要求
搭建一个基于https://www.zuoye.com访问的web网站,网站首页在/www/https/,内容为exercise。客户端使用你搭建的dns服务器做域名解析访问该网站。
- 装包
mod_ssl(安全套接层ssl协议)
httpd(提供Apache主程序)
bind(提供DNS服务,配置DNS服务器需要)
yum install httpd -y
yum install mod_ssl -y
yum install bind -y
2. 配置https协议
mkdir /www/https/ -p
echo exercise > /www/https/index.html
cd /etc/pki/tls/certs/
openssl genrsa -aes128 2048 > nmsl.key
openssl req -utf8 -new -key nmsl.key -x509 -days 365 -out nmsldezhengshu.crt -set_serial 0
chmod 600 *.crt
vim /etc/httpd/conf.d/zuoye.conf
<virtualhost 192.168.86.129>
documentroot /www/https
servername 192.168.86.129
serveralias www.zuoye.com
sslengine on
sslcertificatefile /etc/pki/tls/certs/nmsldezhengshu.crt
sslcertificatekeyfile /etc/pki/tls/certs/nmsl.key
<directory /www/https>
allowoverride none
require all granted
setenforce 0
getenforce
直接访问IP地址成功
curl https://192.168.108.138 --insecure
exercise
因为host文件没给ip配置域名,所以直接访问域名不成功
curl https://www.zuoye.com --insecure
3. 配置DNS服务器并投入使用
进入/etc/named.conf配置文件内容
Windows中
在 C:\WINDOWS\System32\drivers\etc 下的hosts中存放着window的本地域名,在解析域名时,会先浏览本文件,然后再去访问DNS。
vim /var/named/www.zuoye.com
$TTL 1D
zuoye.com. IN SOA www.zuoye.com admin.zuoye.com. (07311757 1D 1H 1W 3H )
IN NS www.zuoye.com.
IN MX 8 mail.zuoye.com.
mail IN A 172.24.24.1
www IN A 192.168.56.129
wwww IN CNAME www
然后重启bind服务
systemctl restart named
然后修改/etc/resolv.conf文件内的dns
接下来访问域名
curl https://www.zuoye.com --insecure 加上–insecure可强制访问
至此试验完成。