vSwitch
# hostnamectl set-hostname nat
# vi /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=none
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.0.218
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=8.8.8.8
DNS2=203.248.252.2
# vi /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=none
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=10.0.23.1 /* 내부 라우터 ip
NETMASK=255.255.255.0 /* ip 고정하기위해 마스크
# systemctl restart network
# yum install -y bash-completion
# firewall-cmd --get-active-zone
public
interfaces: ens32 ens33
# nmcli c mod ens32 connection.zone external
# nmcli c mod ens33 connection.zone internal
# firewall-cmd --get-active-zone
internal
interfaces: ens33
external
interfaces: ens32
# sysctl -w net.ipv4.ip_forward=1 # 리눅스 시스템을 라우터로
# sysctl -p # 설정 저장
# reboot
# cat /proc/sys/net/ipv4/ip_forward
1
# yum install dhcp -y
# vi /etc/dhcp/dhcpd.conf
ddns-update-style interim;
subnet 10.0.23.0 netmask 255.255.255.0 { # 본인의 ip 대역 - 네트워크 지칭
option routers 10.0.23.1;
option subnet-mask 255.255.255.0;
range dynamic-bootp 10.0.23.2 10.0.23.254; # 이론적으로는 0~255 가능, but 0: 네트워크 주소/255: 브로드캐스팅 주소/1: 라우터
option domain-name-servers 10.0.23.1, 8.8.8.8, 203.248.252.2; # 10.0.23.1 : ns의 IP
default-lease-time 7200; #7200s=2h
max-lease-time 86400; #86400s=24h
}
Cf) 만약 DNS 대란이 날 경우..?
다른 ISP의 DNS 서버를 보조 DNS로 추가
# systemctl enable --now dhcpd
# yum -y install bind bind-chroot bind-utils
# vi /etc/named.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.0/24; 10.0.23/24; }; #NS에 접근할 IP범위(접근제어)
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.0/24; 10.0.23/24; }; #쿼리할 IP범위
forwarders { 8.8.8.8; 203.248.252.2; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
# Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view "internal" {
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/var/named/xeomina.shop.zones"; # 호스팅 영역 생성
};
# vi /var/named/xeomina.shop.zones
zone "xeomina.shop" IN { #도메인을 IP로(정방향)
type master;
file "xeomina.shop.db";
allow-update { none; };
};
zone "23.0.10.in-addr.arpa" IN { #IP를 도메인으로(역방향)
type master;
file "23.0.10.in-addr.arpa.db";
allow-update { none; };
};
# vi /var/named/xeomina.shop.db
$TTL 86400
@ IN SOA xeomina.shop. root.xeomina.shop.(
2022041401 ; Serial
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.xeomina.shop.
IN MX 10 ns.xeomina.shop.
ns IN A 10.0.23.1
# vi /var/named/23.0.10.in-addr.arpa.db
$TTL 86400
@ IN SOA xeomina.shop. root.xeomina.shop.(
2022042701 ; Serial
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.xeomina.shop.
1 IN PTR ns.xeomina.shop.
# firewall-cmd --permanent --add-service=dns --zone=internal
# firewall-cmd --reload
# firewall-cmd --list-all --zone=internal
internal (active)
interfaces: ens33
services: dhcpv6-client dns mdns samba-client ssh
이름 | OS | IP |
---|---|---|
NAT_GW_DHCP_HA_NS | CentOS7 | 10.0.23.1 |
WEB01 | CentOS7 | 10.0.23.2 |
DB_SMB_NFS | CentOS7 | 10.0.23.3 |
WEB02 | Ubuntu18 | 10.0.23.4 |
WEB03 | Win2012 | 10.0.23.5 |
# vi /var/named/xeomina.shop.db
$TTL 86400
@ IN SOA xeomina.shop. root.xeomina.shop.(
2022041401 ; Serial
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.xeomina.shop.
IN MX 10 ns.xeomina.shop.
nat IN A 192.168.0.218
ns IN A 10.0.23.1
web01 IN A 10.0.23.2
db IN A 10.0.23.3
web02 IN A 10.0.23.4
web03 IN A 10.0.23.5
# systemctl restart named
# firewall-cmd --permanent --add-service=dns --zone=external
# firewall-cmd --reload
# vi /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=none
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.0.218
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=10.0.23.1 #추가
DNS2=8.8.8.8
DNS3=8.8.4.4
PEERDNS=no #추가 - 만들어놓은 DNS 최우선
PROXY_METHOD=none
BROWSER_ONLY=no
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
UUID=152beb06-47c5-c5e8-95a9-385590654382
ZONE=external
# systemctl restart network
# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.23.1 #추가됨
nameserver 8.8.8.8
nameserver 8.8.4.4
# dig -x 10.0.23.1
;; ANSWER SECTION:
1.23.0.10.in-addr.arpa. 86400 IN PTR ns.xeomina.shop.
# dig A web01.xeomina.shop
;; ANSWER SECTION:
web01.xeomina.shop. 86400 IN A 10.0.23.2
# nslookup web02.xeomina.shop
Server: 10.0.23.1
Address: 10.0.23.1#53
Name: web02.xeomina.shop
Address: 10.0.23.4
$TTL 86400
@ IN SOA xeomina.shop. root.xeomina.shop.(
2022041401 ; Serial
3h ; Refresh
1h ; Retry
1w ; Expire
1h ) ; Minimum
IN NS ns.xeomina.shop.
IN MX 10 ns.xeomina.shop.
nat IN A 192.168.0.218
ns IN A 10.0.23.1
web01 IN A 10.0.23.2
db IN A 10.0.23.3
web02 IN A 10.0.23.4
web03 IN A 10.0.23.5
test IN CNAME db #추가
# systemctl restart named
# ping test.xeomina.shop
10.0.23.0
255.255.255.0
192.168.0.218
(NAT GW)C:\Windows\system32>route add 10.0.23.0 mask 255.255.255.0 192.168.0.218
# firewall-cmd --permanent --zone=external --add-forward-port=port=221:proto=tcp:toport=22:toaddr=10.0.23.2
# firewall-cmd --permanent --zone=external --add-forward-port=port=222:proto=tcp:toport=22:toaddr=10.0.23.4
# firewall-cmd --permanent --zone=external --add-forward-port=port=223:proto=tcp:toport=22:toaddr=10.0.23.3
# firewall-cmd --permanent --zone=external --add-forward-port=port=3389:proto=tcp:toport=3389:toaddr=10.0.23.5
>ssh-copy-id -p 221 -i id_rsa.pub root@192.168.0.218
>ssh-copy-id -p 222 -i id_rsa.pub xeomina@192.168.0.218 #ubuntu 사용자
>ssh-copy-id -p 223 -i id_rsa.pub root@192.168.0.218
# vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB #패키지 이름 지정
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
# yum install -y MariaDB #설정한 패키지 이름
# rpm -qa | grep MariaDB
# mariadb --version
# systemctl enable --now mariadb
Disallow root login remotely?
: n
으로# mysql_secure_installation
# systemctl restart mariadb
# mysql -u root -p
> CREATE USER 'wpuser'@'%' IDENTIFIED BY 'kosa0401';
> CREATE DATABASE IF NOT EXISTS wordpress;
> GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'%';
> EXIT
# firewall-cmd --permanent --add-service=mysql
# firewall-cmd --reload
# yum install -y httpd
# systemctl enable --now httpd
# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload
# rpm -qa | grep firewalld
# systemctl status firewalld
web03에서 확인
apt-get
: 우분투의 패키지 매니저$ sudo apt-get update
$ sudo apt-get install nginx -y
web03에서 확인
# yum install -y haproxy
# vi /etc/haproxy/haproxy.cfg
global
daemon
defaults
mode http
frontend http-in
bind *:80
default_backend backend_servers
backend backend_servers
balance roundrobin
# cookie SVID insert indirect nocache maxlife 3m
server web01 10.0.23.2:80 cookie check
server web02 10.0.23.4:80 cookie check
server web03 10.0.23.5:80 cookie check
# systemctl enable --now haproxy
# firewall-cmd --list-all --zone=external
# firewall-cmd --permanent --add-service=http --zone=external
# firewall-cmd --reload
/var/www/html/
/var/www/html/
/usr/share/nginx/html/
C:\inetpub\wwwroot\
# cd /var/www/html
# echo "<h1>WEB01</h1>" > index.html
Cf) 리눅스의 입출력 재지정(redirection)
기본적으로 리눅스의 표준 입력(standard input)은 키보드이고 표준 출력 (standard output)은 모니터 혹은 터미널윈도이다.
출력 재지정(output redirection) :
명령어의 표준 출력 내용을 모니터에 출력하는 대신에 파일에 저장하거나 다른 명령어의 입력으로 인가할 수 있다.
이때 사용되는 기호가 >와 | 이다.
명령어 > 파일명
입력 재지정 (input redirection) :
명령어의 표준 입력을 키보드 대신 파일에서 받을 수 있다.
이 때 < 연산자가 이용된다.
명령어 < 파일명
$ sudo find / -name index.html
$ cd /var/www/html/
$ sudo mv index.nginx-debian.html index.nginx-debian.html.bak
index.html 파일 수정
sudo로 root처럼
$ sudo echo "<h1>WEB02</h1>" > index.html
global
daemon
defaults
mode http
frontend http-in
bind *:80
default_backend backend_servers
backend backend_servers
balance roundrobin
cookie SVID insert indirect nocache maxlife 10s
server web01 10.0.23.2:80 cookie w1 check
server web02 10.0.23.4:80 cookie w2 check
server web03 10.0.23.5:80 cookie w3 check
세부 사항
mode http #http : L7(Application Layer) S/W (상위)
tcp #tcp : L4(Transport Layer) S/W (하위)
frontend http-in # front 이름 : http-in (변경 가능)
bind *:80 # *: 접근제어에서 anywhere의 의미 / 80 port(default)
default_backend backend_servers # back에서 정의한 backend_servers로 연결
backend backend_servers # back 이름 : backend_servers
balance roundrobin # 로드밸런서 알고리즘 : roundrobin(서버에 순차적으로 접근)
로그인 버튼 누를떄마다 다른 서버로 세션 바뀜 -> 하나의 서버에 일정시간 동안은 머물러야 함 -> 고정 세션
cookie SVID insert indirect nocache maxlife 10s # sticky sesstion(고정세션)
server web01 10.0.23.2:80 cookie w1 check # w1
server web02 10.0.23.4:80 cookie w2 check
server web03 10.0.23.5:80 cookie w3 check
# yum install -y samba
# mkdir -p /var/samba/share
# chmod 777 /var/samba/share
# adduser kosa
# passwd kosa
New password:koda0401
# smbpasswd -a kosa
# vi /etc/samba/smb.conf
[global]
workgroup = SAMBA # 설정 변경 안해도 됨
[share] # 추가
comment = Share Directory
path = /var/samba/share
browserable = yes
writable = yes
valid users = kosa
create mask = 0777
directory mask = 0777
# systemctl enable --now smb nmb
zone=public
: 랜카드 하나 > internal/external zone 구분 안해도 됨 > public 생략가능(default)# firewall-cmd --permanent --add-service=samba --zone=public
# firewall-cmd --reload
\\db.xeomina.shop
# cd /var/samba/share/
# ls
wordpress-5.9.3-ko_KR.zip
# yum install -y nfs-utils
/
) 밑에 생성# mkdir /share && cd $_
.
)로# cp /var/samba/share/wordpress-5.9.3-ko_KR.zip .
# ls
wordpress-5.9.3-ko_KR.zip
# vi /etc/exports
/share 10.0.23.0/24(rw,sync)
/share *(rw,sync) # *: anywhere
# chmod 707 /share
# systemctl enable --now nfs-server
# exportfs -v
/share <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=rpc-bind
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --reload
CentOS
# yum install -y nfs-utils
# showmount -e db.xeomina.shop
Export list for db.xeomina.shop:
/share *
# mkdir share
# mount -t nfs db.xeomina.shop:/share /root/share
# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 899M 0 899M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.5M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/mapper/centos-root 97G 1.5G 96G 2% /
/dev/sda1 1014M 195M 820M 20% /boot
tmpfs 182M 0 182M 0% /run/user/0
db.xeomina.shop:/share 97G 2.0G 96G 2% /root/share
# ls share/
wordpress-5.9.3-ko_KR.zip
# cp /etc/fstab /etc/fstab.bak
# echo "db.xeomina.shop:/share /root/share nfs defaults 0 0" >> /etc/fstab
Ubuntu
$ sudo apt-get update
$ sudo apt-get install -y nfs-common
$ sudo mount -t nfs db.xeomina.shop:/share /home/xeomina/share
$ df -h
$ ls share/
$ sudo cp /etc/fstab /etc/fstab.bak
$ sudo vi /etc/fstab
db.xeomina.shop:/share /home/xeomina/share nfs defaults 0 0
Window 2012
> ping db.xeomina.shop
> mount db.xeomina.shop:/share z:\
각 서버에 접속하기 전 nat에서 다른 서버 주석처리 하기
# yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# yum -y install epel-release yum-utils
# yum-config-manager --enable remi-php74
# yum install -y httpd php php-mysql php-gd php-mbstring wget unzip
# cd /var/www/html
# unzip /root/share/wordpress-5.9.3-ko_KR.zip
# ls
index.html wordpress
# mv wordpress/* .
# ls
index.html wp-activate.php wp-content wp-login.php xmlrpc.php
index.php wp-admin wp-cron.php wp-mail.php
license.txt wp-blog-header.php wp-includes wp-settings.php
readme.html wp-comments-post.php wp-links-opml.php wp-signup.php
wordpress wp-config-sample.php wp-load.php wp-trackback.php
# chown -R apache:apache /var/www/*
# mv index.html index.html.bak
# systemctl restart httpd
# vi /etc/haproxy/haproxy.cfg
backend backend_servers
balance roundrobin
cookie SVID insert indirect nocache maxlife 10m
server web01 10.0.23.2:80 cookie w1 check
# server web02 10.0.23.4:80 cookie w2 check
# server web03 10.0.23.5:80 cookie w3 check
# systemctl restart haproxy
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install -y nginx
$ sudo apt install -y php7.2 php7.2-fpm php7.2-mysql php7.2-mbstring php7.2-gd wget unzip
$ sudo mkdir -p /var/www/html/wordpress/public_html
$ cd /etc/nginx/sites-available
$ sudo vi wordpress.conf
server {
listen 80;
root /var/www/html/wordpress/public_html;
index index.php index.html;
server_name nat.xeomina.shop; #수정
access_log /var/log/nginx/SUBDOMAIN.access.log;
error_log /var/log/nginx/SUBDOMAIN.error.log;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ cd /etc/nginx/sites-enabled
$ ls
default
ln -s [원본 파일 또는 디렉토리] [심볼릭 링크 이름]
$ sudo ln -s ../sites-available/wordpress.conf .
$ ls -al
total 8
drwxr-xr-x 2 root root 4096 Apr 28 16:31 .
drwxr-xr-x 8 root root 4096 Apr 28 16:11 ..
lrwxrwxrwx 1 root root 34 Apr 27 17:23 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 33 Apr 28 16:31 wordpress.conf -> ../sites-available/wordpress.conf
$ sudo systemctl reload nginx
$ cd /var/www/html/wordpress/public_html
$ sudo wget https://ko.wordpress.org/latest-ko_KR.zip
$ sudo unzip latest-ko_KR.zip
$ ls
latest-ko_KR.zip wordpress
$ sudo mv wordpress/* .
$ ls
index.php wp-activate.php wp-content wp-login.php xmlrpc.php
latest-ko_KR.zip wp-admin wp-cron.php wp-mail.php
license.txt wp-blog-header.php wp-includes wp-settings.php
readme.html wp-comments-post.php wp-links-opml.php wp-signup.php
wordpress wp-config-sample.php wp-load.php wp-trackback.php
$ sudo chown -R www-data:www-data *
$ sudo chmod -R 755 *
$ sudo systemctl restart nginx
# vi /etc/haproxy/haproxy.cfg
backend backend_servers
balance roundrobin
cookie SVID insert indirect nocache maxlife 10m
# server web01 10.0.23.2:80 cookie w1 check
server web02 10.0.23.4:80 cookie w2 check
# server web03 10.0.23.5:80 cookie w3 check
# systemctl restart haproxy
C:\inetpub\wwwroot
# cp wp-config.php /root/share/
C:\inetpub\wwwroot
# vi /etc/haproxy/haproxy.cfg
backend backend_servers
balance roundrobin
# cookie SVID insert indirect nocache maxlife 10m
server web01 10.0.23.2:80 cookie w1 check
server web02 10.0.23.4:80 cookie w2 check
server web03 10.0.23.5:80 cookie w3 check
# systemctl restart haproxy
# cd /var/log/httpd
# cat access_log
0.0.23.1 - - [29/Apr/2022:18:25:21 +0900] "GET / HTTP/1.1" 200 53817 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36"
10.0.23.1 - - [29/Apr/2022:18:25:57 +0900] "GET /favicon.ico HTTP/1.1" 404 209 "http://nat.xeomina.shop/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0"
10.0.23.1 - - [29/Apr/2022:18:48:06 +0900] "GET / HTTP/1.1" 200 53871 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/100.0.4896.85 Mobile/15E148 Safari/604.1"
# cd /etc/haproxy/
# cp haproxy.cfg haproxy.cfg.bak2
# vi /etc/haproxy/haproxy.cfg
global
daemon
defaults
mode http
frontend http-in
bind *:80 # L4 S/W (TCP Port)
acl firefox hdr_sub(User-Agent) Firefox # acl : access control list(접근 제어 목록)
acl trident hdr_sub(User-Agent) Trident # L7 S/W (Content S/W)
default_backend backend_servers # 조건에 맞지않는 서버는 default_backend
use_backend bk_firefox if firefox
use_backend bk_trident if trident
backend backend_servers
balance roundrobin
# cookie SVID insert indirect nocache maxlife 10s
server web01 10.0.23.2:80 cookie w1 check
server web02 10.0.23.4:80 cookie w2 check
server web03 10.0.23.5:80 cookie w3 check
backend bk_firefox
server web01 10.0.23.2:80
backend bk_trident
server web02 10.0.23.4:80