目录
网站需求:
思路:
实验步骤:
第一步:准备工作
第二步:新建一个存储网页的目录
第三步:修改本地hosts映射
第四步:修改配置文件,建立基于http服务的网站
1)创建用户song和tian并修改密码为123456:
2)设置访问控制,修改主配置文件:
第五步:建立基于https的/money网站
第六步:重启服务,并在Linux经行测试
1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!!
2.给该公司创建三个网站目录分别显示学生信息,教学资料和缴费网站,基于www.openlab.com/data网站访问教学资料
www.openlab.com/student 网站访问学生信息
www.openlab.com/money网站访问缴费网站
3.要求:(1)学生信息网站只有song和tian两人可以访问,其他网站所有用户用能访问。
(2)访问缴费网站实现数据加密基于https访问。
1.准备工作,设备的安装启动以及防火墙和SELinux的关闭;
2.新建一个存储网页的目录,同时建立子目录以及网页内容;
3.修改本地hosts映射
4.修改配置文件: 新建/data以及/student子目录网站,
5.建立https的/money网站:
6.重启服务,并在Linux经行测试。
[root@server ~]# setenforce 0
[root@server ~]# systemctl stop firewalld
[root@server ~]# yum install httpd mod_ssl
[root@server ~]# systemct1 start httpd
[root@server ~]# systemctl enable httpd
[root@node2 ~]# mkdir -p /www/data
[root@node2 ~]# mkdir -p /www/student
[root@node2 ~]# mkdir -p /www/money[root@node2 ~]# echo "welcome to opemlab!" > /var/www/html/index.html
[root@node2 ~]# echo "Python book ,linux book" > /www/data/index.html
[root@node2 ~]# echo "student: Song And Tian" > /www/student/index.html
[root@node2 ~]# echo "give me money " > /www/money/index.html
[root@node2 ~]# vim /etc/hosts
[root@node2 ~]# useradd song
[root@node2 ~]# passwd song
[root@node2 ~]# useradd tian
[root@node2 ~]# passwd tian
2)设置访问控制,修改主配置文件:
设置访问控制:
[root@node2 ~]# htpasswd -c /etc/httpd/passwdop song
New password: # 登陆密码:123456
Re-type new password:
Adding password for user song
[root@node2 ~]# htpasswd /etc/httpd/passwdop tian
New password: # 登陆密码:123456
Re-type new password:
Adding password for user tian修改主配置文件:
[root@node2 ~]# vim /etc/httpd/conf/httpd.conf # 定位第一行
documentroot /www servername 192.168.17.132 allowoverride none require all granted documentroot /www/data alias /data /www/data servername 'data' allowoverride none require all granted documentroot /www/student alias /student /www/student servername 'student' allowoverride none authuserfile "/etc/httpd/passwdop" authname "My privately" authtype "basic" require user song tian
创建私钥文件:
[root@node2 ~]# openssl genrsa -aes128 2048 > /etc/pki/tls/private/mo.key
Enter PEM pass phrase: # 设置密码为123456
Verifying - Enter PEM pass phrase:创建数字证书:
[root@node2 ~]# openssl req -utf8 -new -key /etc/pki/tls/private/mo.key -x509 -days 365 -out /etc/pki/tls/certs/mo.crt
# 指名该证书用到的私钥文件:-key /etc/pki/tls/private/ftp.key
Enter pass phrase for /etc/pki/tls/private/mo.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----- # 证书信息
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:RHCE
Common Name (eg, your name or your server's hostname) []:money
Email Address []:[email protected]
[root@node2 ~]#修改ssl配置文件:(也可以写入主配置文件中)
sslengine on SSlcertificatefile /etc/pki/tls/certs/mo.crt SSLCertificateKeyFile /etc/pki/tls/private/mo.key servername 'money' documentroot /www/money alias /money /www/money allowoverride none require all granted
[root@node2 ~]# systemctl restart httpd
Enter TLS private key passphrase for money:443 (RSA) : ******
在Linux上使用firefox 命令,打开浏览器用域名访问
访问:
访问:http://www.openlab.com/data/
访问: http://www.openlab.com/student
该步骤实验失败:输入网址后会直接进入网站内部,无法访问经行针对性访问。
原因:未知
访问:https://www.openlab.com/money/