cmd
>ssh root@192.168.56.101
root@192.168.56.101's password:
Last login: Fri Apr 8 09:18:14 2022
# mkdir /root/.ssh
# exit
logout
Connection to 192.168.56.101 closed.
> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\lg/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\lg/.ssh/id_rsa.
Your public key has been saved in C:\Users\lg/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hpq6DXQcZHU1dAHd663hmlOpXJV8gIIF7Ir0cr5F1m0 lg@lge
The key's randomart image is:
+---[RSA 2048]----+
| o...o**oo+ |
| o .o .oo o |
| . . . .o.|
| ... ... . .oo|
| ..oo..S . E. +.|
| . .oo++ . * .|
| . o+ . . = o |
| + .. +.o |
| o.. .. oo |
+----[SHA256]-----+
> cd %UserProfile%\.ssh
C:\Users\lg\.ssh>dir
C 드라이브의 볼륨: Windows
볼륨 일련 번호: CA8C-1C79
C:\Users\lg\.ssh 디렉터리
2022-04-08 오후 03:46 <DIR> .
2022-04-08 오후 03:46 <DIR> ..
2022-04-08 오후 03:46 1,679 id_rsa
2022-04-08 오후 03:46 389 id_rsa.pub
2022-04-06 오전 11:39 177 known_hosts
3개 파일 2,245 바이트
2개 디렉터리 7,183,212,544 바이트 남음
C:\Users\lg\.ssh>
id_rsa.pub
파일 authorized_keys
로 복사.ssh> scp id_rsa.pub root@192.168.56.101:/root/.ssh/authorized_keys
-i id_rsa
는 생략가능.ssh>ssh -i id_rsa root@192.168.56.101
Last login: Fri Apr 8 16:00:54 2022 from 192.168.56.1
# vi /etc/ssh/sshd_config
PasswordAuthentication no
# systemctl restart sshd
# sestatus
# vi /etc/sysconfig/selinux
SELINUX=disabled /* enforcing을 disabled로
# setenforce 0
# sestatus
# yum install -y httpd
# systemctl start httpd
# systemctl status httpd
VM에서 Google 접속
# curl 127.0.0.1
# systemctl status firewalld
# firewall-cmd --get-active-zone
# firewall-cmd --zone=public --list-all
# firewall-cmd --list-all /*위와 동일
# firewall-cmd --permanent --add-service=http success # firewall-cmd --reload success
/var/www/html/
. : 홈페이지 주소 파일 담기는 경로httpd
설치 필수[root@localhost ~]# cd /var/www/html
[root@localhost html]# ll
total 0
[root@localhost html]# echo "Hello World" > index.html
[root@localhost html]# ll
total 4
-rw-r--r--. 1 root root 12 Apr 8 17:17 index.html
Webshare
# mkdir images && cd $_
# wget http://192.168.56.1/kosa/two-rabbit.jpg
# vi index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Sample Deployment</title>
<style>
body {
color: #ffffff;
background-color: #0188cc;
font-family: Arial, sans-serif;
font-size: 14px;
}
h1 {
font-size: 500%;
font-weight: normal;
margin-bottom: 0;
}
h2 {
font-size: 200%;
font-weight: normal;
margin-bottom: 0;
}
</style>
</head>
<body>
<div align="center">
<h1>Congratulations</h1>
<h2>This application was deployed using AWS ECS, EKS.</h2>
<p>For next steps, read the <a href="https://aws.amazon.com/ko">AWS Management Console.</a></p>
<p><img src="images/two-rabbit.jpg" alt="두마리 토끼" height="350"></p>
</div>
</body>
</html>
# systemctl status firewalld
# firewall-cmd --get-active-zone /* 활성화 존 출력
# firewall-cmd --zone=public --list-all /* public존의 사용 가능 서비스/포트 출력
# firewall-cmd --list-all /* 사용 가능 서비스/포트 출력
# firewall-cmd --permanent --add-service=http /* http 서비스 추가(permanent)
# firewall-cmd --permanent --add-port=80/tcp /* 80번 포트 추가
# firewall-cmd --permanent --remove-service=http /* http 서비스 제거
# firewall-cmd --permanent --remove-port=80/tcp /* 80번 포트 제거
# firewall-cmd --reload /* 재시작
# df -h /* 디스크 공간을 확인
# lsblk /* 사용하는 저장 장치를 확인
# mkfs -t xfs /dev/sdb /* /dev/sdb파일을 xfs라는 파일시스템으로 포맷
mkfs
: 파일시스템 포맷-t
: 파일시스템을 지정# mkdir /data
# mount /dev/sdb /data /* /dev/sdb을 /data에 마운트(연결)
# df -h /* 확인
# file -s /dev/sdb /* 파일 확인 명령어
# cp /etc/fstab /etc/fstab.orig /*백업
# blkid /* 파일 시스템 유형이나 속성 출력
/dev/sda1: UUID=""
/dev/sda2: UUID=""
/dev/sdb: UUID=""
# vi /etc/fstab
UUID="3ffe9c91-2ce7-457a-9fbc-07922ff6b652" /data xfs defaults,nofail 0 2 추가
# umount /data /* 연결 끊음
xfc에서 설정으로 들어가 저장소를 들어간다.
저장소의 컨트롤러:SATA로 들어가서 하드디스크 추가를 누른다.
만들기를 눌러서 새로운 disk를 만든다
생성 후 사용한 디스크를 연결삭제를 한다.
연결 삭제한 다음 minimal의 설정으로 들어가 저장소를 누른다.
하드디스크 추가를 눌러서 추가하려는 디스크를 누르고 선택 버튼을 누른다.
blkid를 입력해 출력되는 원하는 디스크의 UUID를 복사한다.
/dev/sdb: UUID="db260ed0-e7e5-4afd-9a1d-c1988e61511b"
vi /etc/fstab으로 들어간다.
저장한 UUID를 fstab에 붙여넣는다.
UUID="db260ed0-e7e5-4afd-9a1d-c1988e61511b" /data xfs defaults,nofail 0 2
reboot를 한 후 다시 로그인 해서 df -h로 자동으로 마운트가 되었는지 확인한다.
samba설치
# yum install -y samba
경로 설정
# mkdir -p /var/samba/share
# chmod 777 /var/samba/share
# adduser kosa
# passwd kosa0401
# smbpasswd -a kosa /* kosa - samba용 계정 생성
# vi /etc/samba/smb.conf
workgroup = hali/네트워크 2로변경
[share] /*추가
comment = Share Directory
path = /var/samba/share
browserable = yes
writable = yes
valid users = kosa
create mask = 0777
directory mask = 0777
nmb/smb 실행
# systemctl start smb
# systemctl enable smb
# systemctl enable --now smb /*위 두개 합친 것
# systemctl start nmb
# systemctl enable nmb
# systemctl enable --now nmb
방화벽 설정
# firewall-cmd --permanent --add-service=samba --zone=public
# firewall-cmd --reload
# setenforce 0
윈도우 클라이언트 접속 방법
win
+ R
> \ {Host IP}를 입력CentOS7 클라이언트 접속 방법
# yum install -y samba-client
# smbclient '//{samba IP}/share' -U kosa
프로토콜
이기종간 통신(윈도우-리눅스)을 위한 규약
객체 스토리지 (Object Storage)
ip 범위
192.168.56.0/24
192.168.56
: 네트워크 영역0/24
: 호스트 영역192.168.56.0
: 네트워크 주소 (시작하는 ip)192.168.56.255
: 브로드캐스트 주소 (마지막 ip)192.168.56.101
# yum install -y nfs-utils /* nfs-utils 설치
# mkdir /share && cd $_
# echo "Hello" > test.txt
# chmod o+w test.txt
# chmod 707 /share
# vi /etc/exports /* 접근할 수 있는 IP주소 범위를 설정
/share 192.168.56.0/24(rw,sync)
# systemctl start nfs-server
# systemctl enable nfs-server
# systemctl enable --now nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
# exportfs -v /* /etc/exports 파일을 읽어서 재적용
/share 192.168.56.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpc-bind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
192.168.56.120
rpm -qa
: 현재 VM에 설치되어있는 App# rpm -qa | grep nfs-utils
# yum install -y nfs-utils
# showmount -e 192.168.56.101
Export list for 192.168.56.101: /share 192.168.56.0/24
# mkdir share
# mount -t nfs 192.168.56.101:/share /root/share
# df -h
192.168.56.101:/share 124G 3.3G 120G 3% /root/share
# echo "OK" >> /root/share/test.txt
# cat /root/share/test.txt
Hello
OK
# vi /etc/sysconfig/selinux
SELINUX=disabled
# vi /etc/fstab
192.168.0.69:/share /root/share nfs defaults 0 0
# vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
# yum install -y MariaDB
# rpm -qa | grep MariaDB
# mariadb --version
# systemctl start mariadb
# systemctl enable mariadb
# systemctl enable --now mariadb
# ss -ant
공백을 기준으로 IPv4 / IPv6
# mysql_secure_installation /* 보안 설정 관련
# systemctl restart mariadb
# mysql -u root -p /* MariaDB 실행
Disallow root login remotely? [Y]
CREATE USER 'wpuser'@'%' IDENTIFIED BY 'wppass';
CREATE DATABASE IF NOT EXISTS wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'%';
quit
%
: 사용자가 remote 접근 가능하도록# firewall-cmd --list-all
# firewall-cmd --permanent --add-service=mysql
# firewall-cmd --zone=public --add-service=mysql --permanent
# firewall-cmd --reload
# yum install mysql -y
# mysql
# mysql -h 192.168.56.101 -u wpuser -p
Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.4.24-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
네트워크 주소 변환(NAT; Network Address Translation)은 컴퓨터 네트워킹에서 쓰이는 용어로서, IP 패킷의 TCP/UDP 포트 숫자와 소스 및 목적지의 IP 주소 등을 재기록하면서 라우터를 통해 네트워크 트래픽을 주고 받는 기술을 말합니다.
NAT를 이용하는 이유는 대개 사설 네트워크에 속한 여러 개의 호스트가 하나의 공인 IP 주소를 사용하여 인터넷에 접속하기 위함입니다.
많은 네트워크 관리자들이 NAT를 편리한 기법이라고 보고 널리 사용하고 있습니다.
공인 IP = Public IP
사설 IP = Private IP
10.0.0.0 ~ 10.0.255.255
172.16.0.0 ~ 172.31.255.255
192.168.0.0 ~ 192.168.255.255
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:44:ec:a2 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.148/21 brd 192.168.7.255 scope global noprefixroute dynamic enp0s3
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:03:66:1e brd ff:ff:ff:ff:ff:ff
inet6 fe80::c4c9:27ca:c582:4baa/64 scope link noprefixroute
valid_lft forever preferred_lft forever
저번시간 이어서...
NAT GW_DHCP_HAproxy
WEB01_SAMBA
WEB02_NFS
Database_DNS
강의실 네트워크
Public Subnet
192.168.0.0/24
192.168.0.0 ~ 192.168.0.255 (256개 ip - 2개 = 254개)
192.168.0.0 네트워크 주소(시작 ip)
192.168.0.255 브로드캐스팅 주소(마지막 ip)
Private Subnet
172.31.0.0/24
172.31.0.0 ~ 10.0.0.255 (256개 ip - 2개 = 254개)
172.31.0.0 네트워크 주소(시작 ip)
172.31.0.255 브로드캐스팅 주소(마지막 ip)
>ssh-keygen -t rsa
Generating public/private rsa key pair.
/*SSH 키를 저장할 위치를 지정한다. 엔터를 누르면 기본 경로에 저장된다. (엔터)
Enter file in which to save the key (C:\Users\r2com/.ssh/id_rsa):
/*passphrase 입력, 자동 로그인을 원한다면 생략해야 한다. (엔터)
Enter passphrase (empty for no passphrase):
/* 엔터
Enter same passphrase again:
Your identification has been saved in C:\Users\r2com/.ssh/id_rsa.
Your public key has been saved in C:\Users\r2com/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:S0/R3/76Hvjr7QrtU3YNjwyfx/PHajzp5LGtN8krNn0 r2com@DESKTOP-DD3FU43
The key's randomart image is:
+---[RSA 3072]----+
| |
| . |
| . . |
| ..... |
| S . +.*o|
| . + .*oO|
| . . .o*B*|
| OBOE|
| .o&^&|
+----[SHA256]-----+
authorized_keys
에 r2com의id_rsa.pub
복사C:\Windows\system3>cd %UserProfile%\.ssh
C:\Users\r2com\.ssh>scp id_rsa.pub root@192.168.0.73:/root/.ssh/authorized_keys
C:\Users\r2com\.ssh>ren id_rsa my-key.pem
C:\Users\r2com\.ssh>ssh -i my-key.pem root@192.168.0.73
# setenforce 0
setenforce: SELinux is disabled
# vi /etc/sysconfig/selinux
SELINUX=disabled
# vi /etc/ssh/sshd_config
Port 2222 주석 없애기
PasswordAuthentication no로 변경
# systemctl restart sshd
C:\Users\r2com\.ssh>ssh root@192.168.0.73
root@192.168.0.73: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
# ss -ant
ESTAB : 192.168.0.73:22 192.168.0.26:64176
well-known 포트번호 : 0~1023 (서버 포트)
unknown 포트번호 : 1025 ~ 65535 (클라이언트 포트)
# firewall-cmd --permanent --add-port=2222/tcp
# firewall-cmd --reload
# firewall-cmd --list-all
-p
옵션 사용C:\Users\r2com\.ssh>ssh -p 2222 -i my-key.pem root@192.168.0.73
hostnamectl
명령어[root@localhost ~]# hostnamectl set-hostname nat
[root@localhost ~]# exit
logout
C:\Users\r2com\.ssh>ssh -i my-key.pem root@192.168.0.73
[root@nat ~]#
[root@nat ~]# cd /etc/sysconfig/network-scripts/
[root@nat network-scripts]# ls
ifcfg-enp0s3 ifdown-ippp ifdown-routes ifup ifup-ipv6 ifup-ppp ifup-tunnel
ifcfg-lo ifdown-ipv6 ifdown-sit ifup-aliases ifup-isdn ifup-routes ifup-wireless
ifdown ifdown-isdn ifdown-Team ifup-bnep ifup-plip ifup-sit init.ipv6-global
ifdown-bnep ifdown-post ifdown-TeamPort ifup-eth ifup-plusb ifup-Team network-functions
ifdown-eth ifdown-ppp ifdown-tunnel ifup-ippp ifup-post ifup-TeamPort network-functions-ipv6
# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE=Ethernet
BOOTPROTO=none /*dhcp: 자동으로 ip 주소 받기 > none으로 변경
NAME=enp0s3
DEVICE=enp0s3
ONBOOT=yes
IPADDR=192.168.0.73
NETMASK=255.255.255.0
GATEWAY=192.168.0.1 /*공유기 ip
DNS1=8.8.8.8
DNS2=8.8.4.4
# vi /etc/sysconfig/network-scripts/ifcfg-enp0s8
TYPE=Ethernet
BOOTPROTO=none /*dhcp > none으로 변경
NAME=enp0s8
DEVICE=enp0s8
ONBOOT=yes
IPADDR=172.31.0.1
NETMASK=255.255.255.0
# systemctl restart network
# firewall-cmd --get-active-zone
public
interfaces: enp0s3 enp0s8 /* 랜카드 2개 모두 public
nmcli
: 네트워크 세팅 명령어 (network manager)# nmcli c mod enp0s3 connection.zone external
# nmcli c mod enp0s8 connection.zone internal
# firewall-cmd --get-active-zone
internal
interfaces: enp0s8
external
interfaces: enp0s3
# sysctl -w net.ipv4.ip_forward=1 /* 1 : 활성화
# sysctl -p # 설정 저장
# cat /proc/sys/net/ipv4/ip_forward
1
# yum install dhcp -y
# vi /etc/dhcp/dhcpd.conf
ddns-update-style interim;
subnet 172.31.0.0 netmask 255.255.255.0 { /* 172.31.0.0/24
option routers 172.31.0.1; /* 라우터
option subnet-mask 255.255.255.0; /* 서브넷 마스크
range dynamic-bootp 172.31.0.100 172.31.0.110; /* IP 범위
option domain-name-servers 8.8.8.8, 8.8.4.4; /* 도메인 IP
default-lease-time 7200; /* IP 임대시간 - 2시간
max-lease-time 86400; /* 사용자 추가요청시간 - 하루
}
사용가능한 IP 범위 : 172.31.0.2 ~ 172.31.0.254
172.31.0.1 : 라우터로 제외
172.31.0.255 : 서브넷 마스크로 제외
# systemctl enable dhcpd --now dhcpd
systemctl enable dhcpd
+ systemctl start dhcpd
vSwitch IP 확인
ping도 확인할 것
파일 및 폴더 복사
- 파일 복사
C:\Users\r2com\.ssh> notepad hello.txt
C:\Users\r2com\.ssh> dir /*확인
C:\Users\r2com\.ssh> scp -i my-key.pem hello.txt root@192.168.0.73:/root/
- 역으로
C:\Users\r2com\.ssh> del hello.txt
C:\Users\r2com\.ssh> scp -i my-key.pem root@192.168.0.73:/root/hello.txt ./
C:\Users\r2com\.ssh> ssh -i my-key.pem root@192.168.0.73 /* 확인
# ls
- 폴더 (-r 옵션)
C:\Users\r2com\.ssh> copy hello.txt test-folder
C:\Users\r2com\.ssh> scp -i my-key.pem -r test-folder root@192.168.0.73:/root/
C:\Users\r2com\.ssh> ssh -i my-key.pem root@192.168.0.73 /* 확인
# ls
cmd 대신
Portable Edition 다운로드 > 압축해제
Session > ssh
web01_SAMBA
# ssh root@{web01_samba IP}
# hosanamectl set-hostname web01
# exit
# ssh root@{web01_samba IP}
web02_NFS
# ssh root@{web02_NFS IP}
# hosanamectl set-hostname web02
# exit
# ssh root@{web02_NFS IP}
Database_DNS
# ssh root@{Database_DNS IP}
# hosanamectl set-hostname ns
# exit
# ssh root@{Database_DNS IP}
Nat
authorized_keys 보내기
# cp authorized_keys authorized_keys.pub
# ls
authorized_keys authorized_keys.pub known_hosts
# ssh-copy-id -i authorized_keys.pub root@{web01_SAMBA IP}
# ssh-copy-id -i authorized_keys.pub root@{web02_NFS IP}
# ssh-copy-id -i authorized_keys.pub root@{Database_DNS IP}
Key 넣기
NAT 터미널
# cd .ssh
.ssh # ls
.ssh # ssh -i my-key.pem root@{web01_SAMBA}
# chmod 400 my-key.pem
# ssh -i my-key.pem root@{web01_SAMBA}
정리
# cp authorized_keys authorized_keys.pub
# ssh-copy-id -i authorized_keys.pub root@{web01/web02/ns IP}
# chmod 400 my-key.pem
# ssh -i my-key.pem root@{web01/web02/ns IP}
네트워크 경로
C:\Windows\system32>netstat -a
# ss -ant
*/ WEB01_SAMBA
# firewall-cmd --permanent --zone=external --add-forward-port=port=221:proto=tcp:toport=22:toaddr=172.31.0.101
/* WEB02_NFS
# firewall-cmd --permanent --zone=external --add-forward-port=port=222:proto=tcp:toport=22:toaddr=172.31.0.102
/* DATABASE_DNS
# firewall-cmd --permanent --zone=external --add-forward-port=port=223:proto=tcp:toport=22:toaddr=172.31.0.103
# firewall-cmd --reload
# firewall-cmd --list-all --zone=external
# yum update -y
도메인을 ip로...
# yum -y install bind bind-chroot bind-utils
# cp /etc/named.conf /etc/named.conf.bak /*백업
대표적인 레코드
# vi /etc/named.conf
Esc
+ ggdG : 전부 다 지우기options {
listen-on port 53 { 127.0.0.1; 192.168.0/24; 172.31.0/24; }; /* 172.31.0 = 172.31.0.0(마지막 생략가능) : 내부네트워크 정의
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.0/24; 172.31.0/24; };
forwarders { 8.8.8.8; 8.8.4.4; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" {
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/var/named/xeomina.shop.zones"; /* 호스팅 영역 생성 (zones)
};
# vi /var/named/xeomina.shop.zones
zone "xeomina.shop" IN {
type master;
file "xeomina.shop.db"; /* db파일 생성/링크 - db안에 ip와 도메인 정보 매핑
allow-update { none; };
};
zone "0.31.172.in-addr.arpa" IN { /*172.31.0 > 0.31.172
type master;
file "0.31.172.in-addr.arpa.db"; /*ip를 도메인으로 변경(리버스)
allow-update { none; };
};
# vi /var/named/xeomina.shop.db
$TTL 86400
@ IN SOA xeomina.shop. root.xeomina.shop.( /* 도메인
2022041401 ; Serial /* 버전(날짜)- 2022041402,3,...
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.xeomina.shop.
IN MX 10 ns.xeomina.shop. /* 메일서버 DNS 필수 - MX(Mail Exchange;메일 교환기)
ns IN A 172.31.0.103 /* 네임서버
web01 IN A 172.31.0.101
web02 IN A 172.31.0.102
# vi /var/named/0.31.172.in-addr.arpa.db
# vi /var/named/0.31.172.in-addr.arpa.db
$TTL 86400
@ IN SOA xeomina.shop. root.xeomina.shop.(
2022041401 ; Serial
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.xeomina.shop.
103 IN PTR ns.xeomina.shop. /* 103 : 네임서버의 IP 맨 끝
# systemctl enable --now named
# systemctl restart named
# systemctl status named
vi /etc/named.conf
: set number
# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver 8.8.4.4
# find / -name dhcpd.conf /*dhcp.conf 위치 찾기
/etc/dhcp/dhcpd.conf
# vi /etc/dhcp/dhcpd.conf
# systemctl restart NetworkManager
# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.31.0.103
nameserver 8.8.8.8
nameserver 8.8.4.4
# systemctl restart named
# ping ns.xeomina.shop
# ping web01.xeomina.shop
# ping web02.xeomina.shop
# firewall-cmd --permanent --add-service=dns
success
# firewall-cmd --reload
success
# ping web02.xeomina.shop
# ping ns.xeomina.shop
vi /var/named/xeomina.shop.db
nat IN A 172.31.0.1 /* 추가
# ping nat.xeomina.shop
NAT에서 설치
# yum install -y haproxy
# vi /etc/haproxy/haproxy.cfg
global /*전역설정
daemon /*백그라운드
defaults
mode http /*접속프로토콜=http
frontend http-in
bind *:80
default_backend backend_servers
backend backend_servers
balance roundrobin
# cookie SVID insert indirect nocache maxlife 3m
server web01 172.31.0.101:80 cookie check
server web02 172.31.0.102:80 cookie check
# systemctl enable --now haproxy
WEB01/WEB02
# sestatus
Current mode: enforcing
Mode from config file: enforcing
# vi /etc/sysconfig/selinux
SELINUX=disabled 로 변경
# setenforce 0
# sestatus
Current mode: permissive
Mode from config file: disabled
# yum install -y httpd
# systemctl enable --now httpd
# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload
# cd /var/www/html
# mkdir images
# cd images
# yum install -y wget
# wget http://192.168.0.26/FILES/two-rabbit.jpg
--2022-04-14 16:50:41-- http://192.168.0.26/FILES/two-rabbit.jpg
Connecting to 192.168.0.26:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 571622 (558K) [image/jpeg]
Saving to: ‘two-rabbit.jpg’
0% 0 --.-K/s 100% 571,622 --.-K/s in 0.02s
2022-04-14 16:50:41 (32.3 MB/s) - ‘two-rabbit.jpg’ saved [571622/571622]
# ls
two-rabbit.jpg
# cd ..
# vi index.html
<html> 코드 입력
# firewall-cmd --zone=external --permanent --add-service=http
# firewall-cmd --reload
WEB01
<h1>WEB01</h1>
WEB02
<h1>WEB02</h1>
# vi /etc/haproxy/haproxy.cfg
cookie SVID insert indirect nocache maxlife 1m /*1분
# yum install -y bind-utils
# dig A web01.xeomina.shop
web01.xeomina.shop. 86400 IN A 172.31.0.101
# dig -x 172.31.0.103 /* NS IP
103.0.31.172.in-addr.arpa. 86400 IN PTR ns.xeomina.shop.