综合练习:请给openlab搭建web网站
网站需求:
- 基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!!
- 给该公司创建三个虚拟网站目录分别显示学生信息,教学资料和缴费网站,基于www.openlab.com/student 网站访问学生信息,www.openlab.com/data网站访问教学资料
www.openlab.com/money网站访问缴费网站。 - 要求(1)学生信息网站只有song和tian两人可以访问,其他网站所有用户用能访问。(2)访问缴费网站实现数据加密基于https访问。
步骤
[root@localhost ~]#vim /etc/httpd/conf.d/vhosts.conf
[root@localhost ~]# mkdir /www/openlab -pv
mkdir: created directory ‘/www’
mkdir: created directory ‘/www/openlab’
[root@localhost ~]# echo ‘welcome to openlab!!!’ > /www/openlab/index.html
[root@localhost ~]# systemctl restart httpd
[root@localhost ~]systemctl stop firewalld 停止防火墙
[root@localhost ~]setenforce 0 关闭selinux
[root@localhost ~]#mount /dev/sr0 /mnt/ 挂载
[root@localhost ~]#yum install mod_ssl -y 安装ssl
[root@localhost ~]#rpm -ql mod_ssl
[root@localhost ~]#vim /etc/httpd/conf.d/ssl.conf
[root@localhost ~]#vim /etc/httpd/conf.d/vhosts.conf
[root@localhost ~]# cd /etc/pki/tls/certs/
[root@localhost certs]# ll
total 16
lrwxrwxrwx. 1 root root 49 Feb 25 14:38 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Feb 25 14:38 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-------. 1 root root 1468 Mar 13 20:35 localhost.crt
-rwxr-xr-x. 1 root root 610 Jun 23 2015 make-dummy-cert
-rw-r--r--. 1 root root 2388 Jun 23 2015 Makefile
-rwxr-xr-x. 1 root root 829 Jun 23 2015 renew-dummy-cert
[root@localhost certs]# make openlab.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > openlab.key
Generating RSA private key, 2048 bit long modulus
...........................+++
....................................................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key openlab.key -x509 -days 365 -out openlab.crt -set_serial 0
Enter pass phrase for openlab.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server's hostname) []:www.openlab.com
Email Address []:admin@admin.com
[root@localhost certs]# ll
total 24
lrwxrwxrwx. 1 root root 49 Feb 25 14:38 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Feb 25 14:38 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-------. 1 root root 1468 Mar 13 20:35 localhost.crt
-rwxr-xr-x. 1 root root 610 Jun 23 2015 make-dummy-cert
-rw-r--r--. 1 root root 2388 Jun 23 2015 Makefile
-rw-------. 1 root root 1399 Mar 13 20:49 openlab.crt
-rw-------. 1 root root 1766 Mar 13 20:45 openlab.key
-rwxr-xr-x. 1 root root 829 Jun 23 2015 renew-dummy-cert
[root@localhost ~]#vim /etc/httpd/conf.d/vhosts.conf
[root@localhost certs]# mv openlab.key /etc/pki/tls/private/
[root@localhost certs]# ll
total 20
lrwxrwxrwx. 1 root root 49 Feb 25 14:38 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Feb 25 14:38 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-------. 1 root root 1468 Mar 13 20:35 localhost.crt
-rwxr-xr-x. 1 root root 610 Jun 23 2015 make-dummy-cert
-rw-r--r--. 1 root root 2388 Jun 23 2015 Makefile
-rw-------. 1 root root 1399 Mar 13 20:49 openlab.crt
-rwxr-xr-x. 1 root root 829 Jun 23 2015 renew-dummy-cert
[root@localhost certs]# ll ../private/
total 8
-rw-------. 1 root root 1675 Mar 13 20:35 localhost.key
-rw-------. 1 root root 1766 Mar 13 20:45 openlab.key
[root@localhost certs]# mkdir /text/{student,data,money} -pv
mkdir: created directory ‘/text’
mkdir: created directory ‘/text/student’
mkdir: created directory ‘/text/data’
mkdir: created directory ‘/text/money’
[root@localhost certs]# echo this is student > /text/student/index.html
[root@localhost certs]# echo this is data > /text/data/index.html
[root@localhost certs]# echo this is money > /text/money/index.html
[root@localhost ~]# htpasswd /etc/httpd/usr song
New password:
Re-type new password:
Adding password for user song
[root@localhost ~]# htpasswd /etc/httpd/usr tian
New password:
Re-type new password:
Adding password for user tian
[root@localhost ~]# vim /etc/httpd/conf.d/vhosts.conf
[root@localhost ~]# systemctl restart httpd
Enter SSL pass phrase for www.openlab.com:443 (RSA) : ******