前言在企业级 Linux 运维场景中Web 服务、NFS 文件共享、DNS 域名解析是核心基础组件。本文通过双 Linux 服务器协同部署完整实现基于 NFS 共享博客资源、DNS 域名解析、LNMP 环境运行 WordPress 博客的综合项目覆盖静态 IP、主机名、防火墙、SELinux、时间同步、SSH 免密、服务配置与测试全流程适合 Linux 运维实战练习与面试项目复盘。一、项目架构与环境说明1.1 服务器规划主机 IP主机名操作系统核心服务192.168.247.141Server-WebLinuxNginx、MariaDB、PHP、NFS 客户端192.168.247.140Server-NFS-DNSLinuxNFS 服务端、DNS 服务端1.2 项目目标Server-NFS-DNS部署 NFS 共享 WordPress 资源、部署 DNS 解析www.zlybn.comServer-Web部署 LNMP 环境、挂载 NFS 共享目录、通过域名访问博客基础环境静态 IP、主机名映射、防火墙放行、时间同步、SSH 免密登录二、项目准备工作2.1 基础环境初始化2.1.1 配置静态IP地址Server-Web192.168.247.141/24[rootServer-Web ~]# nmcli c modify ens32 ipv4.method manual ipv4.addresses 192.168.247.141/24 ipv4.gateway 192.168.247.2 ipv4.dns 114.114.114.114 [rootServer-Web ~]# nmcli c reload [rootServer-Web ~]# nmcli c up ens32 连接已成功激活D-Bus 活动路径/org/freedesktop/NetworkManager/ActiveConnection/3 [rootServer-Web ~]# ip a 2: ens32: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:d3:6f:41 brd ff:ff:ff:ff:ff:ff inet 192.168.247.141/24 brd 192.168.247.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fed3:6f41/64 scope link noprefixroute valid_lft forever preferred_lft forever [rootServer-Web ~]#Server-NFS-DNS192.168.247.140/24[rootServer-NFS-DNS ~]# nmtui [rootServer-NFS-DNS ~]# nmcli c reload [rootServer-NFS-DNS ~]# nmcli c up ens32 连接已成功激活D-Bus 活动路径/org/freedesktop/NetworkManager/ActiveConnection/3 [rootServer-NFS-DNS ~]# ip a 2: ens32: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:c1:b9:36 brd ff:ff:ff:ff:ff:ff inet 192.168.247.140/24 brd 192.168.247.255 scope global noprefixroute ens32 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec1:b936/64 scope link noprefixroute valid_lft forever preferred_lft forever [rootServer-NFS-DNS ~]#2.1.2 hosts映射Server-Web[rootServer-Web ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.147.141 Server-Web 192.268.247.140 Server-NFS-DNSServer-NFS-DNS[rootServer-NFS-DNS ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.147.141 Server-Web 192.268.247.140 Server-NFS-DNS2.1.3 开启并自启防火墙#设置防火墙开启并且开机自启 [rootServer-Web ~]# systemctl enable --now firewalld Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service. Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service. #查看防火墙状态 [rootServer-Web ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2026-05-24 13:46:57 CST; 9s ago Docs: man:firewalld(1) Main PID: 2707 (firewalld) Tasks: 2 (limit: 21404) Memory: 27.3M CGroup: /system.slice/firewalld.service └─ 2707 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid 5月 24 13:46:57 Server-Web systemd[1]: Starting firewalld - dynamic firewall daemon... 5月 24 13:46:57 Server-Web systemd[1]: Started firewalld - dynamic firewall daemon.#设置防火墙开启并且开机自启 [rootServer-NFS-DNS ~]# systemctl enable --now firewalld Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service. Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service. #查看防火墙状态 [rootServer-NFS-DNS ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2026-05-24 13:47:24 CST; 8s ago Docs: man:firewalld(1) Main PID: 5711 (firewalld) Tasks: 2 (limit: 8933) Memory: 27.1M CGroup: /system.slice/firewalld.service └─ 5711 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid 5月 24 13:47:24 Server-NFS-DNS systemd[1]: Starting firewalld - dynamic firewall daemon... 5月 24 13:47:24 Server-NFS-DNS systemd[1]: Started firewalld - dynamic firewall daemon.2.1.4 时间同步方法一只更改配置文件中第三行[rootServer-Web ~]# vim /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (https://www.pool.ntp.org/join.html). server ntp.aliyun.com iburst # Use NTP servers from DHCP. sourcedir /run/chrony-dhcp # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 # Serve time even if not synchronized to a time source. #local stratum 10 # Require authentication (nts or key option) for all NTP sources. #authselectmode require # Specify file containing keys for NTP authentication. keyfile /etc/chrony.keys # Save NTS keys and cookies. ntsdumpdir /var/lib/chrony # Insert/delete leap seconds by slewing instead of stepping. #leapsecmode slew # Get TAI-UTC offset and leap seconds from the system tz database. leapsectz right/UTC # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking [rootServer-Web ~]# systemctl restart chronyd [rootServer-Web ~]# chronyc sources -v .-- Source mode ^ server, peer, # local clock. / .- Source state * current best, combined, - not combined, | / x may be in error, ~ too variable, ? unusable. || .- xxxx [ yyyy ] /- zzzz || Reachability register (octal) -. | xxxx adjusted offset, || Log2(Polling interval) --. | | yyyy measured offset, || \ | | zzzz estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample ^* 203.107.6.88 2 6 17 27 -2343us[-2710us] /- 29ms方法二使用阿里网络授时NTP阿里巴巴开源镜像站-OPSX镜像站-阿里云开发者社区https://developer.aliyun.com/mirror/?spma2c6h.13651102.0.0.3e221b11cfZmgGserviceTypemirror[rootServer-NFS-DNS ~]# vim /etc/chrony.conf server ntp.aliyun.com iburst stratumweight 0 driftfile /var/lib/chrony/drift rtcsync makestep 10 3 bindcmdaddress 127.0.0.1 bindcmdaddress ::1 keyfile /etc/chrony.keys commandkey 1 generatecommandkey logchange 0.5 logdir /var/log/chrony [rootServer-NFS-DNS ~]# systemctl restart chronyd [rootServer-NFS-DNS ~]# chronyc sources -v .-- Source mode ^ server, peer, # local clock. / .- Source state * current best, combined, - not combined, | / x may be in error, ~ too variable, ? unusable. || .- xxxx [ yyyy ] /- zzzz || Reachability register (octal) -. | xxxx adjusted offset, || Log2(Polling interval) --. | | yyyy measured offset, || \ | | zzzz estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample ^* 203.107.6.88 2 6 33 2 -2559us[-2520us] /- 31ms [rootServer-NFS-DNS ~]#2.1.5 配置免密ssh登录Server-Web 生成密钥并同步#生成公钥私钥 [rootServer-Web ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:oLBCm6UkL4uWif4jUCqAfCI4JBj02Mbn0rcTGMr52TA rootServer-Web The keys randomart image is: ---[RSA 3072]---- |o | |o. | |B.* o. | |XO*.o. | |B.E oS | |*o o * o | |* o | |o. . . | | .o.. | ----[SHA256]----- [rootServer-Web ~]# ssh-copy-id 192.168.247.140 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /root/.ssh/id_rsa.pub The authenticity of host 192.168.247.140 (192.168.247.140) cant be established. ED25519 key fingerprint is SHA256:MwFeDvzO5zH2WJgmqNbHzYSG/ixE1/LATvKd4bluCyA. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Authorized users only. All activities may be monitored and reported. root192.168.247.140s password: Number of key(s) added: 1 Now try logging into the machine, with: ssh 192.168.247.140 and check to make sure that only the key(s) you wanted were added. [rootServer-Web ~]# ssh 192.168.247.140 Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. Last login: Sun May 24 13:17:14 2026 from 192.168.247.1 Welcome to 5.10.0-216.0.0.115.oe2203sp4.x86_64 System information as of time: 2026年 05月 24日 星期日 14:25:27 CST System load: 0.02 Memory used: 13.2% Swap used: 0% Usage On: 29% IP address: 192.168.247.140 Users online: 3 [rootServer-NFS-DNS ~]# 注销 Connection to 192.168.247.140 closed. [rootServer-Web ~]#Server-NFS-DNS 生成密钥并同步[rootServer-NFS-DNS ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:za8cYLbBCvjo4KLoE1eRDyoqCgfVgZAm8yFkItkxiDk rootServer-NFS-DNS The keys randomart image is: ---[RSA 3072]---- |*Xo... | |E... | |o* .. | |...o . o o | |..o o S o | |.. . . | |. . . . . . | | . o | |*oo o | ----[SHA256]----- [rootServer-NFS-DNS ~]# ssh-copy-id 192.168.247.141 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /root/.ssh/id_rsa.pub The authenticity of host 192.168.247.141 (192.168.247.141) cant be established. ED25519 key fingerprint is SHA256:MwFeDvzO5zH2WJgmqNbHzYSG/ixE1/LATvKd4bluCyA. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Authorized users only. All activities may be monitored and reported. root192.168.247.141s password: Number of key(s) added: 1 Now try logging into the machine, with: ssh 192.168.247.141 and check to make sure that only the key(s) you wanted were added. [rootServer-NFS-DNS ~]# ssh 192.168.247.141 Authorized users only. All activities may be monitored and reported. Authorized users only. All activities may be monitored and reported. Last login: Sun May 24 13:17:10 2026 from 192.168.247.1 Welcome to 5.10.0-216.0.0.115.oe2203sp4.x86_64 System information as of time: 2026年 05月 24日 星期日 14:30:46 CST System load: 0.06 Memory used: 6.3% Swap used: 0% Usage On: 30% IP address: 192.168.247.141 Users online: 5 [rootServer-Web ~]# exit 注销 Connection to 192.168.247.141 closed. [rootServer-NFS-DNS ~]#三、核心服务部署3.1 Server-NFS-DNSNFSWordPress 部署3.1.1 上传并解压 WordPressWordPress下载地址https://cn.wordpress.org/[rootServer-NFS-DNS ~]# ls / afs bin boot dev etc home lib lib64 lostfound media mnt opt proc root run sbin srv sys tmp usr var wordpress-6.1-zh_CN.zip [rootServer-NFS-DNS ~]# cd / [rootServer-NFS-DNS /]# unzip wordpress-6.1-zh_CN.zip [rootServer-NFS-DNS /]# cd wordpress [rootServer-NFS-DNS wordpress]# ls index.php wp-activate.php wp-comments-post.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php license.txt wp-admin wp-config-sample.php wp-includes wp-login.php wp-signup.php readme.html wp-blog-header.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php [rootServer-NFS-DNS wordpress]#3.1.2 部署NFS服务端目的将Server-NFS-DNS端的/wordpress目录共享给192.168.247.141Server-Web目的将Server-NFS-DNS端的/wordpress目录共享给192.168.247.141Server-Web#安装所需要的软件 [rootServer-NFS-DNS ~]# yum install rpcbind nfs-utils -y #编辑配置文件 [rootServer-NFS-DNS ~]# vim /etc/exports /wordpress 192.168.247.141(rw,sync,all_squash) #设置权限 [rootServer-NFS-DNS ~]# chmod -R 777 /wordpress #防火墙添加服务放行 [rootServer-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-servicemountd success [rootServer-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-servicerpc-bind success [rootServer-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-servicenfs success [rootServer-NFS-DNS ~]# firewall-cmd --reload success #启动服务 [rootServer-NFS-DNS ~]# systemctl start rpcbind [rootServer-NFS-DNS ~]# systemctl start nfs-server [rootServer-NFS-DNS ~]#3.2 Server-WebLNMP 环境部署3.2.1 安装 LNMP[rootServer-Web ~]# yum install nginx mariadb-server php* -y3.2.2 挂载NFS共享目录#安装所需软件 [rootServer-Web ~]# yum install rpcbind nfs-utils -y #查看共享目录 [rootServer-Web ~]# showmount -e 192.168.247.140 Export list for 192.168.247.140: /wordpress 192.168.247.141 #创建挂载目录并挂载 [rootServer-Web ~]# mkdir /wp [rootServer-Web ~]# mount -t nfs 192.168.247.140:/wordpress /wp [rootServer-Web ~]# cd /wp [rootServer-Web wp]# ls index.php wp-activate.php wp-comments-post.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php license.txt wp-admin wp-config-sample.php wp-includes wp-login.php wp-signup.php readme.html wp-blog-header.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php [rootServer-Web wp]#3.2.3 Nginx配置[rootServer-Web ~]# firewall-cmd --permanent --zone public --add-servicehttp success [rootServer-Web ~]# firewall-cmd --reload success [rootServer-Web ~]# vim /etc/nginx/nginx.conf root /wp; [rootServer-Web ~]# systemctl restart nginx3.2.4 Wordpress数据库配置[rootServer-Web ~]# cd /wp [rootServer-Web wp]# ls index.php wp-activate.php wp-comments-post.php wp-cron.php wp-load.php wp-settings.php xmlrpc.php license.txt wp-admin wp-config-sample.php wp-includes wp-login.php wp-signup.php readme.html wp-blog-header.php wp-content wp-links-opml.php wp-mail.php wp-trackback.php [rootServer-Web wp]# cp wp-config-sample.php wp-config.php #编辑wp-config.php配置文件 [rootServer-Web wp]# vim /wp/wp-config.php [rootServer-Web wp]#3.2.5 MariaDb初始化#启动数据库 [rootServer-Web ~]# systemctl start mariadb [rootServer-Web ~]# systemctl enable mariadb Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service. Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service. #在数据库中创建数据库和用户 [rootServer-Web ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.5.29-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type help; or \h for help. Type \c to clear the current input statement. MariaDB [(none)] create database wordpress; Query OK, 1 row affected (0.000 sec) MariaDB [(none)] create user test1localhost identified by 123456; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)] grant all on wordpress.* to test1localhost; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)] exit Bye #重启数据库和nginx [rootServer-Web ~]# systemctl restart mariadb nginx [rootServer-Web ~]#3.3 Server-NFS-DNSDNS 域名解析部署3.3.1 安装所需软件[rootServer-NFS-DNS ~]# yum install bind -y [rootServer-NFS-DNS ~]# firewall-cmd --permanent --zone public --add-servicedns success [rootServer-NFS-DNS ~]# firewall-cmd --reload success [rootServer-NFS-DNS ~]# systemctl start named3.3.2 编辑主配置文件[rootServer-NFS-DNS ~]# vim /etc/named.conf3.3.3修改区域配置文件[rootServer-NFS-DNS ~]# vim /etc/named.rfc1912.zones3.3.4新建区域数据文件并配置解析[rootServer-NFS-DNS ~]# cd /var/named/ [rootServer-NFS-DNS named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves [rootServer-NFS-DNS named]# cp -a named.localhost wp.com.zone [rootServer-NFS-DNS named]# ls data dynamic named.ca named.empty named.localhost named.loopback slaves wp.com.zone [rootServer-NFS-DNS named]# vim wp.com.zone3.4.5 重启服务[rootServer-NFS-DNS named]# systemctl restart named四、项目测试验证将Server-Web端的DNS改为192.168.247.140后并输入www.wp.com域名访问[rootServer-Web ~]# nmtui [rootServer-Web ~]# nmcli c reload [rootServer-Web ~]# nmcli c up ens32 Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4) [rootServer-Web ~]#WordPress 安装初始化五、常见问题排查NFS 挂载失败检查防火墙放行、NFS 配置权限、目录权限 777数据库连接失败核对 wp-config.php 与 MariaDB 库名、用户名、密码一致DNS 解析失败检查 named 配置、区域文件权限、防火墙 53 端口放行Nginx 无法访问检查 root 目录、Nginx 语法nginx -t、服务状态六、总结本文通过双机协同完整实现NFS 文件共享、DNS 域名解析、LNMP 运行 WordPress的企业级综合项目覆盖 Linux 网络服务核心配置可直接作为运维实战项目、课程设计、面试项目使用。
