网站需求:
1.基于域名[www.openlab.com](http://www.openlab.com)可以访问网站内容为 welcome to openlab!!!
2.给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,基于[www.openlab.com/student](http://www.openlab.com/student) 网站访问学生信息,[www.openlab.com/data](http://www.openlab.com/data)网站访问教学资料[www.openlab.com/money网站访问缴费网站](http://www.openlab.com/money网站访问缴费网站)。
3.要求 (1)学生信息网站只有song和tian两人可以访问,其他用户不能访问。
(2)访问缴费网站实现数据加密基于https访问。
前提配置
#关闭防火墙,stenforce并确认关闭状态
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl status firewalld
[root@localhost ~]# getenforce
#安装相应包并启动
[root@localhost ~]# yum install nginx
[root@localhost ~]# systemctl start nginx
要求一:
自定义nginx配置文件根据域名访问
#自定义nginx配置文件
[root@localhost ~]# vi /etc/nginx/conf.d/test_name.conf
server {
listen 192.168.239.129:80;
root /www/name/openlab;
server_name www.openlab.com;
location / {
index index.html;
}
}
#.根据配置在主机创建数据文件
[root@localhost ~]# vi /etc/nginx/conf.d/test_name.conf
[root@localhost ~]# mkdir /www/name/openlab -pv
[root@localhost ~]# echo welcome to openlabmkdir > /www/name/openlab/index.html
#重启
[root@localhost ~]# systemctl restart nginx.service
要求二:
配置虚拟目录
server {
listen 192.168.239.129:80;
root /www/name/openlab;
location /student/ {
alias /openlab/student;
}
}
server {
listen 192.168.239.129:80;
root /www/name/openlab;
location /data/ {
alias /openlab/data;
}
}
server {
listen 192.168.239.129:80;
root /www/name/openlab;
location /money/ {
alias /openlab/money;
}
}
#创建相应目录和文件
[root@localhost openlab]# mkdir /openlab/{student,data,money} -pv
[root@localhost openlab]# echo this is student > /openlab/student/index.html
[root@localhost openlab]# echo this is data > /openlab/data/index.html
[root@localhost openlab]# echo this is money > /openlab/data/money.html
[root@localhost openlab]# systemctl restart nginx
要求三:
1.用户控制
server {
listen 192.168.239.129:80;
root /www/name/openlab;
location /student/ {
alias /openlab/student;
auth_base on;
autn_base_user_file /etc/nginx/users;
}
}
#通过htpasswd添加验证
[root@localhost openlab]# htpasswd -c /etc/nginx/users song
New password:
Re-type new password:
Adding password for user song
[root@localhost openlab]# htpasswd -c /etc/nginx/users tian
New password:
Re-type new password:
Adding password for user tian
2.http访问数据加密
[root@localhost openlab]# yum install mod_ssl
#更改配置
server {
listen 192.168.239.129:80 ssl;
root /www/name/openlab;
ssl_certificate /etc/pki/tls/certs/openlab.crt;
ssl_certificate_key /etc/pki/tls/private/openlab.key;
location /money/ {
alias /openlab/money;
}
[root@localhost openlab]# mkdir /www/https
[root@localhost openlab]# echo this is https > /www/https/index.html
#生成密钥文件
[root@localhost certs]# cd ../private
[root@localhost private]# openssl genrsa 2048 > openlab.key
[root@localhost private]# ll
total 4
-rw-r--r--. 1 root root 1704 Jan 13 07:03 openlab.key
#生成证书
[root@localhost certs]# openssl req -utf8 -new -key ../private/openlab.key -x509 -days 365 -out openlab.crt
[root@localhost certs]# ll
-rw-r--r--. 1 root root 1322 Jan 13 07:10 openlab.crt
#启动服务
[root@localhost certs]# systemctl restart nginx
架设一台NFS服务器,并按照以下要求配置
1、开放/nfs/shared目录,供所有用户查询资料
2、开放/nfs/upload目录,为192.168.xxx.0/24网段主机可以上传目录,并将所有用户及所属的组映射为nfs-upload,其UID和GID均为210
3、将/home/tom目录仅共享给192.168.xxx.xxx这台主机,并只有用户tom可以完全访问该目录
前提配置
#服务端及客户端都需要
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install nfs-utils rpcbind -y
[root@localhost ~]# systemctl restart nfs-server
#1、开放/nfs/shared目录,供所有用户查询资料
[root@localhost ~]# vi /etc/exportfs
/nfs/shared *(ro)
[root@localhost etc]# exportfs -r
#2、开放/nfs/upload目录,为192.168.xxx.0/24网段主机可以上传目录,并将所有用户及所属的组映射为nfs-#upload,其UID和GID均为210
[root@localhost ~]# vi /etc/exportfs
/nfs/upload 192.168.239.0/24(rw,all_squash,anonuid=210,anongid=210)
#3、将/home/tom目录仅共享给192.168.xxx.xxx这台主机,并只有用户tom可以完全访问该目录
/home/tom 192.168.239.132(rw)