目标:
1、域名为www.haha.com,可访问的网站内容为 welcome to haha!!
2、给该公司创建三个虚拟网站目录、/data(数据)、/student(学生)、/money(缴费)
3、基于www.haha.com/student 网站访问学生网站、基于www.haha.com/data访问数据网站、基于www.haha.com/money 访问缴费网站
4、学生和缴费网站都可以访问,数据网站只有zhangsan、lisi可以访问
5、缴费网站实现数据加密基于 HTTPS 访问
1、配置yum源,挂载、安装httpd、mod_ssl包
[root@localhost ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.5 (Maipo)
[base]
name=base
baseurl=file:///mnt
gpgcheck=0
enable=1
[root@localhost ~]# mount /dev/sr0 /mnt/
[root@localhost ~]# yum install httpd -y #http安装包
[root@localhost ~]# yum install mod_ssl.x86_64 -y #ssl安装包
2、关闭seLinux和防火墙
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
3、创建认证
[root@localhost certs]# pwd
/etc/pki/tls/certs
[root@localhost certs]# make haha.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > haha.key
Generating RSA private key, 2048 bit long modulus
............................................+++
...........................................................................................+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key haha.key -x509 -days 365 -out haha.crt
Enter pass phrase for haha.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:cn
Locality Name (eg, city) [Default City]:x'a
Organization Name (eg, company) [Default Company Ltd]:haha
Organizational Unit Name (eg, section) []:haha
Common Name (eg, your name or your server's hostname) []:haha
Email Address []:localhost@root.com
认证信息填写完成后:
[root@localhost certs]# ll
创建的ca认证(基于本地)
-rw-------. 1 root root 1367 8月 4 17:01 haha.crt
-rw-------. 1 root root 1766 8月 4 17:00 haha.key
4、配置虚拟主机文件
[root@localhost ~]# vim /etc/httpd/conf.d/vhost.conf #虚拟文件/(自己命名)
<directory /haha>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.218.100:80>
servername www.haha.com
documentroot /haha
documentroot /haha/student
</virtualhost>
<directory /haha/data>
authtype basic
authname "please login!!!"
authuserfile /etc/httpd/mysecret
require user zhangsan lisi
</directory>
<virtualhost 192.168.218.100:443>
servername www.haha.com/money
documentroot /haha/money
SSLEngine on
SSLProtocol all -SSLv2
SSLcipherSuite HIFH:MEDIUM:!aNILL:!MD5:!SEED:!IDEA
SSlCertificateFile /etc/pki/tls/certs/haha.crt
SSLcertificateKeyFile /etc/pki/tls/certs/haha.key
</virtualhost>
5、目录信息
[root@localhost ~]# mkdir /haha
[root@localhost ~]# cd /haha/
[root@localhost haha]# mkdir data
[root@localhost haha]# mkdir student
[root@localhost haha]# mkdir money
[root@localhost haha]# vim /haha/index.html
welcome to haha!!
[root@localhost ~]# htpasswd -c /etc/httpd/mysecret zhangsan
New password:
Re-type new password:
Adding password for user zhangsan
[root@localhost ~]# htpasswd /etc/httpd/mysecret lisi
New password:
Re-type new password:
Adding password for user lisi
6、重启服务
[root@localhost ~]# systemctl restart httpd.service
Enter SSL pass phrase for www.haha.com/money:443 (RSA) : ******
配置本地域名解析文件:
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.218.100 www.haha.com