https、虚拟目录、用户控制搭建web实验
实验要求
-
基于域名www.openlab.com可以访问网站内容为“welcom to openlab!!!”
-
给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,基于www.openlab.com/student网站访问学生信息,www.openlab.com/data网站访问教学资料www.openlab.com/money网站访问缴费网站。
-
要求
学生信息网站只有zhangsan和lisi两个人可以访问,其他用户不能访问
访问缴费网站实现数据加密基于https访问
搭建虚拟目录和用户控制的web
🚀在开始实验之前,要配置好本地yum源、安装http包,关闭firewalld和selinuxsetenforce 0
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
🚀在/etc/httpd/conf.d/vhosts.conf
创建虚拟主机配置文件,并且配置域名为www.openlab.com的web网站
[root@localhost ~]# vim /etc/httpd/conf.d/vhosts.conf
<Virtualhost 192.168.133.150:80>
Documentroot /www/openlab
ServerName www.openlab.com
</Virtualhost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
[root@localhost ~]# mkdir -pv /www/openlab
mkdir: created directory '/www'
mkdir: created directory '/www/openlab'
[root@localhost ~]# echo "welcome to openlab!!!" > /www/openlab/index.html
echo "welcome to openlabmkdir -pv /www/openlab!" > /www/openlab/index.html
🚀配置本地和windows的hosts文件
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.133.150 www.openlab.com
[root@localhost ~]# curl www.openlab.com
welcome to openlab!!!
创建虚拟目录
🚀通过别名创建虚拟目录并且目录标签定义
[root@localhost ~]# vim /etc/httpd/conf.d/vhosts.conf
<Virtualhost 192.168.133.150:80>
Documentroot /www/openlab
ServerName www.openlab.com
alias /student /students
alias /data /datas
alias /money /moneys
</Virtualhost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
<Directory /students>
AllowOverride none
Require all granted
</Directory>
<Directory /datas>
AllowOverride none
Require all granted
</Directory>
<Directory /moneys>
AllowOverride none
Require all granted
</Directory>
🚀创建相应的目录和内容,并且在linux中测试
[root@localhost ~]# mkdir /{students,datas,moneys}
[root@localhost ~]# echo "学生信息" > /students/index.html
[root@localhost ~]# echo "教学资料" > /datas/index.html
[root@localhost ~]# echo "缴费网站" > /moneys/index.html
[root@localhost ~]# systemctl restart httpd.service
[root@localhost ~]# curl www.openlab.com/student/
学生信息
[root@localhost ~]# curl www.openlab.com/data/
教学资料
[root@localhost ~]# curl www.openlab.com/money/
缴费网站
用户控制
🚀在配置文件student的目录标签里设置访问控制,然后创建相应的用户
[root@localhost ~]# vim /etc/httpd/conf.d/vhosts.conf
<Virtualhost 192.168.133.150:80>
Documentroot /www/openlab
ServerName www.openlab.com
alias /student /www/students
alias /data /www/datas
alias /money /www/moneys
</Virtualhost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
<Directory /students>
AllowOverride none
AuthType Basic
AuthName "Please login:"
AuthUserFile /etc/httpd/users
Require user zhangsan lisi
</Directory>
<Directory /datas>
AllowOverride none
Require all granted
</Directory>
<Directory /moneys>
AllowOverride none
Require all granted
</Directory>
[root@localhost ~]# htpasswd -c /etc/httpd/user zhangsan
New password:
Re-type new password:
Adding password for user zhangsan
[root@localhost ~]# htpasswd /etc/httpd/user lisi
New password:
Re-type new password:
Adding password for user lisi
访问缴费网站基于https
😊创建证书密钥和证书文件
[root@localhost ~]# openssl req -newkey rsa -nodes -keyout openlab.key -x509 -days 365 -out openlab.crtt
Generating a RSA private key
.................................................+++++
...........................................................................+++++
writing new private key to 'openlab.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:jiangsu
Locality Name (eg, city) [Default City]:nanjing
Organization Name (eg, company) [Default Company Ltd]:nanhang
Organizational Unit Name (eg, section) []:zj
Common Name (eg, your name or your server's hostname) []:zj
Email Address []:root@localhost
😊在vhost配置文件中配置
[root@localhost ~]# vim /etc/httpd/conf.d/vhosts.conf
<Virtualhost 192.168.133.150:80>
Documentroot /www/openlab
ServerName www.openlab.com
alias /student /www/students
alias /data /www/datas
</Virtualhost>
<Virtualhost 192.168.133.150:443>
Documentroot /www/moneys
ServerName www.openlab.com
alias /money /www/moneys
SSLEngine on
SSLCertificateFile /root/openlab.crtt
SSLCertificatekeyFile /root/openlab.key
</Virtualhost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
<Directory /students>
AllowOverride none
AuthType Basic
AuthName "Please login:"
AuthUserFile /etc/httpd/users
Require user zhangsan lisi
</Directory>
<Directory /datas>
AllowOverride none
Require all granted
</Directory>
<Directory /moneys>
AllowOverride none
Require all granted
</Directory>