RHCE

综合练习：请给openlab搭建web网站

网站需求：

1.基于域名www.openlab.com可以访问网站内容为welcome to openlab!!!

2.给该公司创建三个子界面分别显示学生信息，教学资料和缴费网站，基于，www.openlab.com/data网站访问学生资料www.openlab.com/money网站访问缴费网站。

3.要求

（1）学生信息网站只有song和tian两人可以访问，其他用户不能访问。

（2）访问缴费网站实现数据加密基于https访问。

第一：准备工作

#安装软件
[root@server ~]# yum install httpd mod_ssl -y

#hosts映射
[root@server ~]# vim /etc/hosts

192.168.62.129  www.openlab.com

第二：创建www.openlab.com网站

#创建目录及网页
[root@server ~]# mkdir -p /www/openlab
[root@server ~]# echo 'welcome to openlab' > /www/openlab/index.html
[root@server ~]# vim /etc/httpd/conf/httpd.conf 
<VirtualHost 192.168.62.129>
        Documentroot /www/openlab
        Servername      "www.openlab.com"
        <Directory /www/openlab>
                Allowoverride none
                require all granted
        </Directory>
</Virtualhost>

#
[root@server ~]# systemctl restart httpd

linux端进行测试输入www.openlab.com

第三：创建教学资料子网站www.openlab.com/data

[root@server ~]# mkdir /www/openlab/data
[root@server ~]# echo 'data' > /www/openlab//data/index.html
[root@server ~]# vim /etc/httpd/conf/httpd.conf 
<Virtualhost 192.168.62.129>
        Documentroot /www/openlab/data
        alias   /data /www/openlab/data
        Servername "www.openlab.com"
        <Directory /www/openlab/data>
                Allowoverride none
                require all granted
        </Directory>
</Virtualhost>
[root@server ~]# systemctl restart httpd
[root@server ~]# 

 linux端输入www.openlab.com/data/

第四：创建学生信息子网站www.openlab.com/student

学生信息网站只有song和tian两人可以访问，其他用户不能访问。

[root@server ~]# mkdir /www/openlab/student
[root@server ~]# echo 'student' > /www/openlab/student/index.html

创建用户song和tian

[root@server ~]# useradd song
[root@server ~]# passwd song
更改用户 song 的密码 。
新的密码： 
无效的密码： 密码少于 8 个字符
重新输入新的密码： 
passwd：所有的身份验证令牌已经成功更新。
[root@server ~]# useradd tian
[root@server ~]# passwd tian
更改用户 tian 的密码 。
新的密码： 
无效的密码： 密码少于 8 个字符
重新输入新的密码： 
passwd：所有的身份验证令牌已经成功更新。

[root@server ~]# htpasswd -c /etc/httpd/passwd song
New password: 
Re-type new password: 
Adding password for user song
[root@server ~]# htpasswd /etc/httpd/passwd tian
New password: 
Re-type new password: 
Adding password for user tian
[root@server ~]# vim /etc/httpd/conf/httpd.conf 

<Directory /www/openlab/student>
        authuserfile /etc/httpd/passwd
        authname "student"
        authtype basic
        require user    song    tian
</Directory>
[root@server ~]# systemctl restart httpd
[root@server ~]# 

# linux端浏览器输入www.openlab.com/student

​

第五：创建缴费子网站www.openlab.com/money

访问缴费网站实现数据加密基于https访问

[root@server ~]# mkdir /www/openlab/money
[root@server ~]# echo 'money' > /www/openlab/money/index.html
[root@server ~]# openssl genrsa -aes128 2048 > /etc/pki/tls/private/money.key
Enter PEM pass phrase:   #私钥加密密码123456
Verifying - Enter PEM pass phrase:
[root@server ~]# openssl req -utf8 -new -key /etc/pki/tls/private/money.key -x509 -days 365 -out /etc/pki/tls/certs/money.crt
Enter pass phrase for /etc/pki/tls/private/money.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----	#证书信息
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:RHCE
Common Name (eg, your name or your server's hostname) []:www.openlab.com
Email Address []:andy@openlab.com     
[root@server ~]# 


[root@server ~]# vim /etc/httpd/conf/httpd.conf 

<virtualhost 192.168.62.129:443>
        sslengine on
        SSLcertificatefile      /etc/pki/tls/certs/money.crt
        SSLcertificatekeyfile   /etc/pki/tls/private/money.key
        documentroot    /www/openlab
        alias   /money  /www/openlab/money
        servername      'www.openlab.com'
        <directory /www/openlab/money>
                allowoverride   none
                require all     granted
        </directory>
</virtualhost>
[root@server ~]# systemctl restart httpd
🔐 Enter TLS private key passphrase for www.openlab.com:443 (RSA) : ******     #输入私钥加密密码123456             
[root@server ~]# 

 linux输入https://www.openlab.com/money

 

点击高级并继续访问