web搭建和nfs

一、web服务器搭建
1、基于域名[www.openlab.com](http://www.openlab.com)可以访问网站内容为 welcome to openlab!!!

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/nginx/conf.d/openlab.conf
server {
? ? ? ? listen 192.168.81.130:80;
? ? ? ? root /www/openlab;
? ? ? ? server_name www.openlab.com;
? ? ? ? location / {
? ? ? ? }
}
[root@localhost ~]# mkdir /www/openlab -pv
mkdir: 已创建目录 '/www/openlab'
[root@localhost ~]# echo welcom to openlab\!\!\! > /www/openlab/index.html
[root@localhost ~]# vim /etc/hosts
192.168.81.130 www.openlab.com
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# curl www.openlab.com
welcom to openlab!!!

2、给该公司创建三个子界面分别显示学生信息，教学资料和缴费网站，基于http://www.openlab.com/student 网站访问学生信息，
http://www.openlab.com/data网站访问教学资料，
http://www.openlab.com/money网站访问缴费网站。

[root@localhost ~]# mkdir /www/openlab/student
[root@localhost ~]# mkdir /www/openlab/data
[root@localhost ~]# mkdir /www/openlab/money
[root@localhost ~]# echo data >/www/openlab/data/index.html
[root@localhost ~]# echo student >/www/openlab/student/index.html
[root@localhost ~]# echo money >/www/openlab/money/index.html
[root@localhost ~]# curl www.openlab.com/data/
data
[root@localhost ~]# curl www.openlab.com/student/
student
[root@localhost ~]# curl www.openlab.com/money/
money

3、学生信息网站只有song和tian两人可以访问，其他用户不能访问

[root@localhost ~]# vim /etc/nginx/conf.d/openlab.conf
server {
        listen 192.168.81.130:80;
        root /www/openlab;
        server_name www.openlab.com;
        location /student {
                alias /www/openlab/stuent;
                auth_basic on;
                auth_basic_user_file  /etc/nginx/users;
        }
}
[root@localhost ~]# htpasswd -c /etc/nginx/user song
[root@localhost ~]# htpasswd /etc/nginx/user tian
New password: 
Re-type new password: 
Adding password for user tian
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# curl www.openlab.com/student -u song:123

4、访问缴费网站实现数据加密基于https访问

[root@localhost ~]# vim /etc/nginx/conf.d/openlab.conf
server {
        listen 192.168.81.130:443 ssl;
        root /www;
        server_name www.openlab.com;
        location / {
        }
        ssl_certificate "/etc/pki/tls/certs/openlab.crt";
        ssl_certificate_key "/etc/pki/tls/private/openlab.key";
}
[root@localhost ~]# mkdir /www/money
[root@localhost ~]# echo money > /www/money/index.html
#生成证书和密钥文件
[root@localhost ~]# openssl  genrsa  -out  /etc/pki/tls/private/openlab.key
[root@localhost ~]# openssl req -utf8 -new -key /etc/pki/tls/private/openlab.key  -x509 -days 365 -out /etc/pki/tls/certs/openlab.crt 
[root@localhost ~]# systemctl restart nginx
[root@localhost ~]# curl www.openlab.com/money/ -k

二、nfs

1、开放/nfs/shared目录，供所有用户查询资料

[root@localhost ~]# yum install nfs-utils
[root@localhost ~]# vim /etc/exports
/nfs/shared     *(ro)
[root@localhost ~]# mkdir /nfs/shared -pv
mkdir: 已创建目录 '/nfs'
mkdir: 已创建目录 '/nfs/shared'
[root@localhost ~]# touch /nfs/shared/{1..5}
[root@localhost ~]# ll /nfs/shared/ -d
drwxr-xr-x. 2 root root 4096  1月21日 20:28 /nfs/shared/

2、开放/nfs/upload目录，为192.168.xxx.0/24网段主机可以上传目录，并将所有用户及所属的组映射为nfs-upload,其UID和GID均为210

[root@localhost ~]# vim /etc/exports
/nfs/upload     192.168.81.0/24(rw,all_squash,anonuid=210,anongid=210)
[root@localhost ~]# mkdir /nfs/upload/{1..5} -pv
[root@localhost ~]# ll -d /nfs/upload/
drwxr-xr-x. 7 root root 4096  1月21日 20:35 /nfs/upload/
[root@localhost ~]# chmod o+w /nfs/upload
[root@localhost ~]# ll -d /nfs/upload/
drwxr-xrwx. 7 root root 4096  1月21日 20:35 /nfs/upload/
[root@localhost ~]# useradd -r -u 210 nfs-upload
[root@localhost ~]# id nfs-upload
uid=210(nfs-upload) gid=210(nfs-upload) 组=210(nfs-upload)

3、将/home/tom目录仅共享给192.168.xxx.xxx这台主机，并只有用户tom可以完全访问该目录

[root@localhost ~]# useradd tom
[root@localhost ~]# id tom
uid=1001(tom) gid=1001(tom) 组=1001(tom)
 
 
[root@131 ~]# mount 192.168.81.130:/nfs/shared /1
[root@131 ~]# mount 192.168.81.130:/nfs/upload /2
[root@131 ~]# mount 192.168.81.130:/home/tom /3
[root@131 ~]# useradd -u 1001 tom
[root@131 ~]# su - tom