任务:
搭建一个基于https://www.zuoye.com访问的web网站,网站首页在/www/https/,内容为exercise。客户端使用你搭建的dns服务器做域名解析访问该网站。
1.安装https和mod_ssl服务包和关闭防火墙和selinux
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# yum install mod_ssl -y
[root@localhost certs]# systemctl stop firewalld.service
[root@localhost certs]# setenforce 0
2.进入https配置文件中配置https网页文件信息
[root@localhost certs]# vim /etc/httpd/conf.d/https.conf
<Virtualhost 192.168.175.129:443>
documentroot /www/https
servername www.zuoye.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/openlab.crt
SSLCertificateKeyFile /etc/pki/tls/certs/openlab.key
</Virtualhost>
<Directory /www/https>
allowoverride none
require all granted
</Directory>
3.创建目录和添加网页内容
[root@localhost certs]# mkdir /www/https -p
[root@localhost certs]# echo exercise > /www/https/index.html
4.配置证书文件
[root@localhost certs]# openssl genrsa -aes128 2048 > openlab.key
[root@localhost certs]# openssl req -utf8 -new -key openlab.key -x509 -days 365 -out openlab.crt
5.重启服务访问测试
[root@localhost certs]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ******
[root@localhost certs]# curl -k https://192.168.175.129
exercise
6.安装dns服务包进入配置
[root@localhost certs]# yum install bind -y
[root@localhost certs]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
};
zone "zuoye.com" IN {
type master;
file "named.zuoye.com" ;
};
7.配置dns解析
[root@localhost certs]# cp /var/named/named.localhost /var/named/named.zuoye.com
[root@localhost certs]# vim /var/named/named.zuoye.com
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.175.129
www A 192.168.175.129
8.为本地添加DNS服务器
[root@localhost certs]# vim /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search localdomain
nameserver 192.168.175.129
nameserver 192.168.175.2
9.最后进行域名访问测试
任务完成。
感谢观看,希望对你也有帮助。