1. 给openlab搭建web网站,基于域名www.openlab.com可以访问网站内容为“welcome to openlab!!!”
- 在服务器上安装Apache,启用并设置开机启动
[root@server ~]# yum install httpd -y
[root@server ~]# systemctl start httpd
[root@server ~]# systemctl enable httpd
- 将“welcome to openlab”写入网页文件 /var/www/html/index.html
[root@server ~]# echo 'welcome to openlab !!!' > /var/www/html/index.html
[root@server ~]# cat /var/www/html/index.html
welcome to openlab !!!
- 进入/etc/httpd/conf/httpd.conf 主配置文件进行配置
[root@server ~]# vim /etc/httpd/conf/httpd.conf
#在末尾添加如下配置
<VirtualHost 192.168.110.128>
DocumentRoot /var/www/html
ServerName "www.openlab.com"
<Directory /var/www/html>
AllowOverride none
require all granted
</Directory>
</VirtualHost>
- 关闭安全软件、防火墙,重启httpd服务
[root@server ~]# setenforce 0
[root@server ~]# systemctl stop firewalld
[root@server ~]# systemctl restart httpd
- 切换到客户端,进入 /etc/hosts文件,添加ip与域名的映射关系
[root@node ~]# vim /etc/hosts
#到末尾添加如下配置
192.168.110.128 www.openlab.com
- 进入客户端浏览器访问www.openlab.com测试
2.给openlab搭建web网站,给公司创建三个子界面分别显示学生信息、教学资料、缴费网站,基于www.openlab.com/student网站访问学生信息,www.openlab.com/data网站访问教学资料,www.openlab.com/money网站访问缴费网站.
- 在服务器目录文件/var/www/html下添加子网页文件student、data、money
[root@server ~]# echo 'student' > /var/www/html/student
[root@server ~]# echo 'data' > /var/www/html/data
[root@server ~]# echo 'money' > /var/www/html/money
- 到客户端路由器测试
3.学生信息网站只有song和tian两个人可以访问,其他用户不能访问;缴费网站实现数据基于https访问.
- 添加用户song和tian
[root@server ~]# useradd song
[root@server ~]# passwd song
更改用户 song 的密码 。
新的密码:
无效的密码: 密码少于 8 个字符
重新输入新的密码:
passwd:所有的身份验证令牌已经成功更新。
[root@server ~]# useradd tian
[root@server ~]# passwd tian
更改用户 tian 的密码 。
新的密码:
无效的密码: 密码少于 8 个字符
重新输入新的密码:
passwd:所有的身份验证令牌已经成功更新。
[root@server ~]#
- 增加用户密码访问控制
[root@server ~]# htpasswd -c /etc/httpd/passwd song
New password:
Re-type new password:
Adding password for user song
[root@server ~]# htpasswd /etc/httpd/passwd tian
New password:
Re-type new password:
Adding password for user tian
[root@server ~]# cat /etc/httpd/passwd
song:$apr1$EFFtvMja$VAhy57UmLl4OD3QY8u7ko.
tian:$apr1$h5UV9Td1$YbPhzMLsZNarhvsUbJoV/1
- 进入主配置文件 /etc/httpd/conf/httpd.conf 配置
[root@server ~]# vim /etc/httpd/conf/httpd.conf
#末尾添加配置如下
<Directory /var/www/html/student>
authuserfile "/etc/httpd/passwd"
authname "My privately website"
authtype basic
require user song tian
</Directory>
- 重启服务、测试
root@server ~]# systemctl restart httpd
输入song、tian账号密码即可访问
- 安装mod_ssl组件
[root@server ~]# yum install mod_ssl -y
- 在/etc/pki/tls/private目录下生成密钥文件
[root@server ~]# cd /etc/pki/tls/private/
[root@server private]# openssl genrsa -aes128 2048 > andy.key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
[root@server private]#
- 在目录/etc/pki/tls/certs下新建证书
[root@server private]# cd /etc/pki/tls/certs
[root@server certs]# openssl req -utf8 -new -key /etc/pki/tls/private/andy.key -x509 -days 365 -out andy.crt
Enter pass phrase for /etc/pki/tls/private/andy.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:RHCE
Organizational Unit Name (eg, section) []:RHCE
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:andy@qq.com
[root@server certs]#
- 进入主配置文件 /etc/httpd/conf/httpd.conf 配置
[root@server certs]# vim /etc/httpd/conf/httpd.conf
#末尾添加配置如下
<VirtualHost 192.168.110.128:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/andy.crt
SSLCertificateKeyFile /etc/pki/tls/private/andy.key
Servername "www.openlab.com"
DocumentRoot /var/www/html
</VirtualHost>
- 重启服务并输入密钥加密密码
root@server certs]# systemctl restart httpd
🔐 Enter TLS private key passphrase for www.openlab.com:443 (RSA) : ******
[root@server certs]#
- 在客户端浏览器输入https://www.openlab.com测试
点击高级接受风险继续访问
完成。