综合练习:请给openlab搭建web网站,网站需求:
1、基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!!
第一步:准备工作
# 恢复快照
# 关闭selinux和firewalld软件
[root@server ~]# setenforce 0
[root@server ~]# systemctl stop firewalld
#安装软件,启动服务
[root@server ~]# yum install httpd -y
[root@server ~]# systemctl start httpd
[root@server ~]# systemctl enable httpd
第二步:创建目录以及文件,写入网站内容
[root@server ~]# mkdir -p /www/openlab
[root@server openlab]# echo "welcome to openalb!!!" > /www/openlab/index.html
第三步:手动配置IP地址与域名的映射关系
#linux端
[root@server openlab]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.86.131 www.openlab.com
第四步:编辑主配置文件
[root@server openlab]# vim /etc/httpd/conf/httpd.conf
<virtualhost 192.168.86.131>
documentroot /www/openlab
servername www.openlab.com
<directory /www/openlab>
allowoverride none
require all granted
</directory>
</virtualhost>
第五步:重启服务,测试
[root@server openlab]# systemctl restart httpd
#打开Linux端,输入www.openlab.com进行测试
2、给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,基于www.openlab.com/student 网站访问学生信息,www.openlab.com/data网站访问教学资料www.openlab.com/money网站访问缴费网站
第一步:创建三个目录以及文件,写入网站内容
[root@server openlab]# mkdir -p /www/student
[root@server openlab]# mkdir -p /www/data
[root@server openlab]# mkdir -p /www/money
[root@server openlab]# echo "学生信息" > /www/student/index.html
[root@server openlab]# echo "教学资料" > /www/data/index.html
[root@server openlab]# echo "缴费网站" > /www/money/index.html
第二步:编辑主配置文件
[root@server ~]# vim /etc/httpd/conf/httpd.conf
<virtualhost 192.168.86.131>
documentroot /www/openlab
servername www.openlab.com
<directory /www/openlab>
allowoverride none
require all granted
</directory>
</virtualhost>
<virtualhost 192.168.86.131:80>
servername www.openlab.com
documentroot /www/openlab
alias /data /www/data
alias /student /www/student
alias /money /www/money
<directory /www/openlab>
allowoverride none
require all granted
</directory>
<directory /www>
allowoverride none
require all granted
</directory>
</virtualhost>
第三步:重启服务,测试
[root@server openlab]# systemctl restart httpd
#打开Linux端,分别输入www.openlab.com/student、www.openlab.com/data、www.openlab.com/money进行测试
3、要求
(1) 学生信息网站只有song和tian两人可以访问,其他用户不能访问
第一步:创建文件、用户和密码
[root@server ~]# touch /etc/httpd/user
[root@server ~]# htpasswd -c /etc/httpd/user song
New password: #密码:123456
Re-type new password: #再输入一次
Adding password for user song
[root@server ~]# htpasswd /etc/httpd/user tian
New password: #密码:123456
Re-type new password: #再输入一次
Adding password for user tian
第二步:编辑主配置文件
[root@server ~]# vim /etc/httpd/conf/httpd.conf
<directory /www/student>
authtype basic
authname "pleaselogin"
authuserfile /etc/httpd/user
allowoverride none
require user song tian
</directory>
第三步:重启服务,测试
[root@server openlab]# systemctl restart httpd
#打开Linux端,输入www.openlab.com/student,输入用户名和密码进行测试
(2) 访问缴费网站实现数据加密基于https访问
第一步:安装软件
[root@server ~]# yum install mod_ssl -y
第二步:建立基于https的缴费网站
[root@server ~]# openssl genrsa -aes128 2048 > /etc/pki/tls/private/money.key
Enter PEM pass phrase: # 输入私钥加密的密码:123456
Verifying - Enter PEM pass phrase: # 在输入一遍
# 设置数字证书,如下:
[root@server ~]# openssl req -utf8 -new -key /etc/pki/tls/private/money.key -x509 -days 365 -out /etc/pki/tls/certs/money.crt
Enter pass phrase for /etc/pki/tls/private/money.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:RHCE
Common Name (eg, your name or your server's hostname) []:server
Email Address []:lyl@qq.com
第三步:编辑配置文件
[root@server ~]# vim /etc/httpd/conf.d/ssl.conf
<virtualhost 192.168.86.131:443>
sslengine on
SSLCertificateFile /etc/pki/tls/certs/money.crt
SSLCertificateKeyFile /etc/pki/tls/private/money.key
servername www.openlab.com
documentroot /www/money
alias /money /www/money
<directory /www/money>
allowoverride none
require all granted
</directory>
</virtualhost>
第四步:重启服务,测试
[root@server ~]# systemctl restart httpd
🔐 Enter TLS private key passphrase for www.openlab.com:443 (RSA) : ****** #密码:123456
在linux端打开火狐浏览器输入https://www.openlab.com/money
选择高级,接受并继续