网站需求:
1.基于域名[www.openlab.com](http://www.openlab.com)可以访问网站内容为 welcome to openlab!!!
2.给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,基于[www.openlab.com/student](http://www.openlab.com/student) 网站访问学生信息,[www.openlab.com/data](http://www.openlab.com/data)网站访问教学资料,网站访问缴费网站(http://www.openlab.com/money网站访问缴费网站)。
3.要求 (1)学生信息网站只有song和tian两人可以访问,其他用户不能访问。
(2)访问缴费网站实现数据加密基于https访问。
一.访问openlab以及三个子网:
#首先关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# yum install -y httpd
OS 5.0 kB/s | 1.9 kB 00:00
everything 5.2 kB/s | 1.9 kB 00:00
EPOL 5.1 kB/s | 1.9 kB 00:00
debuginfo 6.1 kB/s | 2.2 kB 00:00
source 5.5 kB/s | 2.2 kB 00:00
update 5.2 kB/s | 1.9 kB 00:00
update-source 6.3 kB/s | 2.2 kB 00:00
Package httpd-2.4.55-3.oe2309.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@localhost ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@localhost ~]# vim /etc/nginx/conf.d/test_httpd.conf
server {
listen 192.168.168.129:80;
root /www/name/openlab;
server_name www.openlab.com;
location / {
index index.html;
}
}
server {
listen 192.168.168.129:80;
root /www/name/openlab/student;
server_name www.openlab.com/student;
location / {
index index.html;
}
}
server {
listen 192.168.168.129:80;
root /www/name/openlab/data;
server_name www.openlab.com/data;
location / {
index index.html;
}
}
server {
listen 192.168.168.129:80;
root /www/name/openlab/money;
server_name www.openlab.com/money;
location / {
index index.html;
}
}
[root@localhost ~]# mkdir -pv /www/name/openlab/{student,data,money}
mkdir: 已创建目录 '/www/name'
mkdir: 已创建目录 '/www/name/openlab'
mkdir: 已创建目录 '/www/name/openlab/student'
mkdir: 已创建目录 '/www/name/openlab/data'
mkdir: 已创建目录 '/www/name/openlab/money'
[root@localhost ~]# echo welcome to openlab > /www/name/openlab/index.html
[root@localhost ~]# echo 这是学生信息网 > /www/name/openlab/student/index.html
[root@localhost ~]# echo 这是教学资料网 > /www/name/openlab/data/index.html
[root@localhost ~]# echo 这是缴费网 > /www/name/openlab/money/index.html
[root@localhost ~]# systemctl restart nginx用另一台虚拟机来验证访问网站,所以在其/etc/hosts文件中添加网站对应IP地址
[root@192 ~]# vim /etc/hosts
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
192.168.168.129 www.openlab.com
192.168.168.129 www.openlab.com/student
192.168.168.129 www.openlab.com/data
192.168.168.129 www.openlab.com/money
[root@192 ~]# curl http://www.openlab.com
welcome to openlab
[root@192 ~]# curl http://www.openlab.com/student/
这是学生信息网
[root@192 ~]# curl http://www.openlab.com/data/
这是教学资料网
[root@192 ~]# curl http://www.openlab.com/money/
这是缴费网学生网只能song和tian访问:
#增加用户:
[root@node1 ~]# htpasswd -c /etc/nginx/users song
New password:
Re-type new password:
Adding password for user song
[root@node1 ~]# htpasswd -c /etc/nginx/users tian
New password:
Re-type new password:
Adding password for user tian
#修改配置文件
[root@localhost ~]# vim /etc/nginx/conf.d/test_httpd.conf
server {
listen 192.168.168.129:80;
root /www/name/openlab/student;
server_name www.openlab.com/student;
location / {
index index.html;
auth_basic on;
auth_basic_user_file /etc/nginx/users;
}
}二,访问缴费网时需要https:
[root@localhost ~]# vim /etc/nginx/conf.d/test_https.conf
server {
listen 192.168.168.129:443 ssl;
root /www/name/openlab/money/;
ssl_certificate /etc/pki/tls/certs/openlab.crt;
ssl_certificate_key /etc/pki/tls/private/openlab.key;
location / {
index index.html;
}
}
[root@localhost ~]# openssl req -utf8 -new -key openlab.key -x509 -days 365 -out openlab.crt
Could not read private key from openlab.key
[root@localhost ~]# openssl genrsa -out /etc/pki/tls/private/openlab.key
[root@localhost ~]# openssl req -utf8 -new -key /etc/pki/tls/private/openlab.key -x509 -days 365 -out /etc/pki/tls/certs/openlab.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:86
State or Province Name (full name) [Some-State]:xi'an
Locality Name (eg, city) []:shannxi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:open
Organizational Unit Name (eg, section) []:ce
Common Name (e.g. server FQDN or YOUR name) []:local
Email Address []:admin
[root@localhost ~]# systemctl restart nginx最后用另一台虚拟机验证
[root@192 ~]# curl https://192.168.168.129 -k
这是缴费网三架设一台NFS服务器,并按照以下要求配置
1、开放/nfs/shared目录,供所有用户查询资料
2、开放/nfs/upload目录,为192.168.xxx.0/24网段主机可以上传目录,
并将所有用户及所属的组映射为nfs-upload,其UID和GID均为210
3、将/home/tom目录仅共享给192.168.xxx.xxx这台主机,并只有用户tom可以完全访问该目录
前提设置
#服务端及客户端都需要
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install nfs-utils rpcbind -y
[root@localhost ~]# systemctl restart nfs-server#开放/nfs/shared目录,供所有用户查询资料
[root@localhost ~]# vi /etc/exportfs
/nfs/shared *(ro)
[root@localhost etc]# exportfs -r
#2、开放/nfs/upload目录,为192.168.xxx.0/24网段主机可以上传目录,并将所有用户及所属的组映射为nfs-#upload,其UID和GID均为210
[root@localhost ~]# vi /etc/exportfs
/nfs/upload 192.168.239.0/24(rw,all_squash,anonuid=210,anongid=210)
#3、将/home/tom目录仅共享给192.168.xxx.xxx这台主机,并只有用户tom可以完全访问该目录
/home/tom 192.168.239.132(rw)
98
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
