第七天
https
身份验证
证书 --- 客户端验证服务端身份
证书公钥加密 --- 服务端私钥解密 --- 服务端验证客户端身份 --- 非对称秘钥
数据交互
通过协商好的对称算法开始数据交互
https的加密传输
1.不需要设置密码
首先挂载,关闭防火墙等一系列操作
然后安装httpd和mod_ssl
[root@A ~]# yum install mod_ssl
使用openssl生成证书
X.509 --- 通用的证书格式包含三个文件: key , csr , crt 。key --- 是私钥文件。csr --- 是证书签名请求文件,用于提交给证书颁发机构( CA )对证书签名。crt --- 是由证书颁发机构( CA )签名后的证书,或者是开发者自签名的证书,包含证书持有人的信息,持有 人的公钥,以及签署者的签名等信息。X.509 --- 通用的证书格式包含三个文件: key , csr , crt 。key --- 是私钥文件。csr --- 是证书签名请求文件,用于提交给证书颁发机构( CA )对证书签名。crt --- 是由证书颁发机构( CA )签名后的证书,或者是开发者自签名的证书,包含证书持有人的信息,持有人的公钥,以及签署者的签名等信息。
[root@A ~]# openssl req -newkey rsa -nodes -keyout openlab.key -x509 -days 365 -out openlab.crt
Generating a RSA private key
.............................+++++
......+++++
writing new private key to 'openlab.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:jiangsu
Locality Name (eg, city) [Default City]:nanjin
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:admin
[root@A ~]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost 192.168.10.129:443> --- 443监听端口
ServerName 192.168.10.129
DocumentRoot /www/openlab
SSLEngine on
SSLCertificateFile /root/openlab.crt
SSLCertificateKeyFile /root/openlab.key
</VirtualHost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
创建文件
[root@A ~]# mkdir -p /www/openlab
[root@A ~]# echo this is https > /www/openlab/index.html
[root@A ~]# systemctl restart httpd --- 记得重启服务
测试
2.需要设置密码
[root@A ~]# openssl genrsa -aes128 2048 > openlab.key
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................................+++++
.........................................................+++++
e is 65537 (0x010001)
Enter pass phrase:123456
Verifying - Enter pass phrase:123456
[root@A ~]# openssl req -new -key openlab.key -x509 -days 365 -out openlab.crt
Enter pass phrase for openlab.key:123456
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:jiangsu
Locality Name (eg, city) [Default City]:nanjing
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server's hostname) []:host
Email Address []:adadmin
[root@A ~]# systemctl restart httpd
Enter TLS private key passphrase for 192.168.10.129:443 (RSA) : ******(123456)
https://192.168.10.129
注:同样要创建目录和文件,也要进行conf配置
基于虚拟目录登录
<VirtualHost 192.168.10.129:443>
ServerName 192.168.10.129
DocumentRoot /www/openlab
SSLEngine on
SSLCertificateFile /root/openlab.crt
SSLCertificateKeyFile /root/openlab.key
Alias /1 --- 虚拟路径 /haha --- 真实路径
#加载的是/www/openlab/1,但是实际上加载的是/www/openlab/haha
</VirtualHost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
<Directory /haha>
AllowOverride none
Require all granted
</Directory>
[root@A ~]# mkdir /haha
[root@A ~]# echo this is ooo > /haha/index.html
[root@A ~]# systemctl restart httpd
Enter TLS private key passphrase for 192.168.10.129:443 (RSA) : ****** (123456)
测试
https://192.168.10.129/1
基于用户登录
[root@A ~]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost 192.168.10.129:443>
ServerName 192.168.10.129
DocumentRoot /www/openlab
SSLEngine on
SSLCertificateFile /root/openlab.crt
SSLCertificateKeyFile /root/openlab.key
Alias /1 /haha
</VirtualHost>
<Directory /www>
AllowOverride none
Require all granted
</Directory>
<Directory /haha>
AllowOverride none
AuthType Basic
AuthName "please login......"
AuthUserfile /etc/httpd/users
Require user tom
</Directory>
添加第一个用户tom
[root@A ~]# htpasswd -c /etc/httpd/users tom
New password:123
Re-type new password:123
Adding password for user tom
添加第二个用户zhangsan
[root@A ~]# htpasswd /etc/httpd/users zhangsan
New password:321
Re-type new password:321
Adding password for user zhangsan
查看
[root@A ~]# cat /etc/httpd/users
tom:$apr1$QRz2E6so$I2008rqsifaGnO6IDYbNl0
zhangsan:$apr1$FgHSvJle$l7/D6NmlOIPT2XIAoIkF./
重启服务
[root@A ~]# systemctl restart httpd
Enter TLS private key passphrase for 192.168.10.129:443 (RSA) : ******123456
测试
https://192.168.10.129
用户访问自己界面
[root@A ~]# vim /etc/httpd/conf.d/vhost.conf
<VirtualHost 192.168.10.129:443>
ServerName 192.168.10.129
DocumentRoot /www/openlab
SSLEngine on
SSLCertificateFile /root/openlab.crt
SSLCertificateKeyFile /root/openlab.key
Alias /1 /haha
</VirtualHost>
<Directory /www>
AllowOverride none
<Requireall>
Require all granted
Require not ip 192.168.10.129
</Requireall>
</Directory>
<Directory /haha>
AllowOverride none
AuthType Basic
AuthName "please login......"
AuthUserfile /etc/httpd/users
Require user tom
</Directory>
重启服务
测试
curl -k https://192.168.10.129 --- -k 忽略安全文件
搭建动态网站
搭建论坛
关闭防火墙,selinux关闭,安装httpd
1.将‘’Discuz_X3.4_SC_UTF8_20191201.zip‘’导入到linux里
2.没有明文定义网站主标签,则默认在/var/www/html,将文件复制到此处
3.通过unzip解压
4.安装php相关软件 --- yum install php* -y
5.安装数据库 --- yum install mariadb-server -y 或者可以安装mysql
6.启动数据库 --- systemctl restart mariadb
7.初始化数据库mysql_secure_installation 注:一定要启动数据库之后再初始化
用户名写root,密码写redhat,然后一直yes即可
8.登录数据库 --- mysql -uroot-用户名 -predhat-密码
9.进入后 show databases; --- 查看已有数据库
create database luntan; --- 创建数据库
exit --- 退出
10.退出后重启数据库和http --- systemctl restart mariadb --- systemctl restart httpd
11.测试 http://192.168.10.129/upload --- 网页页面默认在upload
12.页面显示文件不存在,不可写,则要修改文件权限
chmod 777 ./uc_* config data -R --- 将uc里的文件和config和data全部递归修改权限为写权限
注:要先切换到 /var/www/html/upload 目录
13.安装数据库的时候,要修改数据库用户名为--- root,密码--- redhat,管理员密码自己设置
14.再 http://192.168.10.129/upload 则可以进入论坛的首页