RHCSA【四】

最新推荐文章于 2024-08-30 17:32:44 发布

Samons_

最新推荐文章于 2024-08-30 17:32:44 发布

阅读量65

点赞数

文章标签： linux 服务器 centos

本文链接：https://blog.csdn.net/Samons_/article/details/126264210

版权

一、配置使用ssl完成https访问apache服务器

[root@localhost conf.d]# systemctl status firewalld
[root@localhost conf.d]# systemctl stop firewalld
[root@localhost conf.d]# setenforce 0
[root@localhost ~]# yum install mod_ssl -y
[root@localhost ~]# mkdir /www/myssl
[root@localhost www]# echo ‘this is my first https page.’ > ./myssl/index.html
[root@localhost ~]# cd /etc/httpd/conf.d
[root@localhost conf.d]# vim myssl.conf

[root@localhost conf.d]# systemctl restart httpd

二、配置访问apache的cgi程序

[root@localhost conf.d]# cd /var/www/cgi-bin/
[root@localhost cgi-bin]# vim test.cgi

[root@localhost cgi-bin]# chmod +x test.cgi

三、nfs挂载

a.开放/nfs/shared目录，供所有用户查询资料
服务端:

#首先关闭防火墙和SELINUX的状态
RPC主程序：rpcbind
NFS主程序：nfs-utils
[root@localhost conf.d]# yum install rpcbind nfs-utils -y
[root@localhost conf.d]# systemctl restart nfs-server.service
[root@localhost conf.d]# vim /etc/exports

[root@localhost ~]# mkdir /nfs/shared -p
[root@localhost ~]# touch /nfs/shared/file{a…e}
[root@localhost shared]# exportfs -r

客户端：

[root@localhost ~]# showmount -e 192.168.30.133
[root@localhost ~]# mount 192.168.30.133:/nfs/shared /mnt
[root@localhost ~]# cd /mnt
[root@localhost mnt]# ll
total 0
-rw-r–r–. 1 root root 0 Jul 29 22:24 filea
-rw-r–r–. 1 root root 0 Jul 29 22:24 fileb
-rw-r–r–. 1 root root 0 Jul 29 22:24 filec
-rw-r–r–. 1 root root 0 Jul 29 22:24 filed
-rw-r–r–. 1 root root 0 Jul 29 22:24 filee
[root@localhost mnt]# touch 1
touch: cannot touch ‘1’: Read-only file system

b.开放/nfs/upload目录，该目录为192.168.xxx.0/24网段的主机的数据上传目录
服务端：

[root@localhost shared]# vim /etc/exports

[root@localhost shared]# mkdir /nfs/upload -p
[root@localhost nfs]# chmod o+w /nfs/upload/
[root@localhost nfs]# ll
total 0
drwxr-xr-x. 2 root root 71 Jul 29 22:24 shared
drwxr-xrwx. 2 root root 6 Jul 29 22:38 upload
[root@localhost nfs]# touch /nfs/upload/test{a…c}
[root@localhost nfs]# cd upload/
[root@localhost upload]# ll
total 0
-rw-r–r–. 1 root root 0 Jul 29 22:41 testa
-rw-r–r–. 1 root root 0 Jul 29 22:41 testb
-rw-r–r–. 1 root root 0 Jul 29 22:41 testc
[root@localhost upload]# useradd -u 2001 nfs-upload
[root@localhost upload]# groupmod -g 2001 nfs-upload
[root@localhost upload]# id nfs-upload
uid=2001(nfs-upload) gid=2001(nfs-upload) groups=2001(nfs-upload)
[root@localhost upload]# exportfs -r

客户端：

[root@localhost mnt]# showmount -e 192.168.30.133
Export list for 192.168.30.133:
/nfs/upload 192.168.30.0/24
[root@localhost mnt]# useradd -u 2001 nfs-upload
[root@localhost mnt]# groupmod -g 2001 nfs-upload
[root@localhost mnt]# mount 192.168.30.133:/nfs/upload /media/
[root@localhost mnt]# cd /media/
[root@localhost media]# ll
total 0
-rw-r–r–. 1 root root 0 Jul 29 22:41 testa
-rw-r–r–. 1 root root 0 Jul 29 22:41 testb
-rw-r–r–. 1 root root 0 Jul 29 22:41 testc

c.将/home/tom (该目录为uid=111, gid=111的tom用户的家目录）目录仅共享给192…168.xxx.128这台主机上的Jerry用户，Jerry对该目录具有访问、新建和删除文件的权限
服务端：

[root@localhost shared]# vim /etc/exports

[root@localhost upload]# useradd -u 1111 tom
[root@localhost upload]# id tom
uid=1111(tom) gid=1111(tom) groups=1111(tom)
[root@localhost upload]# touch /home/tom/tm{a…c}
[root@localhost upload]# exportfs -r

客户端：

[root@localhost media]# showmount -e 192.168.30.133
Export list for 192.168.30.133:
/nfs/upload 192.168.30.0/24
/home/tom 192.168.30.137
[root@localhost media]# useradd -u 1111 tom
[root@localhost media]# id tom
uid=1111(tom) gid=1111(tom) groups=1111(tom)
[root@localhost media]# mount 192.168.30.133:/home/tom /mnt

四、autofs自动挂载

远程nfs服务器要的目录为/nfs/autofs
客户端的挂载目录/data/autofs
且设置自动卸载时间为60秒

服务端：

[root@localhost upload]# mkdir /nfs/autofs -p
[root@localhost upload]# chmod o+w /nfs/autofs/
[root@localhost upload]# vim /etc/exports

客户端：

[root@localhost media]# yum install autofs -y
[root@localhost media]# mkdir /data/autofs -p
[root@localhost media]# vim /etc/auto.master

[root@localhost etc]# vim /etc/auto.data

[root@localhost etc]# vim /etc/auto.data
[root@localhost etc]# vim /etc/autofs.conf
[root@localhost etc]# systemctl restart autofs

五、使用https来访问的web服务器：要求使用自签名的CA签名证书（openssl. x.509）.crt 以及私钥

5.1. 生成证书
生成私钥

openssl genrsa -des3 -out myCA.key 2048
##openssl genrsa 用于生成RSA私钥，不会生成公钥，因为公钥提取自私钥
##-des3为加密方式
##2048为生成秘钥长度
##可以加上-nodes参数，禁止进行加密，即可不运行下面的消除密码

消除私钥key的密码
openssl rsa -in myCA.key -out myCA.key
生成pem文件
openssl req -utf8 -x509 -new -nodes -key myCA.key -sha256 -days 825 -out myCA.pem

5.2. 创建CA签名证书
生成私钥
openssl genrsa -out server.key 2048
创建证书签名请求

openssl req -new -key server.key -out server.csr
##Common Name应该与域名保持一致，否则会引起浏览器警告

为扩展创建一个配置文件

server.ext cat <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.baidu.com # Be sure to include the domain name here because Common Name is not so commonly honoured by itself
DNS.2 = www.sougou.com # Optionally, add additional domains (I’ve added a subdomain here)
IP.1 = 192.168.1.1 # Optionally, add an IP address (if the connection which you have planned requires it) EOF
##chrome 会查看当前域名是否在证书中声明，该声明由 subjectAltName 字段设置。上述的生成步骤默认未设置该字段