25/120

dns를 위한 패키지설치
bind, bind-utils

[root@dns ~]# yum -y install bind bind-utils

dns 서비스 설정

[root@dns ~]# nmcli con add con-name static ifname enp0s3
type ethernet ip4 10.0.2.10/24 gw4 10.0.2.2
[root@dns ~]# nmcli con mod static ipv4.dns 10.0.2.10
[root@dns ~]# nmcli con up static

dns 파일 설정

[root@dns ~]# vi /etc/named.conf
options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { none; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };
....
zone "word.project.com" IN {
        type master;
        file "word.project.com.zone";
};

/var/named 아래 파일 설정

[root@dns ~]# cd /var/named/
[root@dns named]# ls
data     named.ca     named.localhost  slaves
dynamic  named.empty  named.loopback
[root@dns named]# cp named.empty word.project.com
[root@dns named]# vi word.project.com.zone
$TTL 3H
@       IN SOA  word.project.zone. root.word.project.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      dns.test.example.com.
        A       10.0.2.2
dns     A       192.168.56.109
server  A       192.168.56.106
db      A       192.168.56.108

[root@dns named]# chmod 660 word.project.com
[root@dns named]# chown :named word.project.com

named 시스템 활성화 및 방화벽 설정

[root@dns named]# systemctl start named
[root@dns named]# firewall-cmd --add-service=dns --permanent
[root@dns named]# firewall-cmd --reload

dns 서버에서 nslookup 으로 확인

[root@dns named]# nslookup
> server
Default server: 10.0.2.10
Address: 10.0.2.10#53
> db.word.project.com
Server:         10.0.2.10
Address:        10.0.2.10#53

Name:   db.word.project.com
Address: 192.168.56.108

웹서버에서 dns 외부 작동확인

nameserver를 생성한 dns서버 ip로 지정

[root@server ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search word.project.com
nameserver 10.0.2.10
[root@server ~]# nslookup
> server
Default server: 10.0.2.10
Address: 10.0.2.10#53
> db.word.project.com
Server:         10.0.2.10
Address:        10.0.2.10#53

Name:   db.word.project.com
Address: 192.168.56.108

정상작동 확인 후 워드프레스 데이터베이스 연결 ip -> domain으로 변경

[root@server ~]# cd /var/www/html/wordpress/
[root@server wordpress]# vim wp-config.php
...
/** Database hostname */
define( 'DB_HOST', 'db.word.project.com' );

윈도우 클라이언트에서 접속 확인

윈도우 환경에서 도메인으로 접속하기
1. 직접 호스트 등록하기

위 경로의 hosts 파일에 IP와 호스트 추가 (리눅스의 /etc/hosts)
*.*.*.106 server.word.project.com
❗ 관리자 권한으로 실행(다른 폴더로 복사-> 수정 및 저장-> 관리자 권한으로 덮어쓰기)
추가 후 호스트로 접속
2. 설정으로 도메인 지정하기
제어판 -> 네트워크 및 인터넷 -> 네트워크 및 공유센터
-> 연결된 인터넷 클릭

-> 속성 -> 인터넷 프로토콜 버전 선택 -> 속성
-> dns 추가

오류

[root@server ~]# nslookup
> server
Default server: 10.0.2.10
Address: 10.0.2.10#53
> www.nate.com
;; connection timed out; no servers could be reached
> db.word.project.com
;; connection timed out; no servers could be reached

방화벽을 켜기만 하고 reload를 안했음😂

https 서비스설정

[root@server ~]# yum -y install mod_ssl
[root@server ~]# rpm -qa | grep mod_ssl
mod_ssl-2.4.6-97.el7.centos.4.x86_64
[root@server ~]# systemctl start httpd
[root@server ~]# firewall-cmd --add-service=https
[root@server ~]# firewall-cmd --reload

인증서 생성

# 개인키 생성
[root@server ~]# cd /etc/httpd/conf.d
[root@server conf.d]# openssl genrsa -out private.key 2048
Generating RSA private key, 2048 bit long modulus
............................................................................................................................+++
......................................................................................................................................+++
e is 65537 (0x10001)
# 생성된 키로 인증서 생성
[root@server conf.d]# openssl req -new -key private.key -out cert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:kr
State or Province Name (full name) []:admin
Locality Name (eg, city) [Default City]:seoul
Organization Name (eg, company) [Default Company Ltd]:seoul
Organizational Unit Name (eg, section) []:adm
Common Name (eg, your name or your server's hostname) []:server.word.project.com
Email Address []:admin@word.project.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# 개인키와 인증요청서를 가지고 인증서 생성
[root@server conf.d]# openssl x509 -req -signkey private.key -in cert.csr -out cert.crt
Signature ok
subject=/C=kr/ST=admin/L=seoul/O=seoul/OU=adm/CN=server.word.project.com/emailAddress=admin@word.project.com
Getting Private key

# 개인키와 인승서설치
[root@server conf.d]# chmod 600 private.key cert.csr
[root@server conf.d]# mv private.key /etc/pki/tls/private/
[root@server conf.d]# mv cert.* /etc/pki/tls/certs/

개인서명이기 때문에 신뢰할 수 없다고 나옴, 보안접속은 가능