web服务器NFS服务器配置练习

基础前提配置保证：

1.服务器关防火墙、selinux

2.安装web服务程序nginx

[root@node1 ~]# systemctl stop firewalld
[root@node1 ~]# setenforce 0
[root@node1 ~]# yun install nginx
[root@node1 ~]# nmtui 

 3.当前主机添加多地址（ip a）

1.基于域名[www.openlab.com](http://www.openlab.com)可以访问网站内容为 welcome to openlab!!!

 （1）创建 /etc/nginx/conf.d/test_name.conf文件，进行域名编写

[root@localhost 131]# vim /etc/nginx/conf.d/test_name.conf

server {
        listen 192.168.247.131:80;
        root /www/name/openlab;
        server_name www.openlab.com;
        location / {
                index index.html;
        }
}

（2）重启nginx,创建域名文件

[root@localhost 131]# mkdir /www/name/openlab -pv
mkdir: 已创建目录 '/www/name/openlab'
[root@localhost 131]# echo Welcome to openlab > /www/name/openlab/index.html

 （3）在linux上追加域名

[root@localhost 131]# vim /etc/hosts

# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
192.168.247.131 www.openlab.com

（4）最后成功访问网站

[root@localhost 131]# curl www.openlab.com
Welcome to openlab

2.给该公司创建三个子界面分别显示学生信息，教学资料和缴费网站，基于[www.openlab.com/student](http://www.openlab.com/student) 网站访问学生信息，[www.openlab.com/data](http://www.openlab.com/data)网站访问教学资料，网站访问缴费网站(http://www.openlab.com/money网站访问缴费网站)。
 

创建虚拟目录
[root@localhost ~]# vim /etc/nginx/conf.d/test_alias.conf
server {
        listen 192.168.247.132:80;
        root /www/name/openlab;
        location /student/ {
                alias /openlab/student/;
        }
}
server {
        listen 192.168.247.132:80;
        root /www/name/openlab;
        location /data/ {
                alias /openlab/data/;
        }
}
server {
        listen 192.168.247.132:80;
        root /www/name/openlab;
        location /money/ {
                alias /openlab/money/;
        }
}
创建目录，内容写入
[root@localhost ~]# mkdir /openlab/{student,data,money} -pv
[root@localhost ~]# echo this is student > /openlab/student/index.html
[root@localhost ~]# echo this is data > /openlab/data/index.html
[root@localhost ~]# echo this is money > /openlab/money/index.html
[root@localhost ~]# systemctl restart nginx.service
[root@localhost ~]# curl http://www.openlab.com/student

 

3.要求

（1）学生信息网站只有song和tian两人可以访问，其他用户不能访问。

 

在学生信息网站编辑用户控制
[root@localhost ~]# vim /etc/nginx/conf.d/test_alias.conf

server {
        listen 192.168.247.132:80;
        root /www/name/openlab;
        location /student/ {
                alias /openlab/student/;
                auth_basic no;
                auth_basic_user_file /etc/ngnix/users;
        }
}

[root@localhost ~]# systemctl restart nginx #重新加载nginx
[root@localhost ~]# htpasswd -c /etc/nginx/usrs song
New password: 
Re-type new password: 
Adding password for user song
[root@localhost ~]# htpasswd -c /etc/nginx/usrs tian
New password: 
Re-type new password: 
Adding password for user tian

（2）访问缴费网站实现数据加密基于https访问。

1.修改虚拟配置文件
[root@localhost certs]# vim /etc/nginx/conf.d/test_alias.conf

server {
        listen 192.168.247.132:443 ssl;
        root /www/name/openlab;
        ssl_certificate /etc/pki/tls/certs/openlab.crt;
        ssl_certificate_key /etc/pki/tls/private/openlab.key;
        location /money/ {
                alias /openlab/money/;
        }
}

2.重启nginx，是否正常运行，创建/www/https文件夹
[root@localhost certs]# systemctl restart nginx
[root@localhost certs]# mkdir /www/https
[root@localhost certs]# echo this is https > /www/https/index.html
3.生成密钥文件
[root@localhost certs]# cd ../private
[root@localhost private]# openssl genrsa 2048 > openlab.key
[root@localhost private]# ll
总计 4
-rw-r--r--. 1 root root 1704  1月19日 08:55 openlab.key
4.生成证书
[root@localhost private]# cd ../certs/
[root@localhost certs]# openssl req -utf8 -new -key ../private/openlab.key -x509 -days 365 -out openlab.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:86
State or Province Name (full name) [Some-State]:sichuan
Locality Name (eg, city) []:localhost
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ii
Organizational Unit Name (eg, section) []:en
Common Name (e.g. server FQDN or YOUR name) []:ni
Email Address []:@amin.com
[root@localhost certs]# ll
总计 4
lrwxrwxrwx. 1 root root   49  9月21日 23:34 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55  9月21日 23:34 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1375  1月19日 09:00 openlab.crt
5.重启服务
[root@localhost certs]# systemctl restart nginx

 

架设一台NFS服务器，并按照以下要求配置
1、开放/nfs/shared目录，供所有用户查询资料
2、开放/nfs/upload目录，为192.168.xxx.0/24网段主机可以上传目录，
并将所有用户及所属的组映射为nfs-upload,其UID和GID均为210
3、将/home/tom目录仅共享给192.168.xxx.xxx这台主机，并只有用户tom可以完全访问该目录

#服务端及客户端配置前提
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install nfs-utils rpcbind -y
[root@localhost ~]# systemctl restart nfs-server

 

#1、开放/nfs/shared目录，供所有用户查询资料  
 
[root@localhost ~]# vi /etc/exportfs
/nfs/shared *(ro)
 
[root@localhost etc]# exportfs -r
 
 
#2、开放/nfs/upload目录，为192.168.xxx.0/24网段主机可以上传目录，并将所有用户及所属的组映射为nfs-#upload,其UID和GID均为210
[root@localhost ~]# vim /etc/exportfs
 
/nfs/upload 192.168.239.0/24(rw,all_squash,anonuid=210,anongid=210)
 
 
#3、将/home/tom目录仅共享给192.168.xxx.xxx这台主机，并只有用户tom可以完全访问该目录
 
/home/tom 192.168.239.132(rw)