title: 配置nginx代理yum源及DNS #标题tags: 配置代理yum源 #标签
date: 2020-05-16
categories: nginx # 分类

需求:内网环境,需要yum安装很多东西,故需要一台可以连接外网的nginx作为代理,内网主机通过nginx代理yum安装包。

代理yum源

环境描述

两台主机,192.168.20.3为内网主机,无法连接外网,需要连接外网进行yum安装。
192.168.20.2为nginx代理,可以连接外网,并可以和内网主机通信。

修改内网主机的yum配置文件

  1. $ tail -1 /etc/yum.conf          # 修改yum配置文件,添加该行,指定nginx监听地址
  2. proxy=http://192.168.20.2:1102   
  3. # 注,这里仅支持支持端口,而不支持这样的路径匹配,如:http://192.168.20.2:1102/repo
  5. # 备份原有.repo文件
  6. $ mkdir /etc/yum.repos.d/bak       
  7. $ mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
  8. $ ls /etc/yum.repos.d/bak/      # 确认文件已备份
  9. CentOS-Base.repo       CentOS-fasttrack.repo  CentOS-Vault.repo
  10. CentOS-CR.repo         CentOS-Media.repo      epel.repo
  11. CentOS-Debuginfo.repo  CentOS-Sources.repo
  14. # 编写新的repo文件如下
  16. $ cat /etc/yum.repos.d/Centos-7.repo
  17. # CentOS-Base.repo
  18. #
  19. # The mirror system uses the connecting IP address of the client and the
  20. # update status of each mirror to pick mirrors that are updated to and
  21. # geographically close to the client.  You should use this for CentOS updates
  22. # unless you are manually picking other mirrors.
  23. #
  24. # If the mirrorlist= does not work for you, as a fall back you can try the 
  25. # remarked out baseurl= line instead.
  26. #
  27. #
  29. [base]
  30. name=CentOS-$releasever - Base - mirrors.aliyun.com
  31. failovermethod=priority
  32. baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
  33.         http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
  34.         http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
  35. gpgcheck=1
  36. gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  38. #released updates 
  39. [updates]
  40. name=CentOS-$releasever - Updates - mirrors.aliyun.com
  41. failovermethod=priority
  42. baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
  43.         http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
  44.         http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
  45. gpgcheck=1
  46. gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  48. #additional packages that may be useful
  49. [extras]
  50. name=CentOS-$releasever - Extras - mirrors.aliyun.com
  51. failovermethod=priority
  52. baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
  53.         http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
  54.         http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
  55. gpgcheck=1
  56. gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  58. #additional packages that extend functionality of existing packages
  59. [centosplus]
  60. name=CentOS-$releasever - Plus - mirrors.aliyun.com
  61. failovermethod=priority
  62. baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
  63.         http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
  64.         http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
  65. gpgcheck=1
  66. enabled=0
  67. gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  69. #contrib - packages by Centos Users
  70. [contrib]
  71. name=CentOS-$releasever - Contrib - mirrors.aliyun.com
  72. failovermethod=priority
  73. baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
  74.         http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
  75.         http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
  76. gpgcheck=1
  77. enabled=0
  78. gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
  81. #[epel]
  82. #name=Extra Packages for Enterprise Linux 7 - $basearch
  83. #baseurl=http://mirrors.aliyun.com/epel/7/$basearch
  84. #failovermethod=priority
  85. #enabled=1
  86. #gpgcheck=0
  87. #gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
  89. [epel-debuginfo]
  90. name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
  91. baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
  92. failovermethod=priority
  93. enabled=0
  94. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
  95. gpgcheck=0
  97. [epel-source]
  98. name=Extra Packages for Enterprise Linux 7 - $basearch - Source
  99. baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
  100. failovermethod=priority
  101. enabled=0
  102. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
  103. gpgcheck=0

配置nginx代理

修改配置文件

192.168.20.2为nginx代理主机,需修改配置文件。

  1. $ vim /etc/nginx/nginx.conf       # 以下只是部分nginx配置文件
  4.     server {
  5.         listen       1102 default_server;    # 修改监听端口和client端指定的一致
  9.         location / {               
  10.             proxy_pass http://mirrors.ustc.edu.cn;     # 指定此url
  11.         }
  14. }

启动nginx
  1. $ nginx
  2. $ ss -lnpt | grep 1102       # 确定端口在监听
  3. LISTEN     0      128          *:1102                     *:*                   users:(("nginx",pid=2413,fd=6),("nginx",pid=2412,fd=6))

至此,那个纯内网环境的主机即可通过yum来进行安装了。

yum安装测试

  1. $ yum clean all
  2. $ yum makecache
  3. $ yum install nginx
  5. # 如果yum报错,可以尝试下面的指令
  6. $ yum clean all
  7. $ rpm --rebuilddb

代理DNS

nginx配置如下即可充当DNS:

  1. stream {
  2.     server {
  3.         listen 53 udp reuseport;
  4.         proxy_timeout 20s;
  5.         proxy_pass 114.114.114.114:53;
  6.     }
  7. }

代理mysql等端口

  1. stream {
  2.     server {
  3.         listen 3306;
  4.         proxy_timeout 20s;
  5.         proxy_pass 192.168.20.2:3306;
  6.     }
  7. }