Red Hat 8 – Install NGINX Load Balance DNS

ByDavid Kittell
| | |

Similar to Ubuntu / Raspberry Pi – Install NGINX Load Balance DNS

Some prerequisite posts to look at:

  1. Should Run
    1. Red Hat – Check Subscription / Register Server
    2. SELinux Configuration Change
    3. UNIX – Set SSH Banner
  2. Should Read/Understand
    1. UNIX – Bash Identify Distribution (What OS Am I On)
    2. UNIX – Display Network Information
    3. Strong Password or UNIX Bash – Random Secure Password
    4. NetStat Network Statistics
    5. Uptime Formated
    6. UNIX Terminal – Grep Directory Recursively

First assumption is that you either registered your server with Red Hat during/after the installation or you followed the basic process of #1.1 above.
Second assumption is that you have already ran the process in #1.2 from above to set SELinux to ‘permisive’. (#1.2 is not required but will make things initially easier to work with)

Before running the below switch to root (or login as root)

# Make sure you are running as root
if [ $(whoami) != 'root' ]; then
        echo "Must be root to run $0"
        exit 1;
fi

# Start and Enable SSH service - Usually not needed
systemctl start sshd.service
systemctl enable sshd.service

# Get applicable updates
subscription-manager list
subscription-manager repos > repolist.txt
cat repolist.txt | grep -i -E "extras|supplement|optional|common"
subscription-manager repos --enable=rhel-8-for-x86_64-supplementary-rpms
yum clean all
yum repolist all
yum -y update

# Set Timezone
timedatectl set-timezone America/Detroit
# If you are not sure what your timezone is run a command like this
# ls /usr/share/zoneinfo/
# ls /usr/share/zoneinfo/America/

# Install basic tools (some may already be installed by default)
yum -y install net-tools bind-utils nano wget unzip bzip2

# Install build tools - OPTIONAL
yum -y install gcc gcc-c++ kernel-devel tcl
#yum -y remove gcc gcc-c++ kernel-devel tcl
yum groupinstall 'Development Tools'

# Get current IP Address - See https://www.kittell.net/code/unix-display-network-information/
companyname="Kittell.net"

declare OSVer=$(cat /etc/redhat-release)

declare sCPU=$(grep -c ^processor /proc/cpuinfo )
# echo "CPU: $sCPU"
declare sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 |  tr -d '[:space:]' | sed 's/.\{2\}$//'  | awk '{$1=$1/(1024^2); print int($1+0.5),"GB";}')
  
if [ "$sRamGB" == "0 GB" ]; then
sRamGB=$(cat /proc/meminfo | grep MemTotal | cut -d ":" -f 2 |  tr -d '[:space:]' | sed 's/.\{2\}$//' | awk '{ foo = $1 / 1024 ; print foo " MB" }')
fi
echo "Memory (RAM): $sRamGB"

declare netAdapter=$(nmcli device status | grep en | cut -d " " -f1)
if [ -z "$netAdapter" ]; then
netAdapter=$(nmcli device status | grep eth | cut -d " " -f1)
fi
declare netIP=$(/sbin/ip -o -4 addr list $netAdapter | awk '{print $4}' | cut -d/ -f1)
#declare netCIDR=$(/sbin/ip -o -4 addr list $netAdapter | cut -d ' ' -f7)
declare netMask=$(ipcalc -m $netIP | cut -d '=' -f2)
declare netCIDR=$(ipcalc -p $netIP $netMask | cut -d '=' -f2)
declare netWork=$(ipcalc -n $netIP $netMask | cut -d '=' -f2)
declare banner=$(cat <<EOF
$OSVer
       CPU:      $sCPU
       Memory:   $sRamGB
       Hostname: $(hostname)

Network Information
        Adapter: $netAdapter
             IP: $netIP
        Netmask: $netMask
           CIDR: $netWork/$netCIDR
 
 
EOF
)
echo "$banner"
echo -e "$banner"|sudo tee /etc/motd
clear
cat /etc/motd

# Install Cockpit - Typically is already installed
yum install cockpit

# Verify Cockpit is in firewall list - Typically is already there
firewall-cmd --list-all

# Enable Cockpit - Optional but suggested
systemctl enable --now cockpit.socket
echo "https://${netIP}:9090/system";
# NOTE: By default Cockpit uses a self signed certificate so you will see a screen warning about a bad certificate.

# Install NginX
yum install nginx -y

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf-original
sudo sed -i "/^\s*#/d;s/\s*#[^\"']*$//" /etc/nginx/nginx.conf && sudo sed -i '/^\s*$/d' /etc/nginx/nginx.conf

declare nginx=$(cat <<EOF
stream{
    server {
        listen 53  udp;
        listen 53; #tcp
        proxy_pass      dns_servers;
        error_log       /var/log/nginx/dns.log info;
        proxy_responses 1;
        proxy_timeout   1s;
    }
 
    upstream dns_servers {
        zone dns_mem 64k;
        # List all DNS servers
        server 10.40.20.6:53 fail_timeout=10s;
        server 10.40.20.5:53 fail_timeout=10s;
        server 10.40.20.4:53 fail_timeout=10s;
    }
}
EOF
)
echo "$nginx"

echo "$nginx" >> /etc/nginx/nginx.conf

nginx -t

systemctl stop bind.service
systemctl disable bind.service
systemctl stop dnsmasq.service
systemctl disable dnsmasq.service
sudo sed -i 's/^dns=dnsmasq/#&/' /etc/NetworkManager/NetworkManager.conf
sudo killall dnsmasq

systemctl start nginx.service
systemctl enable nginx.service

systemctl stop NetworkManager.service
#cat /etc/sysconfig/network-scripts/${netAdapter}

firewall-cmd --zone=public --add-port=53/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
firewall-cmd --reload
firewall-cmd --list-all
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.