需求分析
大家都知道一般像银行这种保密安全要求非常高的企业服务器都是不开外网的,可以理解为不能上网,都是私网环境,这对于运维来说简直不可理喻,安装软件时意味着不能使用网络源(比如阿里云、网易),仅仅是本地yum源肯定是不能满足需求,这时就需要考虑如何使用网络源来安装软件。下面的操作不会影响生产环境下主机业务,仅yum源的流量走代理。
环境拓扑图
操作说明
- 局域网下只有一台主机可以上网,均使用centos7演示,确保每台主机关闭了防火墙和seliunx
- 先安装配置好nginx代理
- 再配置局域网其他主机yum源,测试yum源是否正常
=====================================================================================
nginx代理服务器配置(10.10.10.7)
- 安装nginx (能访问外网的主机上配置)
看我之前的这篇文章 安装nginx - 配置nginx代理
cd /etc/nginx/conf.d vim proxy.conf #创建代理配置文件,在这之前将默认配置文件删除或备份
proxy.conf配置文件如下,如果只需要代理centos源那就只留对应行的location就行了
server { listen 80; server_name localhost; index index.html index.htm index.php default.html default.htm default.php; root /home/wwwroot/html; location /ubuntu/ { proxy_pass http://mirrors.aliyun.com/ubuntu/ ; } location /centos/ { proxy_pass http://mirrors.aliyun.com/centos/ ; } location /epel/ { proxy_pass http://mirrors.aliyun.com/epel/ ; } }
- 启动ngixn服务
systemctl start nginx
其他内网主机配置yum源
- 以配置centos7为例,给出正常上网的阿里云配置如下:
[base] name=CentOS-7 - Base - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/7/os/$basearch/ http://mirrors.aliyuncs.com/centos/7/os/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/7/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-7 - Updates - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/7/updates/$basearch/ http://mirrors.aliyuncs.com/centos/7/updates/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/7/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-7 - Extras - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/ http://mirrors.aliyuncs.com/centos/7/extras/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/7/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-7 - Plus - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/7/centosplus/$basearch/ http://mirrors.aliyuncs.com/centos/7/centosplus/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/7/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #contrib - packages by Centos Users [contrib] name=CentOS-7 - Contrib - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos/7/contrib/$basearch/ http://mirrors.aliyuncs.com/centos/7/contrib/$basearch/ http://mirrors.cloud.aliyuncs.com/centos/7/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
注意:如果下载官网的yum配置文件不能使用,请将$releasever改成7(对应系统版本),baseurl的地址可以只留第一行
下载官网yum配置文件:wget http://mirrors.aliyun.com/repo/Centos-7.repo - 将配置文件中mirrors.aliyun.com换成nginx代理的IP地址,配置如下:
可以在vim中使用 :%s/mirrors.aliyun.com/10.10.10.7/g 来全部替换,下面配置是删除多余baseurl后再替换的[base] name=CentOS-7 - Base - 10.10.10.7 failovermethod=priority baseurl=http://10.10.10.7/centos/7/os/$basearch/ gpgcheck=1 gpgkey=http://10.10.10.7/centos/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-7 - Updates - 10.10.10.7 failovermethod=priority baseurl=http://10.10.10.7/centos/7/updates/$basearch/ gpgcheck=1 gpgkey=http://10.10.10.7/centos/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-7 - Extras - 10.10.10.7 failovermethod=priority baseurl=http://10.10.10.7/centos/7/extras/$basearch/ gpgcheck=1 gpgkey=http://10.10.10.7/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-7 - Plus - 10.10.10.7 failovermethod=priority baseurl=http://10.10.10.7/centos/7/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://10.10.10.7/centos/RPM-GPG-KEY-CentOS-7 #contrib - packages by Centos Users [contrib] name=CentOS-7 - Contrib - 10.10.10.7 failovermethod=priority baseurl=http://10.10.10.7/centos/7/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://10.10.10.7/centos/RPM-GPG-KEY-CentOS-7
-
更新yum仓库
yum clean all #清空仓库数据库 yum makecache #更新仓库数据库
-
验证配置的yum源是否可用
ping 不通百度但是能使用阿里云的yum源
总结:
这样是不是方便多了,以后都不用手动安装依赖包了,当生产环境下可能没有一台服务器能上外网,这时候怎么办呢,笔记本拿一根网线连接到对应交换机,打开一个虚拟机且使用桥接网络模式,让内网服务器能访问到你笔记本的虚拟机,笔记本再连接一个能上网的wifi就行了,满足一切需求。