简言

在政府,医院等单位有网络安全要求,对内外网进行物理隔离,然后内网主机无法访问互联网下载安装包,通过Nginx反向代理搭建本地yum服务器实现内网主机安装包下载。

Centos8.2部署Nginx Server

系统版本

1
2
[root@yum-server ~]# cat  /etc/redhat-release 
CentOS Linux release 8.2.2004 (Core)

配置Nginx源

1
2
3
进入到源文件路径中,新建nginx.repo
cd /etc/yum.repos.d/
mkdir nginx.repo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 cat nginx.repo 
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

安装Nginx

1
dnf install nginx

查看nginx软件包信息

Nginx配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
cd /etc/nginx/conf.d/
新建default.conf
server {
    listen       1888;
    location /software/ {
        root   /mnt/nginx;
        autoindex on;
        autoindex_exact_size off;
        autoindex_localtime on;
        charset utf-8,gbk,gb2312;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /mnt/nginx;
    }
     location /centos/ {
         proxy_pass http://mirrors.aliyun.com/centos/;
     }
     location /zabbix/ {
         proxy_pass http://mirrors.aliyun.com/zabbix/;
     }
     location = /nginx_status {
        stub_status on;
        access_log /var/log/nginx/status.log;
        allow 127.0.0.1;
        deny all;
     }
}

注释

1
2
3
4
>autoindex on;  # 开启目录文件列表
>autoindex_exact_size on;  # 显示出文件的确切大小,单位是bytes
>autoindex_localtime on;  # 显示的文件时间为文件的服务器时间
>charset utf-8,gbk,gb2312;  # 避免中文乱码

防火墙配置

1
2
>firewall-cmd    --add-port=1888/tcp --permanent
>firewall-cmd    --reload

目录访问测试

内网主机修改repo文件

修改CentOS-Base.repo文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
[base]
name=CentOS-$releasever - Base - 192.168.21.32:1888
baseurl=http://192.168.21.32:1888/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://192.168.21.32:1888/centos/RPM-GPG-KEY-CentOS-7

#released updates 
[updates]
name=CentOS-$releasever - Updates - 192.168.21.32:1888
baseurl=http://192.168.21.32:1888/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://192.168.21.32:1888/centos/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - 192.168.21.32:1888
baseurl=http://192.168.21.32:1888/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://192.168.21.32:1888/centos/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - 192.168.21.32:1888
baseurl=http://192.168.21.32:1888/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://192.168.21.32:1888/centos/RPM-GPG-KEY-CentOS-7

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - 192.168.21.32:1888
baseurl=http://192.168.21.32:1888/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://192.168.21.32:1888/centos/RPM-GPG-KEY-CentOS-7

zabbix.repo

1
2
3
4
5
6
7
8
9
10
11
12
13
14
cat zabbix.repo 
[zabbix]
name=Zabbix Official Repository - $basearch
baseurl=http://192.168.21.32:1888/zabbix/zabbix/4.2/rhel/7/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://192.168.21.32:1888/zabbix/RPM-GPG-KEY-ZABBIX-A14FE591

[zabbix-non-supported]
name=Zabbix Official Repository non-supported - $basearch 
baseurl=http://192.168.21.32:1888/zabbix/non-supported/rhel/7/$basearch/
enabled=1
gpgkey=http://192.168.21.32:1888/zabbix/RPM-GPG-KEY-ZABBIX
gpgcheck=1

清除缓存

1
yum clean all

生成缓存

1
yum makecache

查看rpm

1
yum list

yum 测试