Detailed explanation of the steps of yum configuration by nginx reverse proxy 02/24 Update SLTechnology News&Howtos

Detailed explanation of the steps of yum configuration by nginx reverse proxy

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/02 Report--

Part.0 usage background

The company's intranet servers cannot access the Internet directly through Internet, but in order to communicate with the external network and synchronize time, several servers will be designated to access Internet. Here is through the Internet access machine as an agent, the production of yum warehouse used in the intranet.

Part.1 environment

Private network dns (recommended, optional, as IP can be used instead)

A server A that can access Internet

Servers that cannot access Internet can communicate with server A

Part.2 nginx installation

Install nginx in A that can be connected to the external network

Yum install nginx

Part.3 nginx configuration

Add nginx configuration to host A

$cd / etc/nginx/conf.d$ vim proxy.confserver {listen 80; # listen [::]: 80; server_name mirrors.yourdomain.com; index index.html index.htm index.php default.html default.htm default.php; root/ home/wwwroot/html; location / ubuntu/ {proxy_pass http://mirrors.aliyun.com/ubuntu/;} location / centos/ {proxy_pass http://mirrors.aliyun.com/centos/ } location / epel/ {proxy_pass http://mirrors.aliyun.com/epel/;}}

Part.4 configure yum repo Feed

Modify the repo file of host B that cannot connect to the external network.

$cat / etc/yum.repos.d/CentOS-7.repo [base] name=CentOS-$releasever-Base-mirrors.yourdomain.comfailovermethod=prioritybaseurl= http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=osgpgcheck=1gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#released updates [updates] name=CentOS-$releasever-Updates-mirrors.yourdomain.comfailovermethod=prioritybaseurl=http : / / mirrors.yourdomain.com/centos/$releasever/updates/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updatesgpgcheck=1gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that may be [extras] name=CentOS-$releasever-Extras-mirrors.yourdomain.comfailovermethod=prioritybaseurl= http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/ http://mirrors.yourdomain. Com/centos/$releasever/extras/$basearch/#mirrorlist= http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extrasgpgcheck=1gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever-Plus-mirrors.yourdomain.comfailovermethod=prioritybaseurl= http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever& Arch=$basearch&repo=centosplusgpgcheck=1enabled=0gpgkey= http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#contrib-packages by Centos users [contrib] name=CentOS-$releasever-Contrib-mirrors.yourdomain.comfailovermethod=prioritybaseurl= http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/ http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contribgpgcheck=1enabled=0gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7

Part.5 configuration hosts

$cat / etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.1.193 mirrors.yourdomain.com# ensures that host An IP and the reverse proxy address behind it

Part.6 configuration iptables

Ping mirrors.yourdomain.com# reported that there was no route to the host.

At this point, look at the iptables information in host B and find that 80 cannot be accessed. You can add a rule first.

$iptables-nvL 8155 28m ACCEPT all-- * 0.0.0.0Univer 0 0.0.0.0Universe 0 ctstate RELATED ESTABLISHED 0 0 ACCEPT all-- lo * 0.0.0.0 INPUT_ZONES all 0 0.0.0.0 INPUT_ZONES all 0 11761 985K INPUT_ZONES all-- * * 0.0.0.0 INPUT_ZONES_SOURCE all-- * 0.0.0.0.0 INPUT_ZONES all-- * 0.0.0.0 / 0 0.0.0.0ACCEPT 0 0 DROP all-- * * 0.0.0.0ACCEPT 0 0.0.0.0ACCEPT 0 ctstate INVALID11756 985K REJECT all-- * * 0.0.0.0ACCEPT 00.0.0.0ACCEPT 0 reject-with icmp-host-prohibited$ iptables-I INPUT-p tcp-- dport 80-j ACCEPT

Whether the part.7 test is successful

Yum makecache operation is carried out in the B host. To determine whether the yum operation can be performed.

$yum clean all$ yum makecache

Summary

The above is the whole content of this article, I hope that the content of this article has a certain reference and learning value for your study or work, if you have any questions, you can leave a message and exchange, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.