Similar to Ubuntu / Raspberry Pi – Install NGINX Load Balance DNS
Some prerequisite posts to look at:
- Should Run
- Should Read/Understand
First assumption is that you either registered your server with Red Hat during/after the installation or you followed the basic process of #1.1 above.
Second assumption is that you have already ran the process in #1.2 from above to set SELinux to ‘permisive’. (#1.2 is not required but will make things initially easier to work with)
Before running the below switch to root (or login as root)
# Make sure you are running as root
if [ $(whoami) != 'root' ]; then
echo "Must be root to run $0"
exit 1;
fi
# Start and Enable SSH service - Usually not needed
systemctl start sshd.service
systemctl enable sshd.service
# Get applicable updates
subscription-manager list
subscription-manager repos > repolist.txt
cat repolist.txt | grep -i -E "extras|supplement|optional|common"
subscription-manager repos --enable=rhel-8-for-x86_64-supplementary-rpms
yum clean all
yum repolist all
yum -y update
# Set Timezone
timedatectl set-timezone America/Detroit
# If you are not sure what your timezone is run a command like this
# ls /usr/share/zoneinfo/
# ls /usr/share/zoneinfo/America/
# Install basic tools (some may already be installed by default)
yum -y install net-tools bind-utils nano wget unzip bzip2
# Install build tools - OPTIONAL
yum -y install gcc gcc-c++ kernel-devel tcl
#yum -y remove gcc gcc-c++ kernel-devel tcl
yum groupinstall 'Development Tools'
# Get current IP Address - See https://www.kittell.net/code/unix-display-network-information/
companyname="Kittell.net"
declare OSVer=$(cat /etc/redhat-release)
declare sCPU=$(grep -c ^processor /proc/cpuinfo )
# echo "CPU: $sCPU"
declare sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 | tr -d '[:space:]' | sed 's/.\{2\}$//' | awk '{$1=$1/(1024^2); print int($1+0.5),"GB";}')
if [ "$sRamGB" == "0 GB" ]; then
sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 | tr -d '[:space:]' | sed 's/.\{2\}$//' | awk '{ foo = $1 / 1024 ; print foo " MB" }')
fi
echo "Memory (RAM): $sRamGB"
declare netAdapter=$(nmcli device status | grep en | cut -d " " -f1)
if [ -z "$netAdapter" ]; then
netAdapter=$(nmcli device status | grep eth | cut -d " " -f1)
fi
declare netIP=$(/sbin/ip -o -4 addr list $netAdapter | awk '{print $4}' | cut -d/ -f1)
#declare netCIDR=$(/sbin/ip -o -4 addr list $netAdapter | cut -d ' ' -f7)
declare netMask=$(ipcalc -m $netIP | cut -d '=' -f2)
declare netCIDR=$(ipcalc -p $netIP $netMask | cut -d '=' -f2)
declare netWork=$(ipcalc -n $netIP $netMask | cut -d '=' -f2)
declare banner=$(cat <<EOF
$OSVer
CPU: $sCPU
Memory: $sRamGB
Hostname: $(hostname)
Network Information
Adapter: $netAdapter
IP: $netIP
Netmask: $netMask
CIDR: $netWork/$netCIDR
EOF
)
echo "$banner"
echo -e "$banner"|sudo tee /etc/motd
clear
cat /etc/motd
# Install Cockpit - Typically is already installed
yum install cockpit
# Verify Cockpit is in firewall list - Typically is already there
firewall-cmd --list-all
# Enable Cockpit - Optional but suggested
systemctl enable --now cockpit.socket
echo "https://${netIP}:9090/system";
# NOTE: By default Cockpit uses a self signed certificate so you will see a screen warning about a bad certificate.
# Install NginX
yum install nginx -y
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf-original
sudo sed -i "/^\s*#/d;s/\s*#[^\"']*$//" /etc/nginx/nginx.conf && sudo sed -i '/^\s*$/d' /etc/nginx/nginx.conf
declare nginx=$(cat <<EOF
stream{
server {
listen 53 udp;
listen 53; #tcp
proxy_pass dns_servers;
error_log /var/log/nginx/dns.log info;
proxy_responses 1;
proxy_timeout 1s;
}
upstream dns_servers {
zone dns_mem 64k;
# List all DNS servers
server 10.40.20.6:53 fail_timeout=10s;
server 10.40.20.5:53 fail_timeout=10s;
server 10.40.20.4:53 fail_timeout=10s;
}
}
EOF
)
echo "$nginx"
echo "$nginx" >> /etc/nginx/nginx.conf
nginx -t
systemctl stop bind.service
systemctl disable bind.service
systemctl stop dnsmasq.service
systemctl disable dnsmasq.service
sudo sed -i 's/^dns=dnsmasq/#&/' /etc/NetworkManager/NetworkManager.conf
sudo killall dnsmasq
systemctl start nginx.service
systemctl enable nginx.service
systemctl stop NetworkManager.service
#cat /etc/sysconfig/network-scripts/${netAdapter}
firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --reload
firewall-cmd --list-all
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.