目录
[root@localhost node2]# systemctl stop firewalld
[root@localhost node2]# setenforce 0
服务器端:在linux上面实现网页服务器需要Apache这套服务器软件,httpd提供Apache主程序 http://httpd.apache.org/docs/2.4/ 安装软件:httpd
服务端:192.168.17.172
客户端:主机
[root@localhost node2]# mount /dev/sr0 /mnt/
[root@localhost node2]# vim /etc/yum.repos.d/web.repo
[BaseOS]
name=BaseOS
baseurl=file:///mnt/BaseOS
gpgcheck=0
?
[AppStream]
name=AppStream
baseurl=file:///mnt/AppStream
gpgcheck=0
[root@localhost node1]# dnf install httpd -y
[root@localhost ~]# rpm -ql httpd
[root@localhost httpd]# tree /etc/httpd
/etc/httpd
├── conf
│ ├── httpd.conf
│ └── magic
├── conf.d
│ ├── autoindex.conf
│ ├── README
│ ├── userdir.conf
│ └── welcome.conf
├── conf.modules.d
│ ├── 00-base.conf
│ ├── 00-dav.conf
│ ├── 00-lua.conf
│ ├── 00-mpm.conf
│ ├── 00-proxy.conf
│ ├── 00-systemd.conf
│ └── 01-cgi.conf
├── logs -> ../../var/log/httpd
├── modules -> ../../usr/lib64/httpd/modules
└──
run -> /run/httpd
[root@localhost node2]# yum install mod_ssl -y
[root@localhost node2]# vim /etc/httpd/conf.d/vhost.conf
<Directory /www>
? ? ? AllowOverride none
? ? ? Require all granted
</Directory>
?
<VirtualHost 192.168.17.172:80>
? ? ? ServerName www.openlab.com
? ? ? DocumentRoot /www/openlab
</VirtualHost>
[root@localhost node2]# mkdir /www/openlab -pv
[root@localhost node2]# echo ‘welcome to openlab!!!’ > /www/openlab/index.html
[root@localhost node2]# cat /www/openlab/index.html
welcome to openlab!!!
[root@localhost node2]# systemctl restart httpd
[root@localhost node2]# vim /etc/hosts
[root@localhost node2]# curl www.openlab.com
[root@localhost node2]# mkdir /www/openlab/student
[root@localhost node2]# echo this is student information > /www/openlab/student/index.html
[root@localhost node2]# curl www.openlab.com/student/
this is student information
要求 :学生信息网站只有song和tian两人可以访问,其他用户不能访问。
[root@localhost node2]# vim /etc/httpd/conf.d/vhost.conf
<Directory /www/openlab/student>
? ? ? AuthType Basic
? ? ? AuthName "......"
? ? ? AuthUserFile /etc/httpd/users
? ? ? Require user song tian
</Directory>
[root@localhost node2]# htpasswd -c /etc/httpd/users song
输入密码
#再次添加不需要-c
[root@localhost node2]# htpasswd /etc/httpd/users tian
输入密码
[root@localhost node2]# systemctl restart httpd
[root@localhost node2]# curl www.openlab.com/student/ -u song
Enter host password for user 'song':
this is student information
[root@localhost node2]# curl www.openlab.com/student/ -u tian
Enter host password for user 'tian':
this is student information
除了认证的两个外全部认证失败
在浏览器测试更加直观
[root@localhost node2]# mkdir /www/openlab/data
[root@localhost node2]# echo this is instructional material > /www/openlab/data/index.html
[root@localhost node2]# curl www.openlab.com/data/
[root@localhost node2]# mkdir /www/openlab/money
[root@localhost node2]# echo this is Payment website > /www/openlab/money/index.html
[root@localhost node2]# curl www.openlab.com/data/
要求:访问缴费网站实现数据加密基于https访问。
[root@localhost node2]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout /etc/pki/tls/private/money.key -x509 -days 365 -out /etc/pki/tls/certs/money.crt
openssl req
: 这是OpenSSL命令行工具的一个子命令,用于生成证书签名请求(CSR)。
-newkey rsa:4096
: 这表示生成一个新的RSA密钥对,密钥长度为4096位。
-nodes
: 这表示不使用密码保护私钥。
-sha256
: 这表示使用SHA-256算法对证书进行签名。
-keyout /etc/pki/tls/private/money.key
: 这表示将生成的私钥保存到/etc/pki/tls/private/money.key
文件中。
-x509
: 这表示生成一个X.509格式的证书。
-days 365
: 这表示证书的有效期限为365天。
-out /etc/pki/tls/certs/money.crt
: 这表示将生成的证书保存到/etc/pki/tls/certs/money.crt
文件中。
[root@localhost node2]# vim /etc/httpd/conf.d/vhost.conf
<Directory /1/2>
? ? ? AllowOverride none
? ? ? Require all granted
</Directory>
?
<VirtualHost 192.168.17.172:443>
? ? ? ServerName www.openlab.com/money
? ? ? DocumentRoot /www
? ? ? Alias /money /1/2 ?#加密子界面
? ? ? SSLEngine on
? ? ? SSLCertificateFile /etc/pki/tls/certs/money.crt
? ? ? SSLCertificateKeyFile /etc/pki/tls/private/money.key
</VirtualHost>
[root@localhost node2]# mkdir /1/2/ -pv
mkdir: created directory '/1'
mkdir: created directory '/1/2/'
[root@localhost node2]# echo this is money > /1/2/index.html
[root@localhost node2]# systemctl restart httpd
[root@localhost node2]# curl https://www.openlab.com/money/ -k
完成!!!