6月 122019
 

Sonatype Nexus 3 最低运行环境要求:

Minimum CPUs: 4
Recommended CPUs: 8+
Host Physical/RAM Minimum ( default ) 4GB

安装JDK 1.8环境

查看Java版本信息

访问Sonatype Nexus下载页面

 选择对应操作系统版本点击下载

解压缩文件到指定路径

进入安装目录

进入可执行程序bin目录

快捷键:Shift+鼠标右键,在此处打开命令窗口

注册nexus为系统服务

确认服务注册成功

启动nexu服务并查看运行状态

使用浏览器访问Web管理控制台

首次登录的初始密码设置

6月 112019
 

安装JDK

[root@iZj6cehstgjoj3qav88fidZ ~]# yum -y install jdk-8u211-linux-x64.rpm

查看JDK版本信息

[root@iZj6cehstgjoj3qav88fidZ ~]# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
[root@iZj6cehstgjoj3qav88fidZ ~]#

下载Nexus二进制包

[root@iZj6cehstgjoj3qav88fidZ ~]# wget https://download.sonatype.com/nexus/oss/nexus-latest-bundle.tar.gz
--2019-06-25 18:44:20-- https://download.sonatype.com/nexus/oss/nexus-latest-bundle.tar.gz
Resolving download.sonatype.com (download.sonatype.com)... 34.206.81.156, 35.168.192.73
Connecting to download.sonatype.com (download.sonatype.com)|34.206.81.156|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/oss/nexus-2.14.13-01-bundle.tar.gz [following]
--2019-06-25 18:44:21-- https://sonatype-download.global.ssl.fastly.net/repository/repositoryManager/oss/nexus-2.14.13-01-bundle.tar.gz
Resolving sonatype-download.global.ssl.fastly.net (sonatype-download.global.ssl.fastly.net)... 151.101.77.194
Connecting to sonatype-download.global.ssl.fastly.net (sonatype-download.global.ssl.fastly.net)|151.101.77.194|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 82396385 (79M) [application/x-gzip]
Saving to: ‘nexus-latest-bundle.tar.gz’

100%[=======================================================================================================================================================>] 82,396,385 12.2MB/s in 5.4s

2019-06-25 18:44:27 (14.5 MB/s) - ‘nexus-latest-bundle.tar.gz’ saved [82396385/82396385]

[root@iZj6cehstgjoj3qav88fidZ ~]#

解压缩文件

[root@iZj6cehstgjoj3qav88fidZ ~]# mkdir -p /usr/local/nexus
[root@iZj6cehstgjoj3qav88fidZ ~]# tar xzf nexus-latest-bundle.tar.gz -C /usr/local/nexus/
[root@iZj6cehstgjoj3qav88fidZ ~]# ls /usr/local/nexus/
nexus-2.14.13-01 sonatype-work
[root@iZj6cehstgjoj3qav88fidZ ~]#

添加用户并修改目录所有权限

[root@iZj6cehstgjoj3qav88fidZ ~]# useradd nexus
[root@iZj6cehstgjoj3qav88fidZ ~]# chown -R nexus.nexus /usr/local/nexus/
[root@iZj6cehstgjoj3qav88fidZ ~]#

切换用户并进入Nexus可执行程序目录

[root@iZj6cehstgjoj3qav88fidZ ~]# su - nexus
Last login: Tue Jun 25 18:36:38 CST 2019 on pts/1
[nexus@iZj6cehstgjoj3qav88fidZ ~]$ cd /usr/local/nexus/nexus-2.14.13-01/bin/
[nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus --help
Usage: ./nexus { console | start | stop | restart | status | dump }
[nexus@iZj6cehstgjoj3qav88fidZ bin]$

启动服务并查看服务运行状态

[nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus start
Starting Nexus OSS...
Started Nexus OSS.
[nexus@iZj6cehstgjoj3qav88fidZ bin]$

[nexus@iZj6cehstgjoj3qav88fidZ bin]$ ./nexus status
Nexus OSS is running (14829).
[nexus@iZj6cehstgjoj3qav88fidZ bin]$

查看监听

使用浏览器访问Nexus控制台服务

6月 062019
 

实验环境

10.4.7.234 ns1.hostname.com
10.4.7.235 ns2.hostname.com
10.4.7.236 client.hostname.com

设置主机名(10.4.7.234)

[root@iZj6c1pigvpz2jl6zy1cgbZ ~]# hostnamectl set-hostname ns1.hostname.com
[root@iZj6c1pigvpz2jl6zy1cgbZ ~]# exit
logout

[root@ns1 ~]# hostname 
ns1.hostname.com
[root@ns1 ~]# ping -c 4 ns1.hostname.com
PING ns1.hostname.com (10.4.7.234) 56(84) bytes of data.
64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=1 ttl=64 time=0.011 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=2 ttl=64 time=0.025 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=3 ttl=64 time=0.026 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgbZ (10.4.7.234): icmp_seq=4 ttl=64 time=0.027 ms

--- ns1.hostname.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.011/0.022/0.027/0.007 ms
[root@ns1 ~]#

设置主机名(10.4.7.235)

[root@iZj6c1pigvpz2jl6zy1cgaZ ~]# hostnamectl set-hostname ns2.hostname.com
[root@iZj6c1pigvpz2jl6zy1cgaZ ~]# exit
logout

[root@ns2 ~]# hostname
ns2.hostname.com
[root@ns2 ~]# ping -c 4 ns2.hostname.com
PING ns2.hostname.com (10.4.7.235) 56(84) bytes of data.
64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=1 ttl=64 time=0.014 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=2 ttl=64 time=0.028 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=3 ttl=64 time=0.027 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgaZ (10.4.7.235): icmp_seq=4 ttl=64 time=0.028 ms

--- ns2.hostname.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.014/0.024/0.028/0.006 ms
[root@ns2 ~]#

设置主机名(10.4.7.236)

[root@iZj6c1pigvpz2jl6zy1cgcZ ~]# hostnamectl set-hostname client.hostname.com
[root@iZj6c1pigvpz2jl6zy1cgcZ ~]# exit
logout

[root@client ~]# hostname
client.hostname.com
[root@client ~]# ping -c 4 client.hostname.com
PING client.hostname.com (10.4.7.236) 56(84) bytes of data.
64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=1 ttl=64 time=0.013 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=2 ttl=64 time=0.028 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=3 ttl=64 time=0.028 ms
64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=4 ttl=64 time=0.026 ms

--- client.hostname.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.013/0.023/0.028/0.008 ms
[root@client ~]#

安装bind及bind-utils软件包

[root@ns1 ~]# yum -y install bind bind-utils
[root@ns2 ~]# yum -y install bind bind-utils
[root@client ~]# yum -y install bind-utils

修改主DNS服务器的主配置文件

[root@ns1 ~]# vi /etc/named.conf
修改以下行内容
13 listen-on port 53 { 10.4.7.234; };
21 allow-query { any; };
35 dnssec-enable no;
36 dnssec-validation no;
添加以下内容
allow-transfer { 10.4.7.235; };
allow-notify { 10.4.7.235; };

新增区域配置

[root@ns1 ~]# vi /etc/named.rfc1912.zones 
zone "hostname.com" IN {
type master;
file "hostname.com.zone";
allow-update { none; };
};

创建区域配置文件

[root@ns1 ~]# vi /var/named/hostname.com.zone
$TTL 600 ; 10 minutes
@ IN SOA ns1.hostname.com. hostmaster.hostname.com. (
20190001 ; serial number
10800 ; refresh time (3 hours)
900 ; retry time (15 minutes)
604800 ; expire time (1 week)
86400 ; minimum (1 day)
)
NS ns1.hostname.com.
NS ns2.hostname.com.
$ORIGIN hostname.com.
$TTL 60 ; 1 minute
ns1 A 10.4.7.234
ns2 A 10.4.7.235
client A 10.4.7.236

检查配置信息

[root@ns1 ~]# named-checkconf 
[root@ns1 ~]# named-checkzone hostname.com. /var/named/hostname.com.zone 
zone hostname.com/IN: loaded serial 20190001
OK
[root@ns1 ~]#

重启服务并查看监听和验证解析

配置从DNS服务器

修改从DNS服务器的主配置文件

[root@ns2 ~]# vi /etc/named.conf
修改客户机DNS配置
13 listen-on port 53 { 10.4.7.235; };
21 allow-query { any; };
35 dnssec-enable no;
36 dnssec-validation no;
增加
masterfile-format text;

添加区域配置

[root@ns2 ~]# vi /etc/named.rfc1912.zones
zone "hostname.com" IN {
type slave;
masters { 10.4.7.234; };
file "slaves/hostname.com.zone";
};

检查配置启动服务

[root@ns2 ~]# named-checkconf 
[root@ns2 ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@ns2 ~]# systemctl start named
[root@ns2 ~]#

查看端口监听

检查完全区域传送信息及查看本地已同步的区域配置文件

验证解析

客户机配置

Ping 客户机本机及两台DNS主机的域名,默认只有本机响应

[root@client ~]# ping -c 1 client.hostname.com
PING client.hostname.com (10.4.7.236) 56(84) bytes of data.
64 bytes from iZj6c1pigvpz2jl6zy1cgcZ (10.4.7.236): icmp_seq=1 ttl=64 time=0.011 ms

--- client.hostname.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.011/0.011/0.011/0.000 ms
[root@client ~]# ping -c 1 ns1.hostname.com
ping: ns1.hostname.com: Name or service not known
[root@client ~]# ping -c 1 ns2.hostname.com
ping: ns2.hostname.com: Name or service not known
[root@client ~]# 

查看当前主机DNS配置

[root@client ~]# cat /etc/resolv.conf 
options timeout:2 attempts:3 rotate single-request-reopen
; generated by /usr/sbin/dhclient-script
nameserver 100.100.2.136
nameserver 100.100.2.138
[root@client ~]#

修改DNS

[root@client ~]# vi /etc/resolv.conf
options timeout:2 attempts:3 rotate single-request-reopen
; generated by /usr/sbin/dhclient-script
#nameserver 100.100.2.136
#nameserver 100.100.2.138
nameserver 10.4.7.234
nameserver 10.4.7.235

再次ping两台DNS服务器的主机名,及使用nslookup查询,主辅DNS均能够响应客户端查询

6月 032019
 

查看当前系统版本

[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[root@iZj6cehstgjoj3qav88fidZ ~]#

查看bind软件包信息

[root@iZj6cehstgjoj3qav88fidZ ~]# yum info bind
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Available Packages
Name : bind
Arch : x86_64
Epoch : 32
Version : 9.9.4
Release : 73.el7_6
Size : 1.8 M
Repo : updates/7/x86_64
Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
URL : http://www.isc.org/products/BIND/
License : ISC
Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS
: (Domain Name System) protocols. BIND includes a DNS server (named),
: which resolves host names to IP addresses; a resolver library
: (routines for applications to use when interfacing with DNS); and
: tools for verifying that the DNS server is operating properly.

[root@iZj6cehstgjoj3qav88fidZ ~]#

使用yum安装bind及依赖包

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install bind

安装清单

Installed:
bind.x86_64 32:9.9.4-73.el7_6

Dependency Installed:
audit-libs-python.x86_64 0:2.8.4-4.el7 bind-libs.x86_64 32:9.9.4-73.el7_6 checkpolicy.x86_64 0:2.5-8.el7 libcgroup.x86_64 0:0.41-20.el7 libsemanage-python.x86_64 0:2.5-14.el7 
policycoreutils-python.x86_64 0:2.5-29.el7_6.1 python-IPy.noarch 0:0.75-6.el7 python-ply.noarch 0:3.4-11.el7 setools-libs.x86_64 0:3.3.8-4.el7

注册服务及启动服务

[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl enable named
Created symlink from /etc/systemd/system/multi-user.target.wants/named.service to /usr/lib/systemd/system/named.service.
[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl start named
[root@iZj6cehstgjoj3qav88fidZ ~]#

查看端口监听

查看主配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;

dnssec-enable yes;
dnssec-validation yes;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

查看当前主机DNS配置

[root@iZj6cehstgjoj3qav88fidZ ~]# cat /etc/resolv.conf 
options timeout:2 attempts:3 rotate single-request-reopen
; generated by /usr/sbin/dhclient-script
nameserver 100.100.2.136
nameserver 100.100.2.138
search localdomain
[root@iZj6cehstgjoj3qav88fidZ ~]#

安装域名解析提示工具包

[root@iZj6cehstgjoj3qav88fidZ ~]# yum install bind-utils

查看软件版路径及文件

[root@iZj6cehstgjoj3qav88fidZ ~]# rpm -lq bind-utils
/etc/trusted-key.key
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/share/man/man1/dig.1.gz
/usr/share/man/man1/host.1.gz
/usr/share/man/man1/nslookup.1.gz
/usr/share/man/man1/nsupdate.1.gz
[root@iZj6cehstgjoj3qav88fidZ ~]#

修改本机DNS为当前DNS服务器并尝试域名解析操作

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/resolv.conf 
options timeout:2 attempts:3 rotate single-request-reopen
; generated by /usr/sbin/dhclient-script
#nameserver 100.100.2.136
#nameserver 100.100.2.138
nameserver 127.0.0.1
search localdomain

使用nslookup命令及ping命令检查域名递归(缓存)DNS配置生效情况

为内网主机配置正向解析和反向解析

查看默认的区域配置文件

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};

添加自定义区域配置

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.rfc1912.zones
zone "ns-zone.com" IN {
type master;
file "ns-zone.com.zone";
allow-update { none; };
};

创建自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/ns-zone.com.zone
$TTL 600 ; 10 minutes
@ IN SOA ns1.ns-zone.com. hostmaster.ns-zone.com. (
20190001 ; serial number
10800 ; refresh time (3 hours)
900 ; retry time (15 minutes)
604800 ; expire time (1 week)
86400 ; minimum (1 day)
)
NS ns1.ns-zone.com.
$ORIGIN ns-zone.com.
$TTL 60 ; 1 minute
ns1 A 10.22.105.60
www A 10.22.105.60

修改区域配置文件属性

检查主配置文件和自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkconf 
[root@iZj6cehstgjoj3qav88fidZ ~]#

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/ns-zone.com.zone 
[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkzone ns-zone.com. /var/named/ns-zone.com.zone 
zone ns-zone.com/IN: loaded serial 20190001
OK
[root@iZj6cehstgjoj3qav88fidZ ~]#

重启bind服务并验证新增加的正向解析

[root@iZj6cehstgjoj3qav88fidZ ~]# systemctl restart named
[root@iZj6cehstgjoj3qav88fidZ ~]# nslookup ns1.ns-zone.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: ns1.ns-zone.com
Address: 10.22.105.60

[root@iZj6cehstgjoj3qav88fidZ ~]# nslookup www.ns-zone.com 
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: www.ns-zone.com
Address: 10.22.105.60

[root@iZj6cehstgjoj3qav88fidZ ~]#

使用dig命令查看NS记录

反向解析
增加区域配置

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /etc/named.rfc1912.zones 
zone "105.22.10.in-addr.arpa" IN {
type master;
file "105.22.10.in-addr.arpa.zone";
allow-update { none; };
};

增加自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# vi /var/named/105.22.10.in-addr.arpa.zone
$TTL 600 ; 10 minutes
@ IN SOA ns1.ns-zone.com. hostmaster.ns-zone.com. (
20190001 ; serial number
10800 ; refresh time (3 hours)
900 ; retry time (15 minutes)
604800 ; expire time (1 week)
86400 ; minimum (1 day)
)
NS ns1.ns-zone.com.
$ORIGIN 105.22.10.in-addr.arpa.
$TTL 60 ; 1 minute
60 PTR ns1.ns-zone.com.

检查主配置文件和自定义区域配置文件

[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkconf 
[root@iZj6cehstgjoj3qav88fidZ ~]# 

[root@iZj6cehstgjoj3qav88fidZ ~]# named-checkzone 105.22.10.in-addr.arpa. /var/named/105.22.10.in-addr.arpa.zone 
zone 105.22.10.in-addr.arpa/IN: loaded serial 20190001
OK
[root@iZj6cehstgjoj3qav88fidZ ~]#

验证反向解析