网站需求:
1.基于域名[www.openlab.com]可以访问网站内容为 welcome to openlab!!!
2.给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,基于[www.openlab.com/student] 网站访问学生信息
[www.openlab.com/data]网站访问教学资料
[www.openlab.com/money]网站访问缴费网站
3.要求
(1)学生信息网站只有song和tian两人可以访问,其他用户不能访问。
(2)访问缴费网站实现数据加密基于https访问。
1.前提配置 关防火墙 关selinux
实验环境基于OpenEler Linux 搭建网站IP地址为192.168.188.129
[root@OpenElur ~]# systemctl stop firewalld
[root@OpenElur ~]# setenforce 0
2.安装web服务程序nginx
[root@localhost ~]# yum install -y httpd
3.配置nginx文件
实现基于域名基于域名[www.openlab.com]访问网站
[root@OpenElur ~]# vim /etc/nginx/conf.d/test_name.conf
配置结果如下
server{
listen 192.168.188.129:80;
root /www/name/openlab;
server_name www.openlab.com;
location / {
}
}
//写入所要展示的信息
[root@OpenElur ~]# echo welcome openlab!!!!! > /www/name/openlab/index.html
还需要配置域名解析
[root@OpenElur ~]# cat /etc/hosts
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
192.168.188.129 www.openlab.com//写入当前主机IP和域名配置
[root@OpenElur ~]# curl www.openlab.com //检验实验结果1
welcome to openlab!!!!!
创建子网站及信息以及限制用户访问
配置nginx中alias的基本文件实现子网站访问
[root@OpenElur ~]# vim /etc/nginx/conf.d/test_alias.conf
//配置结果如下
server{
listen 192.168.188.129:80;
root /www/name/openlab;
server_name www.openlab.com;
location /student{
alias /openlab/student/;
auth_basic on;//启动用户控制
auth_basic_user_file /etc/nginx/users;//调用用户验证的文件夹
}
location /date{
alias /openlab/date/;
}
location /money{
alias /openlab/money/;
}
}
创建可访问的用户和密码文件
[root@node1 ~]# htpasswd -c /etc/nginx/users song
New password:
Re-type new password:
Adding password for user tom
[root@node1 ~]# htpasswd /etc/nginx/users tian
New password:
Re-type new password:
Adding password for user tom
创建供访问网站的文件并且写入信息
[root@node1 ~]# mkdir /openlab/student -pv
[root@node1 ~]# echo student > /openlab/student/index.html
[root@node1 ~]# mkdir /openlab/date -pv
[root@node1 ~]# echo date > /openlab/date/index.html
[root@node1 ~]# mkdir /openlab/money -pv
[root@node1 ~]# echo money > /openlab/money/index.html
//检验实验2结果
[root@OpenElur ~]# curl http://www.openlab.com/date/
date
https加密缴费网站
[root@OpenElur ~]# vim /etc/nginx/conf.d/test_https.conf
//配置结果如下
server{
listen 192.168.188.129:443 ssl;
root /openlab/money/;
ssl_certificate /etc/pki/tls/certs/openlab.crt;
ssl_certificate_key /etc/pki/tls/private/openlab.key;
location /{
index index.html
}
}
[root@OpenElur ~]# openssl req -utf8 -new -key openlab.key -x509 -days 365 -out openlab.crt
Could not read private key from openlab.key
[root@OpenElur ~]# openssl genrsa -out /etc/pki/tls/private/openlab.key
[root@OpenElur ~]# openssl req -utf8 -new -key /etc/pki/tls/private/openlab.key -x509 -days 365 -out /etc/pki/tls/certs/openlab.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:86
State or Province Name (full name) [Some-State]:chengdu
Locality Name (eg, city) []:sc
Organization Name (eg, company) [Internet Widgits Pty Ltd]:open
Organizational Unit Name (eg, section) []:ce
Common Name (e.g. server FQDN or YOUR name) []:rjw
Email Address []:admin
[root@OpenElur ~]# curl https://www.openlab.com/money/ -k
[root@OpenElur ~]# money//实验结果验证3