准备工作:
关闭防火墙:
[root@huawei ~]# systemctl stop firewalld
[root@huawei ~]# setenforce 0
安装软件:
[root@huawei ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@huawei ~]# yum install httpd -y
安装加密模块:
[root@huawei ~]# yum install mod_ssl -y
开始工作:
1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!!
生成密钥对,私发证书:
[root@huawei conf.d]# cd
[root@huawei ~]# cd /etc/pki/tls/private
[root@huawei private]#
[root@huawei private]# openssl genrsa 2048 > openlab.key
[root@huawei certs]# openssl req -utf8 -new -key
/etc/pki/tls/private/openlab.key -x509 -days 365 -out openlab.crt
写信息:
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:yanan
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server's hostname) []:www.openlab.com
Email Address []:admin@admin.com
定义配置:
<VirtualHost 192.168.150.138:443>
DocumentRoot /private
ServerName 192.168.150.138
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/openlab.crt
SSLCertificateKeyFile /etc/pki/tls/private/openlab.key
</VirtualHost>
<Directory /private>
allowOverride none
Require all granted
</Directory>
检查:
最后工作:
[root@huawei certs]# mkdir /private
[root@huawei certs]# echo welcome to openlab! > /private/index.html
[root@huawei certs]# systemctl restart httpd
结果如下:
2.给该公司创建三个网站目录分别显示学生信息,教学资料和缴费网站,基于www.openlab.com/student 网站访问学生信息,www.openlab.com/data网站访问教学资料
www.openlab.com/money网站访问缴费网站。
配置网站目录:
<Directory /private/student>
allowOverride none
Require all granted
</Directory>
<Directory /private/data>
allowOverride none
Require all granted
</Directory>
<Directory /private/money>
allowOverride none
Require all granted
</Directory>
创建目录信息:
[root@huawei certs]# mkdir /private/{student,data,money} -pv
mkdir: 已创建目录 '/private/student'
mkdir: 已创建目录 '/private/data'
mkdir: 已创建目录 '/private/money'
添加网站:
[root@huawei certs]# echo Mr.Wu Mr.Li Mr.Wang > /private/student/index.html
[root@huawei certs]# echo Chinese Math English > /private/data/index.html
[root@huawei certs]# echo 28000 29000 > /private/money/index.html
[root@huawei certs]# systemctl restart httpd
结果如下:
3.学生信息网站只有song和tian两人可以访问,其他网站所有用户用能访问。
修改访问权限:
<Directory /private/student>
allowOverride none
AuthType Basic
AuthName "please login...."
AuthUserFile /etc/httpd/users
Require user song tian
</Directory>
创建用户文件:
[root@huawei certs]# htpasswd -c /etc/httpd/users song
New password:
Re-type new password:
Adding password for user song
[root@huawei certs]# htpasswd /etc/httpd/users tian
New password:
Re-type new password:
Adding password for user tian
[root@huawei certs]# systemctl restart httpd
检查用户:
结果如下: