目录
4.autofs自动挂载远程nfs服务器目录为/nfs/autofs,客户端的挂载目录/data/autofs,且设置自动卸载时间为60秒
5.使用https来访问的web服务器要求使用自签名的CA签名证书(openssl, x.509) .crt,以及私钥
1.配置使用ssl完成https访问apache服务器
#设置ssl要访问的目录和index.html
[root@server www]# mkdir myssl
[root@server www]# cd myssl/
[root@server myssl]# echo "This is my first https page" > index.html
[root@localhost ~]# vim /etc/httpd/conf.d/myssl.conf
<Directory "/www/myssl">
AllowOverride None
Require all granted
</Directory>
<VirtualHost 192.168.5.200:443>
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite PROFILE=SYSTEM #加密套件
SSLCertificateFile /etc/pki/tls/certs/localhost.crt #证书位置(自动生成)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key #私钥位置(自动生成)
DocumentRoot "/www/myssl"
</VirtualHost>
[root@localhost ~]# systemctl restart httpd
[root@server ~]# curl --insecure https://192.168.5.200
This is my first https page
2.配置访问apache的cgi程序
[root@server ~]# vim /www/mybin/test.cgi
#!/bin/bash
printf "Content-Type: text/html;charset=utf-8\n\n";
printf "Hello, World.";
#修改权限
[root@server mybin]# chmod 755 /www/mybin/test.cgi
[root@server mybin]# ll /www/mybin/test.cgi
-rwxr-xr-x 1 root root 89 Jul 30 20:58 /www/mybin/test.cgi
[root@server ~]# vim /etc/httpd/conf.d/myhosts.conf
<Directory "/www/ip">
AllowOverride None
Require all granted
</Directory>
<Directory "/www/mybin">
AllowOverride None
Require all granted
</Directory>
<VirtualHost 192.168.5.100:80>
DocumentRoot "/www/ip/100"
ScriptAlias "/bin" "/www/mybin"
</VirtualHost>
<VirtualHost 192.168.5.200:80>
DocumentRoot "/www/ip/200"
</VirtualHost>
[root@server mybin]# systemctl restart httpd
[root@server mybin]# curl 192.168.5.100/bin/test.cgi
Hello, World.[root@server mybin]#
3.nfs挂载
a、开放/nfs/shared目录,供所有用户查询资料;
服务端:
[root@server ~]# vim /etc/exports
/nfs/shared *(ro)
[root@server ~]# mkdir -p /nfs/shared
[root@server ~]# cd /nfs/shared/
[root@server shared]# echo 123 > share.txt
[root@server shared]# systemctl restart rpcbind
[root@server shared]# systemctl restart nfs-server
[root@server shared]# showmount -e 192.168.5.128
Export list for 192.168.5.128:
/nfs/shared *
客户端:
[root@client ~]# showmount -e 192.168.5.128
Export list for 192.168.5.128:
/nfs/shared *
[root@client ~]# mount 192.168.5.128:/nfs/shared /mnt
[root@client ~]# cd /mnt/
[root@client mnt]# ll
total 4
-rw-r--r--. 1 root root 4 Jul 30 21:25 share.txt
b、开放/nfs/upload目录,该目录为192.168.xxx.0/24网段的主机的数据上传目录,并将所有该网段主机上传文件的所属者和所属组映射为nfs-upload,其UID和GID为2001;
服务端:
[root@server shared]# mkdir /nfs/upload
[root@server shared]# useradd -u 2001 nfs-upload
[root@server shared]# vim /etc/exports
/nfs/shared *(ro)
/nfs/upload 192.168.5.0/24(rw,all_squash,anonuid=2001,anongid=2001)
[root@server nfs]# chmod o+w /nfs/upload/
[root@server nfs]# ll -d upload/
drwxr-xrwx 2 root root 6 Jul 30 21:57 upload/
[root@server shared]# systemctl restart rpcbind
[root@server shared]# systemctl restart nfs-server
客户端:
[root@client ~]# mount 192.168.5.128:/nfs/upload /upload
[root@client upload]# touch test.txt
[root@client upload]# ll
total 0
-rw-r--r--. 1 2001 2001 0 Jul 30 22:03 test.txt
服务端:
[root@server nfs]# ll upload/
total 0
-rw-r--r-- 1 nfs-upload nfs-upload 0 Jul 30 22:03 test.txt
c、将/home/tom(该目录为uid=1111,gid=1111的tom用户的家目录)目录仅共享
给192.168.xxx.129这台主机上的jerry用户,jerry对该目录具有访问、新建和删除文件的权限。
服务端:
[root@server nfs]# useradd -u 1111 tom
[root@server nfs]# vim /etc/exports
/nfs/shared *(ro)
/nfs/upload 192.168.5.0/24(rw,all_squash,anonuid=2001,anongid=2001)
/home/tom 192.168.5.129/255.255.255.0(rw,all_squash,anonuid=1111,anongid=1111)
[root@server nfs]# systemctl restart rpcbind
[root@server nfs]# systemctl restart nfs-server
客户端:
[root@client ~]# useradd -u 1111 jerry
[root@client ~]# mkdir /tom
[root@client ~]# showmount -e 192.168.5.128
Export list for 192.168.5.128:
/nfs/shared *
/home/tom 192.168.5.129/255.255.255.0
/nfs/upload 192.168.5.0/24
[root@client ~]# mount 192.168.5.128:/home/tom /tom
[root@client ~]# cd /tom
[root@client tom]# touch test.txt
[root@client tom]# ll
total 0
-rw-r--r--. 1 jerry jerry 0 Jul 30 22:36 test.txt
[root@client tom]# rm -f test.txt
[root@client tom]# ll
total 0
4.autofs自动挂载
远程nfs服务器目录为/nfs/autofs,客户端的挂载目录/data/autofs,且设置自动卸载时间为60秒
服务端:
[root@server nfs]# vim /etc/exports
/nfs/shared *(ro)
/nfs/upload 192.168.5.0/24(rw,all_squash,anonuid=2001,anongid=2001)
/home/tom 192.168.5.129/255.255.255.0(rw,all_squash,anonuid=1111,anongid=1111)
/nfs/autofs *(ro)
[root@server nfs]# mkdir /nfs/autofs
[root@server nfs]# echo 123 > /nfs/autofs/test.txt
[root@server nfs]# systemctl restart rpcbind
[root@server nfs]# systemctl restart nfs-server
客户端:
[root@client tom]# vim /etc/auto.master
# Sample auto.master file
# This is a 'master' automounter map and it has the following format:
# mount-point [map-type[,format]:]map [options]
# For details of the format look at auto.master(5).
#
/data /etc/auto.mynfs --timeout 60
/misc /etc/auto.misc
…………
[root@client tom]# vim /etc/auto.mynfs
autofs 192.168.5.128:/nfs/autofs
[root@client tom]# mkdir -p /data/autofs
[root@client tom]# systemctl restart autofs
[root@client tom]# mount | grep /data
/etc/auto.mynfs on /data type autofs (rw,relatime,fd=6,pgrp=3474,timeout=60,minproto=5,maxproto=5,indirect,pipe_ino=53804)
#触发自动挂载
[root@client ~]# cd /data/autofs
[root@client autofs]# mount | grep /data/autofs
192.168.5.128:/nfs/autofs on /data/autofs type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.5.129,local_lock=none,addr=192.168.5.128)
5.使用https来访问的web服务器
要求使用自签名的CA签名证书(openssl, x.509) .crt,以及私钥
生成 RSA 私钥和自签名证书
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt
req是证书请求的子命令,-newkey rsa:2048 -keyout private_key.pem 表示生成私钥(PKCS8格式),-nodes 表示私钥不加密,若不带参数将提示输入密码;
-x509表示输出证书,-days365 为有效期,此后根据提示输入证书拥有者信息;
若执行自动输入,可使用-subj选项:openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/emailAddress=yy@vivo.com"
#生成私钥和自签名证书
[root@server ~]# mkdir my_key_cert
[root@server ~]# cd my_key_cert/
[root@server my_key_cert]# openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=vivo.com/emailAddress=yy@vivo.com"
[root@server my_key_cert]# ls
cert.crt rsa_private.key
#设置ssl要访问的目录和index.html
[root@server www]# mkdir mycert
[root@server www]# cd mycert/
[root@server mycert]# echo "This is my first cert page" > index.html
[root@localhost ~]# vim /etc/httpd/conf.d/myssl.conf
<Directory "/www/mycert">
AllowOverride None
Require all granted
</Directory>
<VirtualHost 192.168.5.128:443>
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite PROFILE=SYSTEM
SSLCertificateFile /root/my_key_cert/cert.crt #生成的证书位置
SSLCertificateKeyFile /root/my_key_cert/rsa_private.key #生成的私钥位置
DocumentRoot "/www/mycert"
</VirtualHost>
[root@localhost ~]# systemctl restart httpd
[root@server mycert]# systemctl restart httpd
[root@server mycert]# curl --insecure https://192.168.5.128
This is my first cert page