配置局域网yum源和apt源服务

有时为了方便服务器环境，不管是生产还是测试环境，都禁止访问Internet网络，但这种一刀切的方法，有时对安装环境带来有些不变，特别是开发人员要在测试环境服务器安装依赖库，你总不能花时间手动安装依赖环境，所以利用一台代理服务器，去替局域网服务器完成这些工作，总比在各个机器上挂载ISO镜像要便捷的多。

总体架构如下

一般在硬件防火墙测配置好服务器网段禁止访问Internet网络策略，然后在Nginx Server上添加server{}段配置。

建议有局域网DNS服务器的最好添加一条解析记录，不然yum源或者apt源使用局域网IP地址，以后搞不好换IP地址所有配>置又要重新分发并更新配置，很麻烦。

编辑nginx.conf文件

1
  server {
2
    listen       443;
3
    server_name  mirrors.koevn.com;   # 例子
4

5
    # 其他配置省略
6

7
    location /ubuntu/ {
8
      proxy_pass http://mirrors.aliyun.com/ubuntu/;
9
    }
10

11
    location /centos/ {
12
      proxy_pass http://mirrors.aliyun.com/centos/;
13
    }
14

15
    location /debian/ {
16
      proxy_pass http://mirrors.aliyun.com/debian/;
17
    }
18

19
    location /epel/ {
20
      proxy_pass http://mirrors.aliyun.com/epel/;
21
    }
22

23
    # 其他配置省略
24

25
  }

以上配置完成后，验证配置语法是否错误，然后重载Nginx服务，那么局域网yum源或者apt源代理服务已经完成。

接下来以Centos 7操作系统为例，其他发行版操作系统则稍作修改就行。首先备份/etc下的yum repo文件再删除

1
mkdir -pv /opt/repo_bak
2
mv /etc/yum.repos.d/*.repo /opt/repo_bak/
3
touch CentOS-Base.repo && touch epel.repo

编辑CentOS-Base.repo文件

1
# CentOS-Base.repo
2
#
3
# The mirror system uses the connecting IP address of the client and the
4
# update status of each mirror to pick mirrors that are updated to and
5
# geographically close to the client.  You should use this for CentOS updates
6
# unless you are manually picking other mirrors.
7
#
8
# If the mirrorlist= does not work for you, as a fall back you can try the
9
# remarked out baseurl= line instead.
10
#
11
#
12

13
[base]
14
name=CentOS-$releasever - Base - aliyun.com
15
baseurl=http://mirrors.koevn.com/centos/$releasever/os/$basearch/
16
gpgcheck=1
17
gpgkey=http://mirrors.koevn.com/centos/RPM-GPG-KEY-CentOS-7
18

19
#released updates
20
[updates]
21
name=CentOS-$releasever - Updates - aliyun.com
22
baseurl=http://mirrors.koevn.com/centos/$releasever/updates/$basearch/
23
gpgcheck=1
24
gpgkey=http://mirrors.koevn.com/centos/RPM-GPG-KEY-CentOS-7
25

26
#additional packages that may be useful
27
[extras]
28
name=CentOS-$releasever - Extras - aliyun.com
29
baseurl=http://mirrors.koevn.com/centos/$releasever/extras/$basearch/
30
gpgcheck=1
31
gpgkey=http://mirrors.koevn.com/centos/RPM-GPG-KEY-CentOS-7
32

33
#additional packages that extend functionality of existing packages
34
[centosplus]
35
name=CentOS-$releasever - Plus - aliyun.com
36
baseurl=http://mirrors.koevn.com/centos/$releasever/centosplus/$basearch/
37
gpgcheck=1
38
enabled=0
39
gpgkey=http://mirrors.koevn.com/centos/RPM-GPG-KEY-CentOS-7

编辑epel.repo文件

1
[epel]
2
name=Extra Packages for Enterprise Linux 7 - $basearch
3
baseurl=http://mirrors.koevn.com/epel/7/$basearch
4
failovermethod=priority
5
enabled=1
6
gpgcheck=1
7
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
8

9
[epel-debuginfo]
10
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
11
baseurl=http://mirrors.koevn.com/epel/7/$basearch/debug
12
failovermethod=priority
13
enabled=0
14
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
15
gpgcheck=1
16

17
[epel-source]
18
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
19
baseurl=http://mirrors.koevn.com/epel/7/SRPMS
20
failovermethod=priority
21
enabled=0
22
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

然后清除yum缓存再重新生成新缓存

1
yum clean all && yum makecache

最后就实现了在局域网内，没有开放Internet网络权限的服务器，也能正常yum安装软件依赖环境。

配置局域网yum源和apt源服务

https://huoshen.pages.dev/cn/p/8e1a2736/

作者

Koevn

发布于

2025年1月22日

许可协议

CC BY-NC-SA 4.0