1.要求搭建web服务器,能够访问到网页内容为“小胖,你咋这么胖呢!”
关闭防火墙和seliunx
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Permissive
切换到默认路径再将内容写入页面中
[root@localhost ~]# cd /var/www/html/ --- http服务的默认路径(/var/www/html/) [root@localhost html]# ll total 4 -rw-r--r--. 1 root root 11 Mar 26 19:43 index.html [root@localhost html]# echo 小胖,你咋这么胖呢! > index.html 网页默认页面(index.html)
测试
[root@localhost ~]# curl http://192.168.223.128 小胖,你咋这么胖呢!
2.要求搭建web服务器,创建基于域名的虚拟主机,能够使用www.xiaopang.com和www.dapang.com访问各自的网站网站存放路径分别为/xiaopang和/dapang,内容自定。
关闭防火墙和seliunx
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Permissive
在host文件中对一个IP添加多个域名
window下的hosts文件:C:\Windows\System32\drivers\etc\hosts
192.168.223.128 www.xiaopang.com 192.168.223.128 www.dapang.com
在子配置文件里修改配置
[root@localhost ~]# vim /etc/httpd/conf.d/vhosts.conf <VirtualHost 192.168.223.128:80> DocumentRoot "/xiaopang" ServerName www.xiaopang.com ErrorLog "/var/log/httpd/dummy-128.example.com-error_log" CustomLog "/var/log/httpd/dummy-128.example.com-access_log" common </VirtualHost> <VirtualHost 192.168.223.128:80> DocumentRoot "/dapang" ServerName www.dapang.com ErrorLog "/var/log/httpd/dummy-128.example.com-error_log" CustomLog "/var/log/httpd/dummy-128.example.com-access_log" common </VirtualHost> <Directory /xiaopang> --- 开启网站主路径权限 AllowOverride none Require all granted </Directory> <Directory /dapang> AllowOverride none Require all granted </Directory> [root@localhost ~]# mkdir /{xiaopang,dapang} --- 创建资源文件 [root@localhost ~]# echo this is xiaopang > /xiaopang/index.html --- 在网页中添加内容 [root@localhost ~]# echo this is dapang > /dapang/index.html [root@localhost ~]# systemctl restart httpd --- 重启
3.创建虚拟目录真实物理位置在/usr/local/hehe,内容自定
创建多级目录
[root@localhost ~]# cd /usr/local/ [root@localhost local]# mkdir hehe
写入内容
[root@localhost hehe]# echo "你怎么这么好看" > index.html
在子配置目录中修改配置
[root@localhost conf.d]# vim vhosts.conf <VirtualHost 192.168.223.128:80> DocumentRoot "/xiaopang" Alias /hehe /usr/local/hehe ServerName www.xiaopang.com ErrorLog "/var/log/httpd/dummy-128.example.com-error_log" CustomLog "/var/log/httpd/dummy-128.example.com-access_log" common </VirtualHost> <Directory /usr/local/hehe> AllowOverride none Require all granted </Directory> [root@localhost conf.d]# systemctl restart httpd --- 重启服务
测试
4.创建虚拟目录真实物理位置在/usr/local/maomao,内容自定,但允许abc和xyz用户通过密码访问。
创建目录写入内容
[root@localhost ~]# cd /usr/local [root@localhost local]# cd maomao [root@localhost maomao]# echo "this is maomao" > index.html
在子配置目录中修改配置
[root@localhost maomao]# vim /etc/httpd/conf.d/vhosts.conf <VirtualHost 192.168.223.128:80> DocumentRoot "/xiaopang" Alias /maomao /usr/local/maomao ServerName www.xiaopang.com ErrorLog "/var/log/httpd/dummy-128.example.com-error_log" CustomLog "/var/log/httpd/dummy-128.example.com-access_log" common </VirtualHost> <Directory /usr/local/maomao> AuthType Basic AuthName "Please login" AuthuserFile /usr/local/userfile Require user abc xyz </Directory>
创建对应的用户文件,添加用户信息
[root@localhost maomao]# htpasswd -c /usr/local/userfile abc New password: Re-type new password: Adding password for user abc [root@localhost maomao]# htpasswd /usr/local/userfile xyz New password: Re-type new password: Adding password for user xyz [root@localhost maomao]# systemctl restart httpd
测试
[root@localhost local]# curl http://www.xiaopang.com/maomao/ -u xyz Enter host password for user 'xyz': this is maomao [root@localhost local]# curl http://www.xiaopang.com/maomao/ -u abc Enter host password for user 'abc': this is maomao
综合练习:给openlab搭建web网站
网站需求:
1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!!
给网页写入内容
[root@localhost ~]# cd /openlab [root@localhost openlab]# echo 'welcome to openlab!!!' > index.html
修改子配置文件
[root@localhost openlab]# vim /etc/httpd/conf.d/vhosts.conf <VirtualHost 192.168.223.128:80> DocumentRoot "/openlab" ServerName www.openlab.com ErrorLog "/var/log/httpd/dummy-129.example.com-error_log" CustomLog "/var/log/httpd/dummy-129.example.com-access_log" common </VirtualHost> <Directory /openlab> AllowOverride none Require all granted </Directory>
域名解析
[root@localhost ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.223.128 www.openlab.com
重启服务
[root@localhost openlab]# systemctl restart httpd
通过liunx主机访问网站
[root@localhost ~]# curl http://www.openlab.com welcome to openlab!!!
2.给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,基于www.openlab.com/student网站访问学生信息,www.openlab.com/data网站访问教学资料,www.openlab.com/money网站访问缴费网站。
创建三个子目录
[root@localhost openlab]# mkdir student data money [root@localhost openlab]# ll total 0 drwxr-xr-x. 2 root root 6 Apr 1 17:16 data drwxr-xr-x. 2 root root 6 Apr 1 17:16 money drwxr-xr-x. 2 root root 6 Apr 1 17:16 student
在子界面写入内容
[root@localhost openlab]# cd /data [root@localhost data]# echo 教学资料 > index.html [root@localhost data]# cd ../student [root@localhost student]# echo 学生信息 > index.html [root@localhost student]# cd ../money [root@localhost money]# echo 缴费网站 > index.html
通过liunx主机访问网站
[root@localhost ~]# curl http://www.openlab.com/data/ 教学资料 [root@localhost ~]# curl http://www.openlab.com/student/ 学生信息 [root@localhost ~]# curl http://www.openlab.com/money/ 缴费网站
3.要求(1)学生信息网站只有song和tian两人可以访问,其他用户不能访问。
(2)访问缴费网站实现数据加密基于https访问。
修改子配置文件
<Directory /openlab/student> AuthType Basic AuthName "Please login" AuthBasicProvider file AuthuserFile /etc/httpd/userfile Require user song tian </Directory>
创建web端用户
[root@localhost openlab]# htpasswd -c /etc/httpd/userfile song New password: Re-type new password: Adding password for user song [root@localhost openlab]# htpasswd /etc/httpd/userfile tian New password: Re-type new password: Adding password for user tian
重启服务,测试
[root@localhost ~]# curl http://www.openlab.com/student/ -u song Enter host password for user 'song': 学生信息 [root@localhost ~]# curl http://www.openlab.com/student/ -u tian Enter host password for user 'tian': 学生信息
加载mod_ssl认证模块
[root@localhost ~]# yum install mod_ssl -y
生成自签名证书
[root@localhost ~]# cd /etc/pki/tls/certs [root@localhost certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ../private/openlab.key -x509 -days 365 -out openlab.crt Generating a RSA private key ...............................................................++++ ............................................................................++++ writing new private key to '../private/openlab.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:86 State or Province Name (full name) []:shannxi Locality Name (eg, city) [Default City]:xi'an Organization Name (eg, company) [Default Company Ltd]:xianoupeng Organizational Unit Name (eg, section) []:ce Common Name (eg, your name or your server's hostname) []:localhost Email Address []:admin@admin.com [root@localhost certs]# ll total 4 lrwxrwxrwx. 1 root root 49 Jun 17 2021 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem lrwxrwxrwx. 1 root root 55 Jun 17 2021 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt -rw-r--r--. 1 root root 2114 Apr 1 18:36 openlab.crt [root@localhost certs]# ll ../private/ total 8 -rw-------. 1 root root 3272 Apr 1 18:35 openlab.key -rw-------. 1 root root 3272 Mar 31 16:38 oplab.key
修改配置
<VirtualHost 192.168.223.128:443> DocumentRoot "/openlab" ServerName www.openlab.com SSLEngine on SSLCertificateFile /etc/pki/tls/certs/openlab.crt SSLCertificateKeyFile /etc/pki/tls/private/openlab.key </VirtualHost> <Directory /openlab> AllowOverride none Require all granted </Directory>
域名解析
# localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost 192.168.223.128 www.xiaopang.com 192.168.223.128 www.dapang.com 192.168.223.128 www.openlab.com
重启服务测试
[root@localhost ~]# systemctl restart httpd