Step1:LAMP的安装与配置
安装:
yum -y install gcc gcc-c++ php php-soap php-mysqlnd php-intl php-xml php-fpm httpd openssl 注:这里需要注意的软件包有“php-mysqlnd”和“php-fpm”,使用php -i|grep Client 查询当前Client版本,要保持php client版本一致,php-mysqlnd是php-mysql的升级版本。
wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm #下载DB软件源仓库
rpm -ivh mysql57-community-release-el7-11.noarch.rpm #安装软件源
yum -y install mysql-community-server #mysql的安装
systemctl daemon-reload #
sed -i '/datadir=/s#/var/lib/mysql#/software/mysql_data#g' /etc/my.cnf
systemctl start mysqld #启动MySQL服务,由rpm -ql mysql-community-server溯源
grep 'temporary password' /var/log/mysqld.log #查看初始密码
mysql -u root -p #登录数据库系统
mysql> alter user 'root'@'localhost' identified by 'Domain@2018';
mysql> flush privileges;
mysql> SHOW GLOBAL VARIABLES LIKE 'log_timestamps';
mysql> SET GLOBAL log_timestamps = SYSTEM; #修改日志时间戳,默认为“UTC”
配置:
vim /etc/httpd/conf/httpd.conf #在AddType application/x-gzip .gz .tgz指令下添加如下内容:
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .php
DirectoryIndex index.html #添加php类型的index:
--> DirectoryIndex index.html index.php
在httpd配置文件/etc/httpd/conf/httpd.conf中有一条“Include conf.modules.d/*.conf”指令,指代的是含/etc/httpd/conf.modules.d/下的所有子配置文件,在如下文件中发现Apache已经加载了/etc/httpd/modules/libphp5.so模块。
测试:
vim /var/www/html/phpmysql2.php #添加如下内容
$link=mysql_connect("localhost","root","Domain@2018");
if(!$link) echo "FAILD!连接错误,用户名密码不对";
else echo "OK!可以连接";
?>
for srv in httpd php-fpm mysqld ;do systemctl status $srv;done
for srv in httpd php-fpm mysqld ;do systemctl is-enabled $srv;done
for srv in httpd php-fpm mysqld ;do systemctl enable $srv;done
for srv in httpd php-fpm mysqld ;do systemctl start $srv;done
curl -I http://HOST-IP/phpmysql2.php #测试访问
curl http://HOST-IP/phpmysql2.php #访问页面信息,检查php与mysql的关联
Step2:bind的安装与配置
yum -y install bind bind-libs bind-utils bind-chroot
cd /usr/share/namedmanager/
cp resources/namedmanager-www.cron /etc/cron.d/namedmanager-www #安装后自动存在
cp resources/namedmanager-bind.cron /etc/cron.d/namedmanager-bind #需手动复制
for srv in named named-chroot;do systemctl status $srv;done
for srv in named named-chroot;do systemctl is-enabled $srv;done
for srv in named named-chroot;do systemctl enable $srv;done
for srv in named named-chroot;do systemctl start $srv;done
Step3:namedmanager-bind的安装与配置
cd /etc/yum.repos.d/
wget http://repos.amberdms.com/config/centos/7/amberdms-c7-public.repo
yum makecache
yum -y install namedmanager-bind #
BIND/NAMED CONFIGURATION
NamedManager BIND components have been installed, you will need to install
and configure bind/named to use the configuration file by adding the
following to /etc/named.conf:
#
# Include NamedManager Configuration
#
include "/etc/named.namedmanager.conf";
NAMEDMANAGER BIND CONFIGURATION
You need to set the application configuration in /etc/namedmanager/config-bind.php
修改bind主配置文件/etc/named.conf,添加“include "/etc/named.namedmanager.conf";”
echo "include \"/etc/named.namedmanager.conf\";" >> /etc/named.conf #添加配置
修改bind集成配置/etc/namedmanager/config-bind.php(如api_url、api_server_name、api_auth_key、bind-zonefiledir)内容如下:
vim /etc/namedmanager/config-bind.php
//API Configuration
$config["api_url"] = "http://HOST_IP/namedmanager"; // Application Install Location
$config["api_server_name"] = "dnsmaster.example.com"; // Name of the DNS server (important: part of the authentication process)
$config["api_auth_key"] = "ultrahighsecretkey"; // API authentication key
$config["bind"]["version"] = "9"; // version of bind (currently only 9 is supported, although others may work)
$config["bind"]["reload"] = "/usr/sbin/rndc reload"; // command to reload bind config & zonefiles
$config["bind"]["config"] = "/etc/named.namedmanager.conf"; // configuration file to write bind config too
$config["bind"]["zonefiledir"] = "/var/named/chroot/var/named/"; // directory to write zonefiles too
// note: if using chroot bind, will often be /var/named/chroot/var/named/
$config["bind"]["verify_zone"] = "/usr/sbin/named-checkzone"; // Used to verify each generated zonefile as OK
$config["bind"]["verify_config"] = "/usr/sbin/named-checkconf"; // Used to verify generated NamedManager configuration
或 sed -i '/api_url/s/example.com/HOSTIP/' /etc/namedmanager/config-bind.php
sed -i '/zonefiledir/s#/var/named/#/var/named/chroot/var/named/#p' /etc/namedmanager/config-bind.php
ln /etc/named.namedmanager.conf /var/named/chroot/etc/named.namedmanager.conf #创建/etc/named.namedmanager.conf的硬链接到/var/named/chroot/etc/下
注:“如果不建立硬连接named启动时,会提示找不到“/etc/named.namedmanager.conf”。
参考资料:Linux下DNS服务(Bind9)之Web管理利器-NamedManager部署说明
https://www.cnblogs.com/kevingrace/p/8735193.html
这是因为:
bind-chroot是bind的一个功能,使bind可以在一个chroot的模式下运行。也就是说,bind运行时的/(根)目录,并不是系统真正的/(根)目录,只是系统中的一个子目录而已。
这样做的目的是为了提高安全性。因为在chroot的模式下,bind可以访问的范围仅限于这个子目录的范围里,无法进一步提升,进入到系统的其他目录中。
chroot可以改变程序运行时所参考的根目录(/)位置,即将某个特定的子目录作为程序的虚拟根目录,并且对程序运行时可以使用的系统资源,用户权限和所在目录进行严格控制,程序只在这个虚拟的根目录下具有权限,一旦跳出该目录就无任何权限。例如在centos中,/var/named/chroot实际上是根目录(/)的虚拟目录,所以虚拟目录中的/etc目录实际上是/var/named/chroot/etc目录,而/var/named目录实际上是/var/named/chroot/var/named目录。chroot功能的优点是:如果有黑客通过Bind侵入系统,也只能被限定在chroot目录及其子目录中,其破坏力也仅局限在该虚拟目录中,不会威胁到整个服务器的安全。”——简单来说,报错中的“/etc/named.namedmanager.conf”实际指代的是“/var/named/chroot/etc/named.namedmanager.conf ”。
Step4:namedmanager-www的安装与配置
yum -y install namedmanager-www
cd /usr/share/namedmanager/resources/
./autoinstall.pl #初始化数据库
Please enter MySQL root password (if any): Domain@2018
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
DBD::mysql::db do failed: Your password does not satisfy the current policy requirements at ./autoinstall.pl line 288,
DBD::mysql::db do failed: Your password does not satisfy the current policy requirements at ./autoinstall.pl line 288,
Updating configuration file...
DB installation complete!
You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
注:如上在初始化数据库的时候新建数据库用户失败,需要辅以如下步骤
mysql -u root -p #登录数据库
mysql>grant all privileges on namedmanager.* to "namedmanager"@"%"identified by "Named.2018";#新建用户并授权 或 调整现有MySQL库用户的权限
mysql>flush privileges; #刷新权限
mysql> show databases; #查看库
mysql> show grants for 'namedmanager'@'%'; #查看指定用户的权限
mysql> exit; #退出数据库
vim /etc/namedmanager/config.php #修改其中“db_pass”字段的密码为如上所设定的值
Step5:登录namedmanager并初始化配置
参考资料:CentOS7 Bind DNS Server Installation https://www.jianshu.com/p/618d2d02525d
5.1 Log into the Portal
Login the portal https://HOST_IP/namedmanager/ with setup/setup123(setup@pf).
5.2 Configure the NamedManager
Click "Configuration"
5.3 Add a domain
Path "Domains/zones -> View Domains, -> Add New Domain".
5.4.1 Add a Name Server
Path "Name Servers -> View Name Servers, -> Add Name Server".
5.4.2 Add A records for the domain
Path "Domains/zones -> View Domains", then select "devsre.com", then click "domain records" .
Add the records as you need.
5.5.1 Add Reverse records for the domain
Path "Domains/zones -> View Domains", then click "Add New Domain".
Then you will find the reverse domain in the domain list.
Then click "Domain Records". Add the reverse records for the standard domain records
5.5.2 Enable the domain records
Waiting for about 1m, or restart the "mysqld" and "named-chroot", we will get the status to be green "status_synced" (at the “Name Servers” Tab of namedmanager).
5.6 Check the dns server.
Choose one server, change the network's DNS server.
参考资料1-Stage1:
bindweb管理界面https://github.com/huangyingcai/namedweb#readme(namedmanager-*安装)
搭建WEB管理环境(NamedManager)下的DNS服务器https://www.jianshu.com/p/cde2c56a7c7b(主流程)
NamedManager安装Web管理bind9的DNS服务器http://blog.51cto.com/skypegnu1/1751511
AGPL web-based DNS management interface in PHP https://github.com/jethrocarr/namedmanager
参考资料2-StageH:
CentOS7 Bind DNS Server Installation [参考指数 *****]
https://www.jianshu.com/p/618d2d02525d
Linux下DNS服务(Bind9)之Web管理利器-NamedManager部署说明
https://www.cnblogs.com/kevingrace/p/8735193.html