局域网内部主机(无法接入外网)配置互联网镜像源

局域网某些安全域内的主机无法访问互联网,我们可以搭建一台局域网私有镜像库,但是如此即占用磁盘,还需要大量精力去维护。不如搭建中转服务器(192.168.15.110),这台中转服务器可以使用nginx、rinetd、firewalld等实现。只需要对该中转服务器放开访问互联网策略即可。我这里使用rinetd做的端口转发,并且做了源地址访问限制。

# cat /etc/rinetd.conf 
allow 192.168.16.*
allow 192.168.17.*
allow 192.168.18.*
0.0.0.0 443 mirrors.tuna.tsinghua.edu.cn 443

然后在如上16.*、17.*、18.*网段的服务器上,执行下面的脚本进行镜像库配置即可。目前,下面的脚本支持:centos6、7、8,Ubuntu trusty|xenial|bionic|focal等版本。脚本执行格式如下:

./config_mirror.sh redhat6

命令参数:redhat6、redhat7、ubuntu。centos8和centos7参数复用。ubuntu的各版本会自动检测,当检测不到时,提示用户输入:"DISTRIB_CODENAME(trusty|xenial|bionic|focal):"

#!/bin/bash
function pre_conf() {
    mkdir -p /etc/yum.repos.d/old-repo
    mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/old-repo
    cp -a /etc/yum.repos.d/old-repo/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo 
    echo "192.168.11.251 mirrors.tuna.tsinghua.edu.cn" >> /etc/hosts
}
 
function redhat_7() {
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
    -i.bak \
    /etc/yum.repos.d/CentOS-*.repo
}
function redhat_6() {
VERSION=$(cat /etc/redhat-release |tr -cd "[0-9.]");
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://mirror.centos.org|baseurl=http://mirrors.tuna.tsinghua.edu.cn|g' \
    -e 's/centos/centos-vault/g' \
    -e "s/\$releasever/$VERSION/g" \
    -i.bak \
    /etc/yum.repos.d/CentOS-*.repo	
}
 
function ubuntu() {
  echo "192.168.11.251 mirrors.tuna.tsinghua.edu.cn" >> /etc/hosts
  mv /etc/apt/sources.list{,.bak}
  touch /etc/apt/sources.list
  DISTRIB_CODENAME=$(cat /etc/lsb-release |grep '_CODENAME'|awk -F'=' '{print $2}')
  if [ ! $DISTRIB_CODENAME ];then
    read -p "DISTRIB_CODENAME(trusty|xenial|bionic|focal):" DISTRIB_CODENAME
  fi
  echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME main restricted universe multiverse" >>/etc/apt/sources.list
  echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME-updates main restricted universe multiverse" >>/etc/apt/sources.list
  echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME-backports main restricted universe multiverse" >>/etc/apt/sources.list
  echo "deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ $DISTRIB_CODENAME-security main restricted universe multiverse" >>/etc/apt/sources.list
}
 
case $1 in
      redhat7)
            echo "Config Redhat7 Mirrors"
            pre_conf
            redhat_7
            if [ $? -eq 0 ]; then
              yum clean all && yum makecache
            fi
            ;;
      redhat6)
            echo "Config Redhat6 Mirrors"
            pre_conf
            redhat_6
            if [ $? -eq 0 ]; then
              yum clean all && yum makecache
            fi
            ;;
      ubuntu)
            echo "Config Ubuntu Mirrors"
            ubuntu
            if [ $? -eq 0 ]; then
              apt update
            fi
            ;;
            *)
            echo $"Usage: $0 {redhat6|redhat7|ubuntu}"
esac

Update 2021-03-17 增加ntp服务器和epel Mirror镜像配置。 

# 只适合Redhat7及以上
function conf_ntp() {
sed -e 's|^server|#server|g' \
    -i.bak \
    /etc/chrony.conf
echo "server 192.168.15.110 iburst" >> /etc/chrony.conf
systemctl restart chronyd
sleep 10s
systemctl status chronyd |grep adjustment
}

# 只适合Redhat6及以上
function conf_epel6() {
yum -y install epel-release
sleep 1s
sed -e 's|^#baseurl=http://download.fedoraproject.org/pub|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
    -e 's/metalink/#metalink/g' \
	-i.bak \
	/etc/yum.repos.d/epel.repo
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/old-repo/
}

# 只适合RedHat5
function conf_epel5() {
if [ -z /etc/yum.repos.d/epel.repo ];then
  touch /etc/yum.repos.d/epel.repo
fi
cat >> /etc/yum.repos.d/epel.repo <> /etc/yum.repos.d/epel.repo 
#cat /etc/yum.repos.d/CentOS-Base.repo|grep RPM-GPG-KEY-CentOS|awk '{gsub(/^ *| *$/,"");print}'|uniq >> /etc/yum.repos.d/epel.repo 
}

你可能感兴趣的:(shell,镜像源,内网)