Sonatype Nexus 3 最低运行环境要求:
Minimum CPUs: 4 Recommended CPUs: 8+ Host Physical/RAM Minimum ( default ) 4GB
安装JDK 1.8环境
查看Java版本信息
访问Sonatype Nexus下载页面
选择对应操作系统版本点击下载
解压缩文件到指定路径
进入安装目录
进入可执行程序bin目录
快捷键:Shift+鼠标右键,在此处打开命令窗口
注册nexus为系统服务
确认服务注册成功
启动nexu服务并查看运行状态
使用浏览器访问Web管理控制台
首次登录的初始密码设置
安装JDK
[root@iZj6cehstgjoj3qav88fidZ ~]# yum -y install jdk-8u211-linux-x64.rpm
查看JDK版本信息
[root@iZj6cehstgjoj3qav88fidZ ~]# java -version java version "1.8.0_211" Java(TM) SE Runtime Environment (build 1.8.0_211-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode) [root@iZj6cehstgjoj3qav88fidZ ~]#
下载Nexus二进制包
[root@iZj6cehstgjoj3qav88fidZ ~]# wget https://download.sonatype.com/nexus/oss/nexus-latest-bundle.tar.gz --2019-06-25 18:44:20-- https://download.sonatype.com/nexus/oss/nexus-latest-bundle.tar.gz Resolving download.sonatype.com (download.sonatype.com)... 34.206.81.156, 35.168.192.73 Connecting to download.sonatype.com (download.sonatype.com)|34.206.81.156|:443... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/oss/nexus-2.14.13-01-bundle.tar.gz [following] --2019-06-25 18:44:21-- https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/oss/nexus-2.14.13-01-bundle.tar.gz Resolving sonatype-download.global.ssl.fastly.net (sonatype-download.global.ssl.fastly.net)... 151.101.77.194 Connecting to sonatype-download.global.ssl.fastly.net (sonatype-download.global.ssl.fastly.net)|151.101.77.194|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 82396385 (79M) [application/x-gzip] Saving to: ‘nexus-latest-bundle.tar.gz’ 100%[=======================================================================================================================================================>] 82,396,385 12.2MB/s in 5.4s 2019-06-25 18:44:27 (14.5 MB/s) - ‘nexus-latest-bundle.tar.gz’ saved [82396385/82396385] [root@iZj6cehstgjoj3qav88fidZ ~]#
解压缩文件
[root@iZj6cehstgjoj3qav88fidZ ~]# mkdir -p /usr/local/nexus [root@iZj6cehstgjoj3qav88fidZ ~]# tar xzf nexus-latest-bundle.tar.gz -C /usr/local/nexus/ [root@iZj6cehstgjoj3qav88fidZ ~]# ls /usr/local/nexus/ nexus-2.14.13-01 sonatype-work [root@iZj6cehstgjoj3qav88fidZ ~]#
添加用户并修改目录所有权限
[root@iZj6cehstgjoj3qav88fidZ ~]# useradd nexus [root@iZj6cehstgjoj3qav88fidZ ~]# chown -R nexus.nexus /usr/local/nexus/ [root@iZj6cehstgjoj3qav88fidZ ~]#
切换用户并进入Nexus可执行程序目录
[root@iZj6cehstgjoj3qav88fidZ ~]# su - nexus Last login: Tue Jun 25 18:36:38 CST 2019 on pts/1 [nexus@iZj6cehstgjoj3qav88fidZ ~]$ cd /usr/local/nexus/nexus-2.14.13-01/bin/ [nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus --help Usage: ./nexus { console | start | stop | restart | status | dump } [nexus@iZj6cehstgjoj3qav88fidZ bin]$
启动服务并查看服务运行状态
[nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus start Starting Nexus OSS... Started Nexus OSS. [nexus@iZj6cehstgjoj3qav88fidZ bin]$ [nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus status Nexus OSS is running (14829). [nexus@iZj6cehstgjoj3qav88fidZ bin]$
查看监听
使用浏览器访问Nexus控制台服务
实验环境
10.4.7.234 ns1.hostname.com 10.4.7.235 ns2.hostname.com 10.4.7.236 client.hostname.com
设置主机名(10.4.7.234)
[root@iZj6c1pigvpz2jl6zy1cgbZ ~]# hostnamectl set-hostname ns1.hostname.com [root@iZj6c1pigvpz2jl6zy1cgbZ ~]# exit logout [root@ns1 ~]# hostname ns1.hostname.com [root@ns1 ~]# ping -c 4 ns1.hostname.com PING ns1.hostname.com (10.4.7.234) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=1 ttl=64 time=0.011 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=2 ttl=64 time=0.025 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=3 ttl=64 time=0.026 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=4 ttl=64 time=0.027 ms --- ns1.hostname.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.011/0.022/0.027/0.007 ms [root@ns1 ~]#
设置主机名(10.4.7.235)
[root@iZj6c1pigvpz2jl6zy1cgaZ ~]# hostnamectl set-hostname ns2.hostname.com [root@iZj6c1pigvpz2jl6zy1cgaZ ~]# exit logout [root@ns2 ~]# hostname ns2.hostname.com [root@ns2 ~]# ping -c 4 ns2.hostname.com PING ns2.hostname.com (10.4.7.235) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=1 ttl=64 time=0.014 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=3 ttl=64 time=0.027 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=4 ttl=64 time=0.028 ms --- ns2.hostname.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.014/0.024/0.028/0.006 ms [root@ns2 ~]#
设置主机名(10.4.7.236)
[root@iZj6c1pigvpz2jl6zy1cgcZ ~]# hostnamectl set-hostname client.hostname.com [root@iZj6c1pigvpz2jl6zy1cgcZ ~]# exit logout [root@client ~]# hostname client.hostname.com [root@client ~]# ping -c 4 client.hostname.com PING client.hostname.com (10.4.7.236) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=1 ttl=64 time=0.013 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=3 ttl=64 time=0.028 ms 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=4 ttl=64 time=0.026 ms --- client.hostname.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.013/0.023/0.028/0.008 ms [root@client ~]#
安装bind及bind-utils软件包
[root@ns1 ~]# yum -y install bind bind-utils [root@ns2 ~]# yum -y install bind bind-utils [root@client ~]# yum -y install bind-utils
修改主DNS服务器的主配置文件
[root@ns1 ~]# vi /etc/named.conf 修改以下行内容 13 listen-on port 53 { 10.4.7.234; }; 21 allow-query { any; }; 35 dnssec-enable no; 36 dnssec-validation no; 添加以下内容 allow-transfer { 10.4.7.235; }; allow-notify { 10.4.7.235; };
新增区域配置
[root@ns1 ~]# vi /etc/named.rfc1912.zones zone "hostname.com" IN { type master; file "hostname.com.zone"; allow-update { none; }; };
创建区域配置文件
[root@ns1 ~]# vi /var/named/hostname.com.zone $TTL 600 ; 10 minutes @ IN SOA ns1.hostname.com. hostmaster.hostname.com. ( 20190001 ; serial number 10800 ; refresh time (3 hours) 900 ; retry time (15 minutes) 604800 ; expire time (1 week) 86400 ; minimum (1 day) ) NS ns1.hostname.com. NS ns2.hostname.com. $ORIGIN hostname.com. $TTL 60 ; 1 minute ns1 A 10.4.7.234 ns2 A 10.4.7.235 client A 10.4.7.236
检查配置信息
[root@ns1 ~]# named-checkconf [root@ns1 ~]# named-checkzone hostname.com. /var/named/hostname.com.zone zone hostname.com/IN: loaded serial 20190001 OK [root@ns1 ~]#
重启服务并查看监听和验证解析
配置从DNS服务器
修改从DNS服务器的主配置文件
[root@ns2 ~]# vi /etc/named.conf 修改客户机DNS配置 13 listen-on port 53 { 10.4.7.235; }; 21 allow-query { any; }; 35 dnssec-enable no; 36 dnssec-validation no; 增加 masterfile-format text;
添加区域配置
[root@ns2 ~]# vi /etc/named.rfc1912.zones zone "hostname.com" IN { type slave; masters { 10.4.7.234; }; file "slaves/hostname.com.zone"; };
检查配置启动服务
[root@ns2 ~]# named-checkconf [root@ns2 ~]# systemctl enable named Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. [root@ns2 ~]# systemctl start named [root@ns2 ~]#
查看端口监听
检查完全区域传送信息及查看本地已同步的区域配置文件
验证解析
客户机配置
Ping 客户机本机及两台DNS主机的域名,默认只有本机响应
[root@client ~]# ping -c 1 client.hostname.com PING client.hostname.com (10.4.7.236) 56(84) bytes of data. 64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=1 ttl=64 time=0.011 ms --- client.hostname.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.011/0.011/0.011/0.000 ms [root@client ~]# ping -c 1 ns1.hostname.com ping: ns1.hostname.com: Name or service not known [root@client ~]# ping -c 1 ns2.hostname.com ping: ns2.hostname.com: Name or service not known [root@client ~]#
查看当前主机DNS配置
[root@client ~]# cat /etc/resolv.conf options timeout:2 attempts:3 rotate single-request-reopen ; generated by /usr/sbin/dhclient-script nameserver 100.100.2.136 nameserver 100.100.2.138 [root@client ~]#
修改DNS
[root@client ~]# vi /etc/resolv.conf options timeout:2 attempts:3 rotate single-request-reopen ; generated by /usr/sbin/dhclient-script #nameserver 100.100.2.136 #nameserver 100.100.2.138 nameserver 10.4.7.234 nameserver 10.4.7.235
再次ping两台DNS服务器的主机名,及使用nslookup查询,主辅DNS均能够响应客户端查询
查看当前系统版本
[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@iZj6cehstgjoj3qav88fidZ ~]#
查看bind软件包信息
[root@iZj6cehstgjoj3qav88fidZ ~]# yum info bind Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Available Packages Name : bind Arch : x86_64 Epoch : 32 Version : 9.9.4 Release : 73.el7_6 Size : 1.8 M Repo : updates/7/x86_64 Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server URL : http://www.isc.org/products/BIND/ License : ISC Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS : (Domain Name System) protocols. BIND includes a DNS server (named), : which resolves host names to IP addresses; a resolver library : (routines for applications to use when interfacing with DNS); and : tools for verifying that the DNS server is operating properly. [root@iZj6cehstgjoj3qav88fidZ ~]#
使用yum安装bind及依赖包
[root@iZj6cehstgjoj3qav88fidZ ~]# yum install bind
安装清单
Installed: bind.x86_64 32:9.9.4-73.el7_6 Dependency Installed: audit-libs-python.x86_64 0:2.8.4-4.el7 bind-libs.x86_64 32:9.9.4-73.el7_6 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7 libsemanage-python.x86_64 0:2.5-14.el7 policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7
注册服务及启动服务
[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl enable named Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service. [root@iZj6cehstgjoj3qav88fidZ ~]# systemctl start named [root@iZj6cehstgjoj3qav88fidZ ~]#
查看端口监听
查看主配置文件
[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
查看当前主机DNS配置
[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/resolv.conf options timeout:2 attempts:3 rotate single-request-reopen ; generated by /usr/sbin/dhclient-script nameserver 100.100.2.136 nameserver 100.100.2.138 search localdomain [root@iZj6cehstgjoj3qav88fidZ ~]#
安装域名解析提示工具包
[root@iZj6cehstgjoj3qav88fidZ ~]# yum install bind-utils
查看软件版路径及文件
[root@iZj6cehstgjoj3qav88fidZ ~]# rpm -lq bind-utils /etc/trusted-key.key /usr/bin/dig /usr/bin/host /usr/bin/nslookup /usr/bin/nsupdate /usr/share/man/man1/dig.1.gz /usr/share/man/man1/host.1.gz /usr/share/man/man1/nslookup.1.gz /usr/share/man/man1/nsupdate.1.gz [root@iZj6cehstgjoj3qav88fidZ ~]#
修改本机DNS为当前DNS服务器并尝试域名解析操作
[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/resolv.conf options timeout:2 attempts:3 rotate single-request-reopen ; generated by /usr/sbin/dhclient-script #nameserver 100.100.2.136 #nameserver 100.100.2.138 nameserver 127.0.0.1 search localdomain
使用nslookup命令及ping命令检查域名递归(缓存)DNS配置生效情况
为内网主机配置正向解析和反向解析
查看默认的区域配置文件
// named.rfc1912.zones: // // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; };
添加自定义区域配置
[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.rfc1912.zones zone "ns-zone.com" IN { type master; file "ns-zone.com.zone"; allow-update { none; }; };
创建自定义区域配置文件
[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/ns-zone.com.zone $TTL 600 ; 10 minutes @ IN SOA ns1.ns-zone.com. hostmaster.ns-zone.com. ( 20190001 ; serial number 10800 ; refresh time (3 hours) 900 ; retry time (15 minutes) 604800 ; expire time (1 week) 86400 ; minimum (1 day) ) NS ns1.ns-zone.com. $ORIGIN ns-zone.com. $TTL 60 ; 1 minute ns1 A 10.22.105.60 www A 10.22.105.60
修改区域配置文件属性
检查主配置文件和自定义区域配置文件
[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkconf [root@iZj6cehstgjoj3qav88fidZ ~]# [root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/ns-zone.com.zone [root@iZj6cehstgjoj3qav88fidZ ~]# named-checkzone ns-zone.com. /var/named/ns-zone.com.zone zone ns-zone.com/IN: loaded serial 20190001 OK [root@iZj6cehstgjoj3qav88fidZ ~]#
重启bind服务并验证新增加的正向解析
[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl restart named [root@iZj6cehstgjoj3qav88fidZ ~]# nslookup ns1.ns-zone.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: ns1.ns-zone.com Address: 10.22.105.60 [root@iZj6cehstgjoj3qav88fidZ ~]# nslookup www.ns-zone.com Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.ns-zone.com Address: 10.22.105.60 [root@iZj6cehstgjoj3qav88fidZ ~]#
使用dig命令查看NS记录
反向解析
增加区域配置
[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.rfc1912.zones zone "105.22.10.in-addr.arpa" IN { type master; file "105.22.10.in-addr.arpa.zone"; allow-update { none; }; };
增加自定义区域配置文件
[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/105.22.10.in-addr.arpa.zone $TTL 600 ; 10 minutes @ IN SOA ns1.ns-zone.com. hostmaster.ns-zone.com. ( 20190001 ; serial number 10800 ; refresh time (3 hours) 900 ; retry time (15 minutes) 604800 ; expire time (1 week) 86400 ; minimum (1 day) ) NS ns1.ns-zone.com. $ORIGIN 105.22.10.in-addr.arpa. $TTL 60 ; 1 minute 60 PTR ns1.ns-zone.com.
检查主配置文件和自定义区域配置文件
[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkconf [root@iZj6cehstgjoj3qav88fidZ ~]# [root@iZj6cehstgjoj3qav88fidZ ~]# named-checkzone 105.22.10.in-addr.arpa. /var/named/105.22.10.in-addr.arpa.zone zone 105.22.10.in-addr.arpa/IN: loaded serial 20190001 OK [root@iZj6cehstgjoj3qav88fidZ ~]#
验证反向解析