nginx反向代理进行yum配置的步骤详解

part.0 使用背景

公司内网服务器不能直接通过Internet上网，但为了与外网通信和同步时间等，会指定那么几台服务器可以访问Internet。这里就是通过能上网的机器作为代理，制作内网使用的yum仓库。

part.1 环境

内网dns（推荐，非必须，因为可使用IP代替）

一台能上Internet的服务器A

不能上Internet的服务器能与A服务器通信

part.2 nginx安装

在可连接外网的A中安装nginx

yum install nginx

part.3 nginx配置

在主机A中添加nginx配置

$ cd /etc/nginx/conf.d$ vim proxy.conf

server {  listen 80;  #listen [::]:80;  server_name mirrors.yourdomain.com;  index index.html index.htm index.php default.html default.htm default.php;  root /home/wwwroot/html;  location /ubuntu/ {   proxy_pass http://mirrors.aliyun.com/ubuntu/ ;  }  location /centos/ {   proxy_pass http://mirrors.aliyun.com/centos/ ;  }  location /epel/ {   proxy_pass http://mirrors.aliyun.com/epel/ ;  } }

part.4 配置yum repo 源

修改无法连接外网的主机B 的repo文件。

$ cat /etc/yum.repos.d/CentOS-7.repo

[base]name=CentOS-$releasever - Base - mirrors.yourdomain.comfailovermethod=prioritybaseurl=http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/  http://mirrors.yourdomain.com/centos/$releasever/os/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=osgpgcheck=1gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#released updates [updates]name=CentOS-$releasever - Updates - mirrors.yourdomain.comfailovermethod=prioritybaseurl=http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/  http://mirrors.yourdomain.com/centos/$releasever/updates/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updatesgpgcheck=1gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that may be useful[extras]name=CentOS-$releasever - Extras - mirrors.yourdomain.comfailovermethod=prioritybaseurl=http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/  http://mirrors.yourdomain.com/centos/$releasever/extras/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extrasgpgcheck=1gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that extend functionality of existing packages[centosplus]name=CentOS-$releasever - Plus - mirrors.yourdomain.comfailovermethod=prioritybaseurl=http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/  http://mirrors.yourdomain.com/centos/$releasever/centosplus/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplusgpgcheck=1enabled=0gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7#contrib - packages by Centos Users[contrib]name=CentOS-$releasever - Contrib - mirrors.yourdomain.comfailovermethod=prioritybaseurl=http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/  http://mirrors.yourdomain.com/centos/$releasever/contrib/$basearch/#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contribgpgcheck=1enabled=0gpgkey=http://mirrors.yourdomain.com/centos/RPM-GPG-KEY-CentOS-7

part.5 配置hosts

$ cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1   localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.1.193 mirrors.yourdomain.com# 确保A 主机IP 和后面的反向代理地址

part.6 配置iptables

ping mirrors.yourdomain.com#报错 没有到主机的路由

此时查看B主机中的iptables信息，发现无法访问80，可以在最前添加一条规则。

$ iptables -nvL 8155 28M ACCEPT  all -- *  *  0.0.0.0/0   0.0.0.0/0   ctstate RELATED,ESTABLISHED 0  0 ACCEPT  all -- lo  *  0.0.0.0/0   0.0.0.0/0   11761 985K INPUT_direct all -- *  *  0.0.0.0/0   0.0.0.0/0   11761 985K INPUT_ZONES_SOURCE all -- *  *  0.0.0.0/0   0.0.0.0/0   11761 985K INPUT_ZONES all -- *  *  0.0.0.0/0   0.0.0.0/0    0  0 DROP  all -- *  *  0.0.0.0/0   0.0.0.0/0   ctstate INVALID11756 985K REJECT  all -- *  *  0.0.0.0/0   0.0.0.0/0   reject-with icmp-host-prohibited

$ iptables -I INPUT -p tcp --dport 80 -j ACCEPT

part.7 测试是否成功

在B主机中进行，yum makecache操作。来判断是否能进行yum操作。

$ yum clean all$ yum makecache

总结

以上就是这篇文章的全部内容了，希望本文的内容对大家的学习或者工作具有一定的参考学习价值，如果有疑问大家可以留言交流，谢谢大家对的支持。