一、题目
二、主服务器配置
1.下载HTTP服务,DNS服务
[root@localhost ~]# yum install -y httpd bind
2.开启防火墙,放行服务
# 开启防火墙
[root@localhost ~]# systemctl start firewalld
# 放行服务
[root@localhost ~]# firewall-cmd --add-service=http
success
[root@localhost ~]# firewall-cmd --add-service=https
success
[root@localhost ~]# firewall-cmd --add-service=dns
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-service
cockpit dhcpv6-client dns http https ssh
3.创建HTTP服务访问的文件夹
[root@localhost ~]# mkdir /dadou
[root@localhost ~]# mkdir /xiaodou
[root@localhost ~]# mkdir /doudou
4.输入重定向至文件
[root@localhost ~]# echo dadou > /dadou/index.html
[root@localhost ~]# echo xiaodou > /xiaodou/index.html
[root@localhost ~]# echo doudou > /doudou/index.html
5.修改文件的安全上下文
# 查看标记
[root@localhost ~]# ll -Z /xiaodou
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:default_t:s0 8 Jul 9 13:44 index.html
# 修改文件的安全上下文
[root@localhost ~]# chcon -t httpd_sys_content_t /dadou -R
[root@localhost ~]# chcon -t httpd_sys_content_t /xiaodou/ -R
[root@localhost ~]# chcon -t httpd_sys_content_t /doudou/ -R
[root@localhost ~]# ll -Z /dadou /xiaodou /doudou
/dadou:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 6 Jul 9 13:44 index.html
/doudou:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 7 Jul 9 13:44 index.html
/xiaodou:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 8 Jul 9 13:44 index.html
6.写配置文件
[root@localhost ~]# vim /etc/httpd/conf.d/host.conf
文件内容:
<directory /dadou>
allowoverride none
require all granted
</directory>
<directory /xiaodou>
allowoverride none
require all granted
</directory>
<directory /doudou>
require all granted
</directory>
<virtualhost 192.168.166.129:80>
documentroot /dadou
servername www.dadou.com
</virtualhost>
<virtualhost 192.168.166.129:80>
documentroot /xiaodou
servername www.xiaodou.com
</virtualhost>
<virtualhost 192.168.166.129:80>
documentroot /doudou
servername www.doudou.com
</virtualhost>
重启HTTP服务
[root@localhost ~]# systemctl restart httpd
7.编写DNS区域文件
[root@localhost ~]# vim /var/named/named.dadou
$TTL 1d
@ IN SOA @ admin.dadou.com. ( 2024070903
1
1
1
1)
NS ns.dadou.com.
ns A 192.168.166.129
www A 192.168.166.129
ftp CNAME www
[root@localhost ~]# vim /var/named/named.xiaodou
$TTL 1d
@ IN SOA @ admin.xiaodou.com. ( 2024070703
1
1
1
1)
NS ns.xiaodou.com.
ns A 192.168.166.129
www A 192.168.166.129
ftp CNAME www
[root@localhost ~]# vim /var/named/named.doudou
$TTL 1d
@ IN SOA @ admin.douodu.com ( 2024070703
1
1
1
1)
NS ns.xiaodou.com.
ns A 192.168.166.129
www A 192.168.166.129
ftp CNAME www
8.编写DNS主配置文件
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { 192.168.166.129; }; # 主服务器IP地址
directory "/var/named";
};
zone "dadou.com" IN {
type master;
file "named.dadou";
};
zone "xiaodou.com" IN {
type master;
file "named.xiaodou";
};
zone "doudou.com" IN {
type master;
file "named.doudou";
};
9.测试
[root@localhost ~]# curl www.dadou.com
dadou
[root@localhost ~]# curl www.xiaodou.com
xiaodou
[root@localhost ~]# curl www.doudou.com
doudou
三、从服务器
1.下载HTTP服务,DNS服务
[root@localhost ~]# yum install -y httpd bind
2.开启防火墙,放行服务
[root@localhost ~]# systemctl start firewalld.service
[root@localhost ~]# firewall-cmd --add-service=http
success
[root@localhost ~]# firewall-cmd --add-service=https
success
[root@localhost ~]# firewall-cmd --add-service=dns
success
3.创建HTTP服务访问文件夹
[root@localhost ~]# mkdir /3031 /3032 /3033
4.输入重定向
[root@localhost ~]# echo 3031 > /3031/index.html
[root@localhost ~]# echo 3032 > /3032/index.html
[root@localhost ~]# echo 3033 > /3033/index.html
5.HTTP策略添加开放端口
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 3031
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 3032
[root@localhost ~]# semanage port -a -t http_port_t -p tcp 3033
# 查看selinux针对http的策略开放的端口
[root@localhost ~]# semanage port -l | grep http_port_t
http_port_t tcp 3033, 3032, 3031, 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
6.查看并修改文件标签
[root@localhost ~]# ll -Z /3031
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:default_t:s0 5 Jul 9 15:36 index.html
[root@localhost ~]# ll -Z /3031 /3032 /3033
/3031:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:default_t:s0 5 Jul 9 15:36 index.html
/3032:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:default_t:s0 5 Jul 9 15:36 index.html
/3033:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:default_t:s0 5 Jul 9 15:36 index.html
# 修改文件的安全上下文
[root@localhost ~]# chcon -t httpd_sys_content_t /3031 -R
[root@localhost ~]# chcon -t httpd_sys_content_t /3032 -R
[root@localhost ~]# chcon -t httpd_sys_content_t /3033 -R
[root@localhost ~]# ll -Z /3031 /3032 /3033
/3031:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 5 Jul 9 15:36 index.html
/3032:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 5 Jul 9 15:36 index.html
/3033:
total 4
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 5 Jul 9 15:36 index.html
7.配置HTTP服务配置文件
[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf
文件内容:
<directory /3031>
allowoverride none
require all granted
</directory>
<directory /3032>
allowoverride none
require all granted
</directory>
<directory /3033>
allowoverride none
require all granted
</directory>
listen 3031
listen 3032
listen 3032
<virtualhost 192.168.166.130:3031>
documentroot /3031
servername 192.168.166.130
</virtualhost>
<virtualhost 192.168.166.130:3032>
documentroot /3032
servername 192.168.166.130
</virtualhost>
<virtualhost 192.168.166.130:3033>
documentroot /3033
servername 192.168.166.130
</virtualhost>
重启HTTP服务
[root@localhost ~]# systemctl restart httpd
查看端口开放
[root@localhost ~]# netstat -lntup | grep httpd
tcp6 0 0 :::3031 :::* LISTEN 34474/httpd
tcp6 0 0 :::3032 :::* LISTEN 34474/httpd
tcp6 0 0 :::3033 :::* LISTEN 34474/httpd
tcp6 0 0 :::80 :::* LISTEN 34474/httpd
8.局部测试
开启防火墙和SELinux时,访问HTTP服务
[root@localhost ~]# curl 192.168.166.130:3031
3031
[root@localhost ~]# curl 192.168.166.130:3032
3032
[root@localhost ~]# curl 192.168.166.130:3033
3033
9.编写DNS主配置文件
options {
listen-on port 53 { 192.168.166.130; };
directory "/var/named";
};
zone "dadou.com" IN {
type slave;
masters { 192.168.166.129; };
file "slaves/named.dadou";
};
zone "xiaodou.com" IN {
type slave;
masters { 192.168.166.129; };
file "slaves/named.xiaodou";
};
zone "doudou.com" IN {
type slave;
masters { 192.168.166.129; };
file "slaves/named.doudou";
};
10.测试
访问主服务器的域名
[root@localhost ~]# curl www.dadou.com
dadou
[root@localhost ~]# curl www.xiaodou.com
xiaodou
[root@localhost ~]# curl www.doudou.com
doudou