机,不能对外服务
cat /etc/named.conf
options {listen-on port 53 { 127.0.0.1; };#UDP协议directory "/var/named"; /*数据文件目录*/
};
zone "haha.com" IN { #默认地址根.type master; #服务器类型(hint:根)file "named.haha";
};vim /var/named/named.haha dns区域数据文件,/var/named路径底下的named.haha文件
声明TTL,域名,IN关键字,SOA起始授权记录,域名,管理员邮箱(序列号、刷新时间、重试时间、过期时间、有效期)
关键字IN,NS记录,dns/ns都可以.haha,com
dns/ns,关键字IN,A记录,IP地址
唯一需要解析的www,关键字IN,A记录,IP地址systemctl restart named
systemctl status named
dig -t NS haha.com @192.168.197.134 测试dns解析条目,检测的haha.com域的NS记录,让192.168.197.134去解析
dig -t A www.haha.com @192.168.197.134
ping www.haha.com IP仍旧不对nmcli connection show ens160 | grep DNS 查询本地dns设置
IP4.DNS[1]: 192.168.197.2
ip ad
nmcli connection modify ens160 ipv4.addresses 192.168.197.134/24 ipv4.gateway 192.168.197.2 ipv4.dns 192.168.197.134 ipv4.method manual connection.autoconnect yes 修改网络配置
nmcli connection up ens160 启动网络配置
ip ad
nmcli connection show ens160 |grep DNS 查询dns配置
IP4.DNS[1]: 192.168.197.134ping www.haha.com IP地址变为自己的IP地址192.168.197.134
curl www.haha.com 返回404<>....
curl www.haha.com/index.html 返回404<>....tail -f /var/log/nginx/haha/error.log 查询错误日志 没有对应的文件 /var/www/haha/index.html
mkdir /var/www/haha -p
echo welcome to haha.com /var/www/haha/index.htmlcurl www.haha.com 返回403 Forbidden<>....
tail -f /var/log/nginx/haha/error.log 没有权限
tail -f /var/log/messages 查看系统日志
tail -f /var/log/messages | grep index.html 过滤 匹配到关键词 红色显示
chcon -t httpd_sys_content_t /var/www/ -R 修改文件的权限 curl www.haha.com 再次访问 ok,返回welcome to test pagevim /etc/selinux/config SELINUX=permissive,开机自启动
curl www.haha.com
1.清理软件包
## 清理软件包方法:```bash
rpm -qa | grep nginx #查询软件包
dnf remove nginx #删除软件包find / -name nginx #查询根下的名字叫nginx的文件
#利用rm -rf删除
利用这个方法删除的前提,先去查询相关文件(防止误删一些重要文件)
rpm -qa | grep nginx #查询软件包
find / -name nginx -exec rm -rf {} \;#-exec对查找出来的东西做操作,{}删除的内容
2.安装软件包
mount /dev/sr0 /mnt 挂载镜像dnf install nginx -y 安装nginx软件(仓库、挂载)vim /etc/nginx/nginx.conf 查看主配置文件 写配置保存不了(安装过程有问题,是否有挂载)rpm -qa | grep nginx 查询是否安装成功systemctl start nginx 启动服务systemctl status nginx 查看服务状态,active(running)成功ps -ef | grep nginx 过滤服务进程(确定服务是否启动成功)一个服务启动成功后,一个主进程(master process)和多个工作进程(work process)netstat -lntup | grep nginx 查看服务网络连接find / -name nginx.pid 查找服务守护文件ll /run/nginx.pid (这个进程的进程文件)这个文件被删除,nginx服务就崩塌了run目录, 程序运行时相关的文件所在路径(内存文件系统)rm -rf /run/nginx.pid netstat -lntup | grep nginxps -ef | grep nginx 未能删除curl localhost 访问,有结果,index.html文件的内容
3.配置web服务
cd /etc/nginx/conf.d/
ll
vim /etc/nginx/nginx.conf 主配置文件
cd /usr/share/nginx/html 主配置文件中,说明服务默认内容目录,usr 是软件资源所在目录
ll
ll /usr/share/testpage/index.html 查看默认测试页面,返回为这个文件的具体信息及文件名称
rm -rf /usr/share/testpage/index.html ll /usr/share/nginx/html/ index.html ->../../testpage/index.html文件无法再访问
curl localhost 403被拒绝
curl localhost/index.html 404页面的内容(index.html无法访问就指到404.html去)<>....
llecho 404 > 404.html
curl localhost/index.html 返回404
echo welcome to test page > index.html
curl localhost/index.html 返回写入到welcome to test page
llcd /etc/nginx/conf.d/
ll
vim haha.conf 虚拟主机的配置 server_name(www) root(var) access_log error_log(注意;)systemctl restart nginx
systemctl status nginx
## mkdir /var/log/nginx/haha 创建日志目录
systemctl restart nginx
systemctl status nginxcurl localhost 可访问到 welcome to test page
cat haha.conf
ping www.haha.com ping主机名,ping的地址不是我们的ip,是一个互联网地址(因为没有做解析,或者说是我们做的解析是互联网上的dns帮我们做的解析)
查看默认测试页面
#通过访问主配置文件 vim /etc/nginx/nginx.conf,可以看到服务默认内容目录,查看其中的内容
[root@localhost conf.d]# cd /usr/share/nginx/html
[root@localhost html]# ll
total 12
-rw-r--r--. 1 root root 3971 Oct 11 2023 404.html
-rw-r--r--. 1 root root 4020 Oct 11 2023 50x.html
drwxr-xr-x. 2 root root 27 Oct 27 22:13 icons
lrwxrwxrwx. 1 root root 25 Oct 11 2023 index.html -> ../../testpage/index.html
-rw-r--r--. 1 root root 368 Oct 11 2023 nginx-logo.png
lrwxrwxrwx. 1 root root 14 Oct 11 2023 poweredby.png -> nginx-logo.png
lrwxrwxrwx. 1 root root 37 Oct 11 2023 system_noindex_logo.png -> ../../pixmaps/system-noindex-logo.png
[root@localhost html]# ll /usr/share/testpage/index.html
-rw-r--r--. 1 root root 5909 Aug 9 2021 /usr/share/testpage/index.html
访问本地用户后会报错:403
重新写入内容到index.html后:
配置haha.conf文件
[root@localhost html]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 0
[root@localhost conf.d]# vim haha.conf
[root@localhost conf.d]# cat haha.conf
server{server_name www.haha.com;root /var/www/haha.com/;access_log /var/log/nginx/haha.com/access.log;error_log /var/log/nginx/haha.com/error.log;
#这里/var/log/nginx/haha.com/error.log,所以在创建文件的时候也要mkdir -p /var/log/nginx/haha.com
}
[root@localhost conf.d]# mkdir -p /var/log/nginx/haha.com
[root@localhost conf.d]# systemctl restart nginx
访问:
ping主机名,ping的地址不是我们的ip,是一个互联网地址(因为没有做解析,或者说是我们做的解析是互联网上的dns帮我们做的解析)
[root@localhost conf.d]# curl localhost
welcome to test page
[root@localhost conf.d]# ping www.haha.com
PING www.haha.com (68.178.204.6) 56(84) bytes of data.
64 bytes from 6.204.178.68.host.secureserver.net (68.178.204.6): icmp_seq=1 ttl=128 time=255 ms
64 bytes from 6.204.178.68.host.secureserver.net (68.178.204.6): icmp_seq=2 ttl=128 time=230 ms
报错讲解
1
在访问时报错这个命令,则说明未启动服务,需
systemctl start nginx
[root@localhost html]# curl localhost
curl: (7) Failed to connect to localhost port 80: Connection refused
2
在web解析配置完成后,通过访问域名不能成功访问
因为按照正常流程,进行web解析配置应当配置/etc/hosts和haha.conf两个文件
[root@localhost conf.d]# curl www.haha.com
<!doctype html>
<html lang="en">
<head><meta charset="utf-8"><title>Web Server's Default Page</title><meta name="copyright" content="Copyright 1999-2022. Plesk International GmbH. All rights reserved."><script src="https://assets.plesk.com/static/default-website-content/public/default-server-index.js"></script>
</head>
<body>You see this page because there is no Web site at this address.
</body>
</html>
4.安装DNS解析需要的bind软件包
创建dns服务()
ip ad
dnf install bind -y 安装bind软件
dnf remove bind -y
find / -name bind 查找指定名称的文件(/sys/bus是总线相关的文件)
find / -name named
rm -rf /var/named/
rm -rf /etc/named.conf.rpmsave
dnf install bind -y 安装
rpm -qa | grep bind 查询ll /etc/named.conf
vim /etc/named.conf 编辑dns主配置文件
listen,ip改为自己的,zone haha.com,服务器类型master,file,named.haha
原本监听地址默认的是环回地址,服务只能用于本机,不能对外服务[root@localhost ~]# cat /etc/named.conf
options {listen-on port 53 { 2.2.2.130; };directory "/var/named";
}; #注意括号
zone "haha.com" IN {type master;file "named.haha";
};vim /var/named/named.haha dns区域数据文件,/var/named路径底下的named.haha文件
声明TTL,域名,IN关键字,SOA起始授权记录,域名,管理员邮箱(序列号、刷新时间、重试时间、过期时间、有效期)
关键字IN,NS记录,dns/ns都可以.haha.com
dns/ns,关键字IN,A记录,IP地址
唯一需要解析的www,关键字IN,A记录,IP地址
[root@localhost ~]# cat /var/named/named.haha
$TTL 1D
@ IN SOA @ admin.haha.com(01111)IN NS ns.haha.com.
ns IN A 2.2.2.130
WWW IN A 2.2.2.130
systemctl restart named
systemctl status named
dig -t NS haha.com @192.168.197.134 测试dns解析条目,检测的haha.com域的NS记录,让192.168.197.134去解析
dig -t A www.haha.com @192.168.197.134
ping www.haha.com IP仍旧不对
5.修改网络配置,查错,修改权限
nmcli connection show ens160 | grep DNS 查询本地dns设置
IP4.DNS[1]: 192.168.197.2
ip ad
nmcli connection modify ens160 ipv4.addresses 192.168.197.134/24 ipv4.gateway 192.168.197.2 ipv4.dns 192.168.197.134 ipv4.method manual connection.autoconnect yes 修改网络配置
nmcli connection up ens160 启动网络配置
ip ad
nmcli connection show ens160 |grep DNS 查询dns配置
IP4.DNS[1]: 192.168.197.134ping www.haha.com IP地址变为自己的IP地址192.168.197.134
curl www.haha.com 返回404<>....
curl www.haha.com/index.html 返回404<>....tail -f /var/log/nginx/haha/error.log 查询错误日志 没有对应的文件 /var/www/haha/index.html
mkdir /var/www/haha -p
echo welcome to haha.com /var/www/haha/index.htmlcurl www.haha.com 返回403 Forbidden<>....
tail -f /var/log/nginx/haha/error.log 没有权限
tail -f /var/log/messages 查看系统日志
tail -f /var/log/messages | grep index.html 过滤 匹配到关键词 红色显示
chcon -t httpd_sys_content_t /var/www/ -R 修改文件的权限 curl www.haha.com 再次访问 ok,返回welcome to test pagevim /etc/selinux/config SELINUX=permissive,开机自启动
curl www.haha.com
[root@localhost ~]# nmcli connection show ens160 | grep DNS
IP4.DNS[1]: 2.2.2.2
[root@localhost ~]# ping www.haha.com
PING www.haha.com (68.178.204.6) 56(84) bytes of data.
64 bytes from 6.204.178.68.host.secureserver.net (68.178.204.6): icmp_seq=1 ttl=128 time=210 ms
64 bytes from 6.204.178.68.host.secureserver.net (68.178.204.6): icmp_seq=2 ttl=128 time=188 ms
^C
--- www.haha.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 187.889/199.041/210.194/11.152 ms
[root@localhost ~]# nmcli connection modify ens160 ipv4.addresses 2.2.2.130/24 ipv4.gateway 2.2.2.2 ipv4.dns 2.2.2.130 ipv4.method manual connection.autoconnect yes
[root@localhost ~]# nmcli connection up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@localhost ~]# nmcli connection show ens160 | grep DNS
IP4.DNS[1]: 2.2.2.130
[root@localhost ~]# ping www.haha.com
PING www.haha.com (2.2.2.130) 56(84) bytes of data.
^C64 bytes from 2.2.2.130: icmp_seq=1 ttl=64 time=0.033 ms--- www.haha.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.033/0.033/0.033/0.000 ms
[root@localhost ~]# curl www.haha.com
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@localhost ~]# curl www.haha.com/index.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@localhost ~]# tail -f /var/log/nginx/haha/error.log
2024/11/12 21:06:46 [error] 36477#36477: *2 "/var/www/haha/index.html" is not found (2: No such file or directory), client: 2.2.2.130, server: www.haha.com, request: "GET / HTTP/1.1", host: "www.haha.com"
2024/11/12 21:07:01 [error] 36477#36477: *3 open() "/var/www/haha/index.html" failed (2: No such file or directory), client: 2.2.2.130, server: www.haha.com, request: "GET /index.html HTTP/1.1", host: "www.haha.com"
^[[C^C
[root@localhost ~]# mkdir -p /var/www/haha
[root@localhost ~]# echo welcome to haha.com /var/www/haha/index.html
welcome to haha.com /var/www/haha/index.html
[root@localhost ~]# curl www.haha.com
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@localhost ~]# tail -f /var/log/nginx/haha/error.log
2024/11/12 21:06:46 [error] 36477#36477: *2 "/var/www/haha/index.html" is not found (2: No such file or directory), client: 2.2.2.130, server: www.haha.com, request: "GET / HTTP/1.1", host: "www.haha.com"
2024/11/12 21:07:01 [error] 36477#36477: *3 open() "/var/www/haha/index.html" failed (2: No such file or directory), client: 2.2.2.130, server: www.haha.com, request: "GET /index.html HTTP/1.1", host: "www.haha.com"
2024/11/12 21:08:41 [error] 36477#36477: *4 open() "/var/www/haha/index.html" failed (2: No such file or directory), client: 2.2.2.130, server: www.haha.com, request: "GET /index.html HTTP/1.1", host: "www.haha.com"
2024/11/12 21:09:28 [error] 36477#36477: *5 directory index of "/var/www/haha/" is forbidden, client: 2.2.2.130, server: www.haha.com, request: "GET / HTTP/1.1", host: "www.haha.com" ##没有权限
实验二
[root@localhost ~]# rpm -qa | grep nginx
nginx-filesystem-1.20.1-14.el9_2.1.noarch
nginx-core-1.20.1-14.el9_2.1.x86_64
nginx-1.20.1-14.el9_2.1.x86_64
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sr0 11:0 1 9.8G 0 rom /run/media/root/RHEL-9-3-0-BaseOS-x86_64
nvme0n1 259:0 0 50G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
└─nvme0n1p2 259:2 0 49G 0 part ├─rhel-root 253:0 0 44.2G 0 lvm /└─rhel-swap 253:1 0 4.8G 0 lvm [SWAP]
nvme0n2 259:3 0 20G 0 disk
[root@localhost ~]# vgcreate vgxixi /dev/nvme0n2 Physical volume "/dev/nvme0n2" successfully created.Volume group "vgxixi" successfully created
[root@localhost ~]# lvcreate -n lvxixi -L 1G vgxixiLogical volume "lvxixi" created.
[root@localhost ~]# mkfs.xfs /dev/mapper/vgxixi-lvxixi
meta-data=/dev/mapper/vgxixi-lvxixi isize=512 agcount=4, agsize=65536 blks= sectsz=512 attr=2, projid32bit=1= crc=1 finobt=1, sparse=1, rmapbt=0= reflink=1 bigtime=1 inobtcount=1 nrext64=0
data = bsize=4096 blocks=262144, imaxpct=25= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=16384, version=2= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# mkdir /lvm
[root@localhost ~]# mount /dev/mapper/vgxixi-lvxixi /lvm
[root@localhost ~]# df -h /lvm
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vgxixi-lvxixi 960M 39M 922M 5% /lvm
[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 0
[root@localhost conf.d]# vim xixi.conf
[root@localhost conf.d]# mkdir -p /var/www/xixi.com/
[root@localhost conf.d]# mkdir /var/log/nginx/xixi.com
[root@localhost conf.d]# echo welcome to xixi.com > /var/www/xixi.com/index.html
配置文件
haha.conf
/etc/nginx/conf.d/ 路径下
[root@localhost conf.d]# cat haha.conf
server{server_name www.haha.com;root /var/www/haha.com/;access_log /var/log/nginx/haha.com/access.log;error_log /var/log/nginx/haha.com/error.log;
#这里/var/log/nginx/haha.com/error.log,所以在创建文件的时候也要mkdir -p /var/log/nginx/haha.com
}
named.conf
/etc/named.conf 路径下
vim /etc/named.conf 编辑dns主配置文件
[root@localhost ~]# cat /etc/named.conf
options {listen-on port 53 { 2.2.2.130; };directory "/var/named";
}; #注意括号
zone "haha.com" IN {type master;file "named.haha";
};
named.haha
/var/named路径底下的named.haha文件
vim /var/named/named.haha dns区域数据文件
[root@localhost ~]# cat /var/named/named.haha
$TTL 1D
@ IN SOA @ admin.haha.com( #注意点.不是逗号,01111)IN NS ns.haha.com. #记得这个点
ns IN A 2.2.2.130
WWW IN A 2.2.2.130