基于虚拟目录和用户控制的web网站

基于虚拟目录和用户控制的web网站

搭建一个基于https://www.zuoye.com:22222访问的web网站，网站首页在/www/https/，内容为zuoye，可以根据https://www.zuoye.com:22222/mimi访问到的信息为mimi，该网站的实际内容在/www/secret，该网站的内容只有用户xiaoming能够查看。

首先在虚拟机中安装https服务

[root@localhost ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
[root@localhost ~]# yum install mod_ssl -y

然后创建对应目录，并定义网页内容

[root@localhost ~]# mkdir /www/https -v
mkdir: created directory '/www/https'
[root@localhost ~]# echo zuoye > /www/https/index.html
[root@localhost ~]# cat /www/https/index.html
zuoye
[root@localhost ~]# mkdir /www/secret -v
mkdir: created directory '/www/secret'
[root@localhost ~]# echo mimi >/www/secret/index.html
[root@localhost ~]# cat /www/secret/index.html
mimi

接下来定义配置文件/etc/httpd/conf.d/https.conf

[root@localhost ~]# vim /etc/httpd/conf.d/https.conf
listen 22222
<VirtualHost 192.168.136.140:22222>
    DocumentRoot /www/https
    ServerName www.zuoye.com
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/https.crt
    SSLCertificateKeyFile /etc/pki/tls/certs/https.key
    alias /mimi /www/secret
</VirtualHost>
    
<Directory /www/https>
    AllowOverride None
    Require all granted
</Directory>

<Directory /www/secret>
    authtype basic
    authname "please login:"
    authuserfile /etc/httpd/users
    AllowOverride None
    Require user xiaoming
</Directory>

创建用户和密码（多创建一个xiaohong用户方便测试）

[root@localhost ~]# htpasswd -c /etc/httpd/users xiaoming
New password:
Re-type new password:
Adding password for user xiaoming
[root@localhost ~]# htpasswd  /etc/httpd/users xiaohong
New password:
Re-type new password:
Adding password for user xiaohong

然后去生成密钥和证书（redhat8）

[root@localhost conf.d]# cd /etc/pki/tls/certs/
[root@localhost certs]# openssl genrsa -aes128 2048 > https.key
[root@localhost certs]# ls
ca-bundle.crt  ca-bundle.trust.crt  https.key
[root@localhost certs]# openssl req -utf8 -new -key https.key -x509 -days 365 -out https.crt -set_serial 0
Enter pass phrase for https.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:sc
Locality Name (eg, city) [Default City]:cd
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server's hostname) []:www.zuoye.com
Email Address []:admin@admin
[root@localhost certs]# ls
ca-bundle.crt  ca-bundle.trust.crt  https.crt  https.key

分别在虚拟机和Windows主机上添加域名

[root@localhost ~]# vim /etc/hosts
192.168.136.140 www.zuoye.com

C:\Windows\System32\drivers\etc\hosts
192.168.136.140 www.zuoye.com 

关闭selinux和防火墙，重启httpd服务

[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ****

最后测试

[root@localhost ~]# curl https://192.168.136.140:22222 -k
zuoye
[root@localhost ~]# curl https://www.zuoye.com:22222 -k
zuoye

xiaohong用户无法访问

xiaoming用户成功访问