RHCE作业

最新推荐文章于 2024-06-26 19:38:40 发布

loong34

最新推荐文章于 2024-06-26 19:38:40 发布

阅读量228

点赞数

文章标签： linux apache 服务器

本文链接：https://blog.csdn.net/Theresa777/article/details/126110637

版权

1.配置使用ssl完成https访问apache服务器

yum install mod_ssl -y

echo "This is nt first https page" > /var/www/html/index.html

vim /etc/httpd/conf.d/myhosts.conf

写入

<Directory /var/www/html>

  AllowOverride none

  Require all granted

</Directory>



<VirtualHost 192.168.86.128:443>

  DocumentRoot "/var/www/html"

  ServerName 192.168.86.128

  SSLEngine on

  SSLProtocol all -SSLv2

  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

  SSLCertificateFile /etc/pki/tls/certs/localhost.crt

  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

</VirtualHost>

重启httpd服务

systemctl restart httpd

https://192.168.86.128

2.配置访问apache的cgi程序

vim /etc/httpd/conf/httpd.conf

配置 AddHandler cgi-script .cgi .pl 这段代码被注释掉了，将注释去掉

vim /var/www/cgi-bin/test.cgi

写入

<Directory /var/www/html>

  AllowOverride none

  Require all granted

</Directory>



<VirtualHost 192.168.86.128:443>

  DocumentRoot "/var/www/html"

  ServerName 192.168.86.128

  SSLEngine on

  SSLProtocol all -SSLv2

  SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

  SSLCertificateFile /etc/pki/tls/certs/localhost.crt

  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

</VirtualHost>

chmod 755 /var/www/cgi-bin/test.cgi

vim /etc/httpd/conf.d/myhosts.conf

写入

<Directory " /var/www/cgi-bin">

AllowOverride None

options +ExecCGI

AddHandler cgi-script .cgi

Require all granted

</Directory>

Listen 9000

<VirtualHost 192.168.86.128:9000>

DocumentRoot " /var/www/cgi-bin"

ServerName 192.168.86.128

</VirtualHost>

systemctl restart httpd

192.168.86.128:9000/cgi-bin/test.cgi

3.nfs挂载

a、开放/nfs/shared目录，供所有用户查询资料

yum install rpcbind -y

yum install nfs-utils -y

systemctl stop firewalld.service

setenforce 0

systemctl start rpcbind

systemctl start nfs-server

mkdir -p /nfs/shared

vim /etc/exports

/nfs/shared 192.168.86.0/24(ro)

systemctl restart nfs-server

在客户端进行下面的配置

mkdir -p /client/shuju

服务器检测

showmount -e 192.168.86.128

客户端检测

showmount -e 192.168.86.128

客户端挂载

mount 192.168.102.131:/nfs/shared /client/shuju

服务器添加内容

客户端查看内容

b、开放/nfs/upload目录，该目录为192.168.xxx.0/24网段的主机的数据上传目录，

并将所有该网段主机上传文件的所属者和所属组映射为nfs-upload,其UID和GID为2001；

vim /etc/exports

mkdir /nfs/upload -p

chmod o+w /nfs/upload/

添加共享的用户及所属组映射为nfs-upload，其UID和GID均为2001

useradd -u 2001 nfs-upload

groupmod -g 2001 nfs-upload

重启

exportfs -r

客户端

useradd -u 2001 nfs-upload

groupmod -g 2001 nfs-upload

mount 192.168.86.128:/nfs/upload /client/download

查看文件

c、将/home/tom（该目录为uid=1111，gid=1111的tom用户的家目录）目录仅共享

给192.168.xxx.129这台主机上的jerry用户，jerry对该目录具有访问、新建和

删除文件的权限。

vim /etc/exports

创建tom用户

useradd -u 1111 tom

touch /home/tom/{a..e}

重启exportfs -r

客户端创建jerry用户

useradd -u 1111 jerry

挂载

mount 192.168.86.128:/home/tom /client/user

更改内容

服务器的内容

4.autofs自动挂载

远程nfs服务器要的目录为/nfs/autofs

客户端的的挂载目录/data/autofs

且设置自动卸载时间为60秒

mkdir -p /nfs/autofs

chmod o+w /nfs/autofs

vim /etc/exports

切换到客户端

dnf install -y autofs

mkdir -p /data/autofs

vim /etc/auto.master

vim /etc/auto.data

autofs -fstype=nfs,rw 192.168.86.128:/nfs/autofs

vim /etc/autofs.conf

systemctl restart autofs

5.使用https来访问的web服务器:

要求使用自签名的CA签名证书(openssl, x.509) .crt

以及私钥

自签名CA根证书

/root/ca目录下创建4个子目录：

newcerts：存放CA签署过的数字证书。

private：存放CA的私钥。

conf：存放一些简化参数用的配置文件。

server：存放服务器证书文件。

制作ca.key 私钥

openssl genrsa -out /root/ca/private/ca.key 2048

生成pem格式的根证书

openssl req -x509 -new -nodes \

-key /root/ca/private/ca.key \

-sha256 -days 1024 \

-out /root/ca/private/ca.pem

.pem转化为.crt(用于浏览器信任)

openssl x509 -outform der -in /root/ca/private/ca.pem -out /root/ca/private/ca.crt

签发服务器证书（客户端证书同理）

创建文件ca.conf

vim /root/ca/conf/ca.conf 写入

[req]

default_bits = 2048

prompt = no

default_md = sha256

distinguished_name = dn



[dn]

C = CN

ST = SHANXI

L = XIAN

O = fire

OU = ice

emailAddress = 3@fire.cn

CN = *.fire.cn

创建文件v3.ext

vim /root/ca/conf/v3.ext

authorityKeyIdentifier=keyid,issuer

basicConstraints=CA:FALSE

keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

subjectAltName = @alt_names



[alt_names]

DNS.1 = *.fire.cn

DNS.2 = localhost

IP.1 = 192.168.86.128

IP.2 = 192.168.86.129

生成服务端证书签名请求，同时生成服务端私钥（nginx用）

openssl req -new -sha256 -nodes \

-out /root/ca/server/server.csr \

-newkey rsa:2048 -keyout /root/ca/server/server.key \

-config /root/ca/conf/ca.cnf

用ca私钥以ca的名义(ca.pem)给网站证书签名，加上v3.ext中的配置

openssl x509 -req -in /root/ca/server/server.csr \

-CA /root/ca/private/ca.pem \

-CAkey /root/ca/private/ca.key \

-CAcreateserial -out /root/ca/server/server.crt -days 1800 -sha256 -extfile /root/ca/conf/v3.ext