WEB服务器搭建(二)

一、SSL认证

WEB服务器搭建(二)_第1张图片WEB服务器搭建(二)_第2张图片WEB服务器搭建(二)_第3张图片

二、基于虚拟目录和用户控制

WEB服务器搭建(二)_第4张图片

三、综合以上搭建Web服务器

(1)搭建一个基于https://www.linuxprobe.com访问的网站,tom和jack可以访问该网站,该页面的内容为welcome to linuxprobe,但是rose无法访问该页面;
(2)在该网站的基础上建立一个虚拟目录/mimi,访问该目录时显示的内容为this is linuxprobe mimi,同时只有rose可以访问该虚拟目录
具体操作:(实验环境 redhat 7.2)

关闭防火墙及SELinux
[root@www /]#systemctl stop firewalld
[root@www /]#setenforce 0

基本配置文件:
[root@www /]# vi /etc/httpd/conf.d/ linuxprobe.conf


authtype basic
authname “Please login:”
authuserfile /etc/httpd/mysecretpwd
require user tom jack

listen 7777

documentroot / linuxprobe /domain
servername www.linuxprobe.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/ linuxprobe.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ linuxprobe.key


allowoverride none
authtype basic
authname “Please login:”
authuserfile /etc/httpd/mysecretpwd
require user rose

listen 6666

documentroot / linuxprobe/mulu
alias /mimi / linuxprobe/mulu
servername www.linuxprobe.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/ linuxprobe.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ linuxprobe.key

创建文件目录:
mkdir –p / linuxprobe/domain
echo welcome to linuxprobe > /linuxprobe/domain/index.html
mkdir –p / linuxprobe/mulu
echo this is linuxprobe mimi > /linuxprobe/mulu/index.html

配置证书:/etc/pki/tls/certs
[root@www certs]# make linuxprobe.crt
umask 77 ;
/usr/bin/openssl genrsa -aes128 2048 > linuxprobe1.key
Generating RSA private key, 2048 bit long modulus
…+++
e is 65537 (0x10001)
Enter pass phrase:(redhat)
Verifying - Enter pass phrase:(redhat)
umask 77 ;
/usr/bin/openssl req -utf8 -new -key linuxprobe1.key -x509 -days 365 -out linuxprobe1.crt -set_serial 0
Enter pass phrase for linuxprobe1.key:(redhat)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]: linuxprobe
Organizational Unit Name (eg, section) []: linuxprobe
Common Name (eg, your name or your server’s hostname) []: linuxprobe
Email Address []: linuxprobe.com

添加用户:
htpasswd –c /etc/httpd/mysecretpwd tom
htpasswd /etc/httpd/mysecretpwd jack
htpasswd /etc/httpd/mysecretpwd rose -------------密码均为redhat

更改hosts文件
[root@www /]#vim /etc/hosts
192.168.253.128 www. linuxprobe.com

重启服务:
在这里插入图片描述
[root@www linuxprobe]# systemctl restart httpd.service
Enter SSL pass phrase for www. linuxprobe.com:443 (RSA) : ******

进行实际测试:
1.访问 https://www.linuxprobe.com:7777
tom jack 可以成功登录访问
WEB服务器搭建(二)_第5张图片WEB服务器搭建(二)_第6张图片
rose 登录失败,从而不能访问
WEB服务器搭建(二)_第7张图片WEB服务器搭建(二)_第8张图片
2.访问 https://www.linuxprobe.com:6666/mimi/
tom jack 登录失败,从而不能访问
WEB服务器搭建(二)_第9张图片WEB服务器搭建(二)_第10张图片
rose 可以成功登录访问 实际访问到 /linuxprobe/mulu/index.html
WEB服务器搭建(二)_第11张图片

你可能感兴趣的:(技术,Web服务搭建)