Infra
온프라미스 구성

사내 인프라 구성

네임서버 구성

주소 : 172.16.64.1(supermicro)
서버정보 : 
Static hostname: luxrobo-supermicro
        Icon name: computer-server
        Chassis: server
    Machine ID: 517f9e65b67680c03d98bab059e5c0e3
        Boot ID: a1e8ab1b7e0b4dc8bb9a6152f106a8b3
Operating System: Ubuntu 16.04.6 LTS
        Kernel: Linux 4.4.0-134-generic
    Architecture: x86-64
172.16.64.2 - 시놀로지 서버(cloud.luxrobo.net)

네임서버 구성

BIND 설정

zone "luxrobo.net" IN {
  type master;
  file "/etc/bind/zones/luxrobo.net.db";
};
 
zone "64.16.172.in-addr.arpa" {
  type master;
  file "/etc/bind/zones/rev.64.16.172.in-addr.arpa";
};
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.luxrobo.net. admin.luxrobo.net. (
    11 ; Serial
    604800 ; Refresh
    86400 ; Retry
    2419200 ; Expire
    604800 ) ; Negative Cache TTL
; name servers - NS records
  IN NS ns1.luxrobo.net.
 
$ORIGIN luxrobo.net.
 
; name servers - A records
ns1 IN A 172.16.106.1
 
; 172.16.64.0/18 - A records
nginx IN A 172.16.64.5
cloud IN A 172.16.106.1
git IN A 172.16.106.1
jira IN A 172.16.106.1
confluence IN A 172.16.106.1
nexus IN A 172.16.106.1
jenkins IN A 172.16.106.1
thingsboard IN A 172.16.106.1
sourcegraph IN A 172.16.106.1
chat IN A 172.16.106.1
speedtest IN A 172.16.106.1
status IN A 172.16.106.1
netdata IN A 172.16.106.1
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA ns1.luxrobo.net. admin.luxrobo.net. (
    23 ; Serial
    604800 ; Refresh
    86400 ; Retry
    2419200 ; Expire
    604800 ) ; Negative Cache TTL
; name servers
  IN NS ns1.luxrobo.net.
 
; PTR records
1 IN PTR nginx.luxrobo.net.
sudo systemctl restart bind9
sudo systemctl status bind9

도메인 설정 테스트

  • nginx.luxrobo.net에 대해서 설정한경우 대해서
  1. route53에서 Public으로 NS설정하는곳에서 추가한다. A nginx.luxrobo.net 112.169.63.4(고정IP) or cname nginx.lurobo.net luxrobo.ddns.net
  2. 내부 온프라미스 서버의 1차 NS서버 위의 설정대로 등록한다.
  3. https 테스트를 위해서 우선 NS서버내에서 인증서와 서비스 라우팅 처리를 추가한다.
server {
  listen 80;
 
  server_name nginx.luxrobo.net;
  return 301 https://$host$request_uri;
}
 
server {
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/luxrobo.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/luxrobo.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
    server_name nginx.luxrobo.net; 
 
    client_max_body_size 512m;
 
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://172.16.64.5:80;
    }
}

을 추가하여 적용한다.

sudo systemctl restart nginx
  1. 서비스 도메인 체크 & 접속
  • VPC연결시
nslookup nginx.luxrobo.net
Server:		172.16.106.1
Address:	172.16.106.1#53
 
Name:	nginx.luxrobo.net
Address: 172.16.64.5
  • 외부연결시
nslookup nginx.luxrobo.net
Server:		168.126.63.2
Address:	168.126.63.2#53
 
Non-authoritative answer:
nginx.luxrobo.net	canonical name = luxrobo.ddns.net.
Name:	luxrobo.ddns.net
Address: 112.169.63.43

Rack server

내부 Mac Mini server 
 
- User: LuxMacMini-2 (ssh: luxrobo)
- PW: xxxxx
- MAC: 18:4A:53:06:B1:83
- IP: 172.16.64.3
- Port forwarding
    - VNC Port: 52000
    - SSH Port: 52999

KVM Switch

- Model name: ATEN CL5716M
- 초기에 username, pw 필요없이 enter로 진행
- 다시 넣을때는 좌우에 있는 흰색 스위치 한번 당긴후 넣을 것!!
IntroductionApollo Router 쿠키설정