华子目录
- 实验要求
- 实验步骤
实验要求
- 组建多个子目录网站
www.openlab.com,该网站有2个子目录www.openlab.com/sxhkt和www.openlab.com/zy www.openlab.com/sxhkt使用http读取www.openlab.com/zy使用https读取
实验步骤
- 准备工作
[root@server ~]# setenforce 0
[root@server ~]# systemctl stop firewalld
[root@server ~]# systemctl disable firewalld
[root@server ~]# yum install nginx -y
[root@server ~]# systemctl start nginx
[root@server ~]# systemctl enable nginx
- 创建网页目录
[root@server ~]# mkdir -p /www/sxhkt
[root@server ~]# mkdir -p /www/zy
#使用mobaxterm上传网页数据
- Windows端建立本地hosts域名映射
- 建立
sxhkt的http网站
[root@server ~]# vim /etc/nginx/nginx.conf
server {
listen 80;
listen [::]:80;
server_name www.openlab.com;
location /sxhkt {
alias /www/sxhkt;
index index.html index.htm;
}
return 301 https://www.openlab.com; #输入http跳转到https
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
- 建立
zy的https网站
#先制作私钥
#在/etc/nginx目录下制作证书所用的私钥文件zy.key
[root@server ~]# openssl genrsa -aes128 2048 > /etc/nginx/zy.key
Enter PEM pass phrase: #输入加密私钥的密码12345
Verifying - Enter PEM pass phrase: #再输一遍
#再制作证书 (证书需要用CA的私钥进行加密,所以在制作证书之前先制作私钥,证书中含有网站的公钥)
[root@server ~]# openssl req -utf8 -new -key /etc/nginx/zy.key -x509 -days 365 -out /etc/nginx/zy.crt
Enter pass phrase for /etc/nginx/sxhkt.key: #输入加密私钥的密码12345
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86 #国家代码
State or Province Name (full name) []:shanxi #省份
Locality Name (eg, city) [Default City]:xian #城市
Organization Name (eg, company) [Default Company Ltd]:openlab #公司
Organizational Unit Name (eg, section) []:rhce #部门
Common Name (eg, your name or your server's hostname) []:server #主机名
Email Address []:and@qq.com #邮箱
#在加载ssl支持的nginx并使用上述私钥时必须去除设置的私钥密码12345
[root@server ~]# cd /etc/nginx
[root@server nginx]# cp zy.key zy.key.org #先做备份
[root@server nginx]# openssl rsa -in zy.key.org -out zy.key #去除密码
Enter pass phrase for sxhkt.key.org: #输入加密私钥的密码12345
writing RSA key
[root@server ~]# vim /etc/nginx/nginx.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.openlab.com;
location /zy {
alias /www/zy;
index index.html index.htm;
}
ssl_certificate "/etc/nginx/zy.crt";
ssl_certificate_key "/etc/nginx/zy.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
- 重启服务,测试
[root@server ~]# systemctl restart nginx
#在Windows端浏览器上输入www.openlab.com/sxhkt和www.openlab.com/zy,其中www.openlab.com/zy会跳转到https://www.openlab.com/zy
