使用两台主机实现博客的搭建

1.运行环境

这里的主机IP是自己虚拟器的IP。

主机	主机名	系统	服务
192.168.179.128	Server-Web	Linux	Web
192.168.179.129	Server-NFSDNS	Linux	NFS/DNS

2.基础配置

1.配置主机名，静态IP地址

2.开启防火墙并配置

3.部分开启SElinux并配置

4.服务器之间使用同ntp.aliyun.com进行时间同步

5.服务器之间实现SSH免密登录

3.业务需求

1.Server-NFS-DNS主机配置NFS服务器，将博客网站资源文件共享给Server-web主机，Server-NFS-DNS主机配置DNS

2.Server-web主机配置web服务，通过域名www.openla b.com可以访问到自建的博客网站

4.准备工作

4.1配置静态IP

#在192.168.179.128中配置
[root@server ~]# nmcli c modify ens33 ipv4.method manual ipv4.addresses '192.168.179.128/24' ipv4.gateway '192.168.179.2' ipv4.dns '114.114.114.114'
[root@server ~]# nmcli c reload
[root@server ~]# nmcli c up ens33
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/3）
[root@server ~]# 

#在192.168.179.129中配置
[root@node ~]# nmcli c modify ens33 ipv4.method manual ipv4.addresses '192.168.179.129/24' ipv4.gateway '192.168.179.2' ipv4.dns '114.114.114.114'
[root@node ~]# nmcli c reload
[root@node ~]# nmcli c up ens33
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/2）
[root@node ~]#

#在192.168.179.128

#在192.168.179.129

4.2修改主机名及hosts映射

#在192.168.179.128

其中，vim /etc/hosts修改如下：

#在192.168.179.129

其中，vim /etc/hosts修改如下：

4.3开启防火墙

#在192.168.179.128

#在192.168.179.129

4.4时间同步

#在192.168.179.128

[root@Server-Web ~]# vim /etc/chrony.conf
[root@Server-Web ~]# systemctl restart chronyd
[root@Server-Web ~]# chronyc sources -v timedatectl status

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    17    11   -520us[-1254us] +/-   45ms
[root@Server-Web ~]#

其中，vim /etc/chrony.conf修改如下：

****只修改第三行****

#在192.168.179.129

[root@Server-NFS-DNS ~]# vim /etc/chrony.conf
[root@Server-NFS-DNS ~]# systemctl restart chronyd
[root@Server-NFS-DNS ~]# chronyc sources -v timedatectl status

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    17     1  +2700us[  +23ms] +/-   51ms
[root@Server-NFS-DNS ~]#

其中，vim /etc/chrony.conf修改如下：

****只修改第三行****

4.5配置免密ssh登录

#在192.168.179.128

[root@Server-Web ~]# ssh-keygen -t rsa     # 生成公钥私钥，一路回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:cNtuVI4LGHqi1vEBcJZWVxdk/BJgThJFMKHpJ9qXzzM root@Server-Web
The key's randomart image is:
+---[RSA 3072]----+
|  . oo. BBB+=.   |
|   +o  + * oo    |
|   .. = . . .o   |
|     + = o +. .  |
|    + * S + ..   |
|   o B + = .     |
|  o o o o +      |
| .     . +E      |
|          oo     |
+----[SHA256]-----+
[root@Server-Web ~]# ssh-copy-id 192.168.179.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.179.129 (192.168.179.129)' can't be established.
ED25519 key fingerprint is SHA256:dM/C+n5JHJmF8kOIz1/p88dbHJ3PjcswbBYrsEErnBc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.
root@192.168.179.129's password:             #这是主机192.168.179.129的登录密码
Permission denied, please try again.
root@192.168.179.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.179.129'"
and check to make sure that only the key(s) you wanted were added.

[root@Server-Web ~]# ssh 192.168.179.129      #连接主机192.168.179.129进行测试

Authorized users only. All activities may be monitored and reported.

Authorized users only. All activities may be monitored and reported.
Last failed login: Mon Apr 15 19:06:28 CST 2024 from 192.168.179.128 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Mon Apr 15 18:44:23 2024 from 192.168.179.1


Welcome to 5.10.0-182.0.0.95.oe2203sp3.x86_64

System information as of time: 	2024年 04月 15日 星期一 19:07:04 CST

System load: 	0.10
Processes: 	193
Memory used: 	12.3%
Swap used: 	0%
Usage On: 	12%
IP address: 	192.168.179.129
Users online: 	2


[root@Server-NFS-DNS ~]# exit          #连接成功，退出
注销
Connection to 192.168.179.129 closed.
[root@Server-Web ~]#

#在192.168.179.129

[root@Server-NFS-DNS ~]# ssh-keygen -t rsa      # 生成公钥私钥，一路回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:rqyCl1ZsB8OMJewLmB8YYHJbaWCDfz75N3Z3UqFwgko root@Server-NFS-DNS
The key's randomart image is:
+---[RSA 3072]----+
|++=...           |
|=oo++            |
|.*.B     .       |
|= = * E . o . .  |
| o * = .S  + . . |
|  o B o.    . .  |
| . + +  .    .   |
|. =  ...+ . o .  |
| o ...oo o . o   |
+----[SHA256]-----+
[root@Server-NFS-DNS ~]# ssh-copy-id 192.168.179.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.179.128 (192.168.179.128)' can't be established.
ED25519 key fingerprint is SHA256:dM/C+n5JHJmF8kOIz1/p88dbHJ3PjcswbBYrsEErnBc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.
root@192.168.179.128's password:             #这里是主机192.168.179.128的登录密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.179.128'"
and check to make sure that only the key(s) you wanted were added.

[root@Server-NFS-DNS ~]# ssh 192.168.179.129             连接主机192.168.179.128，进行测试
The authenticity of host '192.168.179.129 (192.168.179.129)' can't be established.
ED25519 key fingerprint is SHA256:dM/C+n5JHJmF8kOIz1/p88dbHJ3PjcswbBYrsEErnBc.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: 192.168.179.128
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.179.129' (ED25519) to the list of known hosts.

Authorized users only. All activities may be monitored and reported.
root@192.168.179.129's password: 

Authorized users only. All activities may be monitored and reported.
Last login: Mon Apr 15 19:07:04 2024 from 192.168.179.128


Welcome to 5.10.0-182.0.0.95.oe2203sp3.x86_64

System information as of time: 	2024年 04月 15日 星期一 19:11:28 CST

System load: 	0.00
Processes: 	195
Memory used: 	12.4%
Swap used: 	0%
Usage On: 	12%
IP address: 	192.168.179.129
Users online: 	2


[root@Server-NFS-DNS ~]# exit      #连接成功，退出
注销
Connection to 192.168.179.129 closed.
[root@Server-NFS-DNS ~]#

5.环境搭建

5.1. Server-web端安装LNMP环境软件

[root@Server-Web ~]# yum install nginx mariadb-server php* -y

5.2. Server-NFS-DNS端上传博客软件

网址：https://cn.wordpress.org/ ，下载后为zip压缩文件

这里建议不要下载太高的版本，因为这里对PHP要求很高，如果下载不对或者不兼容，后续补救会很麻烦。

将wordpress上传到192.168.179.129（Server-NFSDNS）端的/目录下

这里用Xftp上传

解压缩：

[root@Server-NFS-DNS ~]# cd /
[root@Server-NFS-DNS /]# unzip wordpress6.1-zh_CN.zip   #等待解压缩，完成即可
#这里我用了6.1的版本，zh_CN ——这里是中文版

[root@Server-NFS-DNS /]# cd wordpress
[root@Server-NFS-DNS wordpress]# ls
index.php        wp-blog-header.php    wp-includes        wp-settings.php
license.txt      wp-comments-post.php  wp-links-opml.php  wp-signup.php
readme.html      wp-config-sample.php  wp-load.php        wp-trackback.php
wp-activate.php  wp-content            wp-login.php       xmlrpc.php
wp-admin         wp-cron.php           wp-mail.php
[root@Server-NFS-DNS wordpress]#

5.3. Server-NFS-DNS端设置NFS共享

目的：将Server-NFS-DNS端的/wordpress 目录共享给 192.168.179.128（Server-Web）

[root@Server-NFS-DNS wordpress]# yum install rpcbind -y
[root@Server-NFS-DNS wordpress]# yum install nfs-utils -y
[root@Server-NFS-DNS wordpress]# cd ~
[root@Server-NFS-DNS ~]# vim /etc/exports     #编辑配置文件

#设置权限
[root@Server-NFS-DNS ~]# chmod -Rf 777 /wordpress
#防火墙添加服务放行
[root@Server-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-service=mountd
success
[root@Server-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-service=rpc-bind
success
[root@Server-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-service=nfs
success
[root@Server-NFS-DNS ~]# firewall-cmd --reload
success
#重启服务
[root@Server-NFS-DNS ~]# systemctl start rpcbind
[root@Server-NFS-DNS ~]# systemctl start nfs-server
[root@Server-NFS-DNS ~]#

其中，配置文件文件vim /etc/exports修改如下：

5.4. Server-web设置

5.4.1. 挂载远程共享目录

[root@Server-Web ~]# showmount -e 192.168.179.129     #查看
Export list for 192.168.179.129:
/wordpress 192.168.179.128
[root@Server-Web ~]# mkdir /wp       #新建本地挂载目录
[root@Server-Web ~]# mount -t nfs 192.168.179.129:/wordpress /wp    #挂载
[root@Server-Web ~]# cd /wp
[root@Server-Web wp]# ls
index.php        wp-blog-header.php    wp-includes        wp-settings.php
license.txt      wp-comments-post.php  wp-links-opml.php  wp-signup.php
readme.html      wp-config-sample.php  wp-load.php        wp-trackback.php
wp-activate.php  wp-content            wp-login.php       xmlrpc.php
wp-admin         wp-cron.php           wp-mail.php
[root@Server-Web wp]#

5.4.2. nginx设置

[root@Server-Web wp]# cd ~
[root@Server-Web ~]# firewall-cmd --permanent --zone public --add-service=http  #放行
success
[root@Server-Web ~]# firewall-cmd --reload
success
[root@Server-Web ~]# vim /etc/nginx/nginx.conf   #编辑nginx配置文件
[root@Server-Web ~]#

其中，配置文件vim /etc/nginx/nginx.conf修改如下：

配置文件中，只用修改root所在行就可以。

5.4.3. 修改wordpress配置文件

[root@Server-Web ~]# cd /wp
[root@Server-Web wp]# cp wp-config-sample.php wp-config.php
[root@Server-Web wp]# vim wp-config.php
[root@Server-Web wp]#

其中，配置文件vim wp-config.php修改如下：

23行是WordPress数据库名称，26行是MySQL数据库用户名，29行是MySQL数据库密码。

5.4.4. 启动数据库

[root@Server-Web wp]# cd ~
[root@Server-Web ~]# systemctl start mariadb
[root@Server-Web ~]#

5.4.5. 在数据库中创建数据库和用户

[root@Server-Web ~]# mysql
MariaDB [(none)]> create database wordpress; 
 # 创建数据库，尾部有分号
MariaDB [(none)]> create user 'test1'@'localhost' identified by '123456'; 
 # 第一个''为数据库账号，@后面的''内容为数据库可以登
录的地址，localhost意为只能本机登录。用户和密码与
wordpress配置文件一样,
MariaDB [(none)]> grant all on wordpress.* to 'test1'@'localhost';  # 给用户授权
MariaDB [(none)]> exit   # 退出

5.4.6. 重启数据库和http

[root@Server-Web ~]# systemctl restart mariadb
[root@Server-Web ~]# systemctl restart nginx

5.5测试

在windows端输入192.168.48.130继续完成wordpress 配置 (邮箱必须设置)

进入后，我们会看到以下界面：

之后就可以填入自己的信息了!

信息填写完成后，就可以安装了。

此界面就是我们登录成功后的界面了。

5.6. 在Server-NFS-DNS端配置DNS

原则：www.openlab.com 正向解析为 192.168.48.130

1.安装：

[root@Server-NFS-DNS ~]# cd ~
[root@Server-NFS-DNS ~]# yum install bind -y

#防火墙放行
[root@Server-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-service=dns
success
[root@Server-NFS-DNS ~]# firewall-cmd --reload
success
[root@Server-NFS-DNS ~]# systemctl start named
[root@Server-NFS-DNS ~]#

2.编辑主配置文件：vim /etc/named.conf

修改11行、19行。

3.修改区域配置文件，清空添加：vim /etc/named.rfc1912.zones

4.新建区域数据文件并配置解析

[root@Server-NFS-DNS ~]# cd /var/named
[root@Server-NFS-DNS named]# cp -a named.localhost openlab.com.zone
# 添加正向解析，注意：解析为192.168.48.130web服务器
[root@Server-NFS-DNS named]# vim openlab.com.zone
[root@Server-NFS-DNS named]#

其中，配置文件vim openlab.com.zone修改如下：

5.启动服务

[root@Server-NFS-DNS named]# systemctl restart named

6.测试

将Server-Web端的DNS改为192.168.48.131后并输入w ww.openlab.com域名访问

显示此界面，说明该实验已经完成了。