MOBA x TERM 비번없이 접속
로컬 터미널
ssh-copy-id -i .ssh/id_rsa root@10.31.0.100
서버 터미널
Private 키 사용하여 접속
SELINUX 영구 제거
sestatus
->selinux 상태확인
vi /etc/sysconfig/selinux
SELINUX=disabled
->영구제거
VMware(Hypervisior) 서버 구축
서버1 웹1 띄우기
서버2 웹2 띄우기
서버3 디비 띄우기
GW_nat
IP 고정
vi /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=none
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.0.28
NETMASK=255.255.248.0
GATEWAY=192.168.0.1
#DNS1=10.31.0.100
DNS1=8.8.8.8
DNS2=8.8.4.4
vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.31.0.1
NETMASK=255.255.255.0
systemctl restart network
firewall-cmd --get-active-zone
public
interfaces: ens32 ens33
nmcli c mod ens32 connection.zone external
nmcli c mod ens33 connection.zone internal
firewall-cmd --get-active-zone
internal
interfaces: ens33
external
interfaces: ens32
firewall-cmd --permanent --zone=external --add-forward-port=port=139:proto=tcp:toport=139:toaddr=10.31.0.101
firewall-cmd --permanent --zone=external --add-forward-port=port=445:proto=tcp:toport=445:toaddr=10.31.0.101
firewall-cmd --reload
DHCP 설치
yum install dhcp -y
vi /etc/dhcp/dhcpd.conf
ddns-update-style interim;
subnet 10.31.0.0 netmask 255.255.255.0 {
= 10.31.0.0/24
option routers 10.31.0.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.31.0.100 10.31.0.110;
option domain-name-servers 10.31.0.100, 8.8.8.8, 8.8.4.4; (dns ip 추가)
default-lease-time 7200;
max-lease-time 86400;
}
systemctl enable dhcpd
systemctl start dhcpd
systemctl enable --now dhcpd
결과적으로 해당 ip로 할당WEB01_SAMBA 10.31.0.101
WEB02_NFS 10.31.0.102
DNS_DATABASE 10.31.0.100
리눅스 시스템을 라우터로 만드는 셋팅
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
SAMBA_web01
다른 OS간의 파일공유 가능한 프로그램
SMB 프로토콜 사용
설치하고 적용하고 실행
yum install -y httpd
systemctl enable --now httpd
systemctl restart httpd
웹에 뿌려질 화면 세팅하기
vi /var/www/html/index.html
SAMBA 서버 세팅
yum install -y samba
mkdir -p /var/samba/share
chmod 777 /var/samba/share
adduser kosa
passwd kosa
smbpasswd -a kosa
vi /etc/samba/smb.conf
workgroup = hali
[share]
comment = Share Directory
path = /var/samba/share
browserable = yes
writable = yes
valid users = kosa
create mask = 0777
directory mask = 0777
systemctl restart smb
systemctl enable smb
systemctl enable --now smb
systemctl restart nmb
systemctl enable nmb
systemctl enable --now nmb
systemctl status smb nmb
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
최종적으로
NAT서버에서 외부나가는 방화벽 해제 후
firewall-cmd --permanent --zone=external --add-port=80/tcp
firewall-cmd --permanent --zone=external --add-forward-port=port=139:proto=tcp:toport=139:toaddr=10.31.0.100 (samba ip)
firewall-cmd --permanent --zone=external --add-forward-port=port=445:proto=tcp:toport=445:toaddr=10.31.0.100 (samba ip)
firewall-cmd --reload
139 smb
445 nmb
HAPROXY 설정 완료시
nat haproxy
web01 http 데몬 실행 확인 후
url에 NAT IP 접속시 정상 작동하는지 확인
윈도우 클라이언트 접속 방법
\192.168.0.85
->호스트 IP로 확인
CentOS7 클라이언트 접속 방법
yum install -y samba-client
smbclient //10.31.0.102/share -U kosa
NFS_web02
다른 컴퓨터의 파일 시스템을 마운트해서 공유
즉 내 컴퓨터에서 다른 컴퓨터의 파일시스템 사용 가능
yum install -y httpd
systemctl enable --now httpd
systemctl restart httpd
설치하고 적용하고 실행
vi /var/www/html/index.html
웹에 뿌려질 화면 세팅하기
NFS 시작하기
- 서버 (10.31.0.102) ###web02에서 실행
yum install -y nfs-utils
mkdir /share && cd $_
echo "Hello" > test.txt
vi /etc/exports
/share 10.0.0.0/24(rw,sync)
chmod 707 /share
systemctl start nfs-server
systemctl enable nfs-server
systemctl enable --now nfs-server
exportfs -v
firewall-cmd --permanent --add-service=nfs #tcp 2049
firewall-cmd --permanent --add-service=rpc-bind #tcp 111
firewall-cmd --permanent --add-service=mountd #Random port
firewall-cmd --reload
- 클라이언트 (10.31.0.100) #dns서버에서 실행
rpm -qa | grep nfs-utils
yum install -y nfs-utils
showmount -e 10.31.0.102(nfs서버 ip)
NFS 서버에 공유된 디렉토리를 확인
mkdir share
mount -t nfs 10.31.10.102:/share share #(nfs서버 ip)
df -h
vi /etc/fstab
10.31.10.102:/share /root/my-nfs nfs defaults 0 0 #(nfs서버 ip)
DNS_db
디비 서버
서버에 마리아디비 설치
vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
yum install -y MariaDB
rpm -qa | grep MariaDB
mariadb --version
systemctl start mariadb
systemctl enable mariadb
systemctl enable --now mariadb
mysql_secure_installation #모두 Y
systemctl restart mariadb
mysql -u root -p
디비 프롬프트 진입해서 SQL 작성
CREATE USER 'kosa'@'%' IDENTIFIED BY 'kosa0401';
CREATE DATABASE IF NOT EXISTS wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO 'kosa'@'%';
quit
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload
클라이언트 (NFS서버에서 설치 WEB02)
yum install mysql -y
mysql -h 10.31.10.100 -u kosa -p (db서버)
DNS 설치
yum -y install bind bind-chroot bind-utils
vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.0/21; 10.31.0/24; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.0/21; 10.31.0/24; };
forwarders { 8.8.8.8; 8.8.4.4; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" {
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/var/named/taek2.shop.zones"; # 호스팅 영역 생성};
vi /var/named/taek2.shop.zones
zone "taek2.shop" IN {
type master;
file "taek2.shop.db";
allow-update { none; };
};
zone "0.31.10.in-addr.arpa" IN {
type master;
file "0.31.10.in-addr.arpa.db";
allow-update { none; };
};
vi /var/named/taek2.shop.db
$TTL 86400
@ IN SOA taek2.shop. root.taek2.shop.(
2022041401 ; Serial
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.taek2.shop.
IN MX 10 ns.taek2.shop.ns IN A 10.31.0.100
web01 IN A 10.31.0.101
web02 IN A 10.31.0.102
vi /var/named/0.31.10.in-addr.arpa.db
$TTL 86400
@ IN SOA taek2.shop. root.taek2.shop.(
2022041401 ; Serial
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.taek2.shop.102 IN PTR ns.taek2.shop.
systemctl start named && systemctl enable named
systemctl enable --now named
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
systemctl restart NetworkManager
정상작동 확인
yum install -y bind-utils
dig A web01.taek2.shop
dig -x 10.31.0.100 (dns서버 ip)
HAproxy
yum install -y haproxy
vi /etc/haproxy/haproxy.cfg
global
daemon
defaults
mode http
frontend http-in
bind *:80
acl firefox hdr_sub(User-Agent) Firefox
acl chrome hdr_sub(User-Agent) Chrome
default_backend backend_servers
use_backend bk_firefox if firefox
use_backend bk_chrome if chrome
backend backend_servers
balance roundrobin
server web01 10.31.0.101:80 cookie w1 check
server web02 10.31.0.102:80 cookie w2 check
server web03 10.31.0.100:80 cookie w3 check
backend bk_firefox
server web01 10.31.0.101:80
backend bk_chrome
server web02 10.31.0.102:80
systemctl start haproxy
systemctl enable haproxy
systemctl enable --now haproxy
systemctl status haproxy
최종확인1번 서버 10.31.0.101
ping web02.taek2.shop
2번 서버 10.31.0.102
ping web01.taek2.shop
3번 서버 10.31.0.100
ping web01.taek2.shop
ping web02.taek2.shop
NAT 서버 192.168.0.28
cat /etc/resolv.conf
1,2,3서버 호스트네임 정리
hostnamectl set-hostname web01
hostnamectl set-hostname web02
hostnamectl set-hostname ns
NAT서버에서 ssh 사용하여 접속 방법
1번 서버 접속
ssh -i id_rsa root@10.31.0.101
2번 서버 접속
ssh -i id_rsa root@10.31.0.102
3번 서버 접속
ssh -i id_rsa root@10.31.0.100
포트포워딩
firewall-cmd --permanent --zone=external --add-forward-port=port=221:proto=tcp:toport=22:toaddr=10.31.0.101
firewall-cmd --permanent --zone=external --add-forward-port=port=222:proto=tcp:toport=22:toaddr=10.31.0.102
firewall-cmd --permanent --zone=external --add-forward-port=port=223:proto=tcp:toport=22:toaddr=10.31.0.100
firewall-cmd --reload
firewall-cmd --list-all --zone=external
