为openlab搭建web网站

最新推荐文章于 2025-12-16 16:18:28 发布

原创最新推荐文章于 2025-12-16 16:18:28 发布 · 144 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#服务器 #linux #ssl

该文指导如何在Linux服务器上停止firewalld服务，关闭SELinux，安装httpd和mod_ssl模块。接着创建www.openlab.com网站并设置欢迎页面。然后，为公司创建了student、data和money三个子目录，分别显示学生信息、教学资料和缴费网站，并限制只有song和tian两个用户可以访问。最后，详细介绍了如何生成私钥和证书，实现www.openlab.com/money网站的HTTPS加密访问。

准备工作

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install mod_ssl -y
[root@localhost ~]# yum install httpd -y

一、基于域名www.openlab.com可以访问网站内容为welcome to openlab!!!

写入welcome to openlab!

[root@localhost certs]# echo welcome to openlab! > /openlab/index.html
[root@localhost certs]# systemctl start httpd
[root@localhost certs]# cat /openlab/index.html
welcome to openlab!

测试

二、给该公司创建三个界面分别显示学生信息，教学资料和缴费网站，基于www.openlab.com/student网站访问学生信息, www.openlab.com/data网站访问教学资料, www.openlab.com/money网站访问缴费网站。

要求：1.只允许song和tian访问

2.访问缴费网站实现数据加密基于https访问

1.创建用户song和tian

[root@localhost certs]# htpasswd -c /etc/httpd/user tian
New password: 
Re-type new password: 
Adding password for user tian
[root@localhost certs]# htpasswd -c /etc/httpd/user song
New password: 
Re-type new password: 
Adding password for user song

2.创建student、data、money三个目录并将内容写入index.com


[root@localhost ~]# mkdir -p /www/openlab/student
[root@localhost ~]# mkdir -p /www/openlab/data
[root@localhost ~]# mkdir -p /www/openlab/money
[root@localhost ~]# echo student > /www/openlab/student/index.html
[root@localhost ~]# echo data > /www/openlab/data/index.html
[root@localhost ~]# echo money > /www/openlab/money/index.html

3.修改主配置文件 /etc/httpd/conf.d/userdir.conf

[root@localhost certs]# vim /etc/httpd/conf.d/userdir.conf

4.测试

三、访问缴费网站实现数据加密基于https访问

1、再/etc/pki/tls/private下生成私钥文件

[root@localhost certs]# cd /etc/pki/tls/private  #进入存储私钥文件目录
[root@localhost private]# openssl genrsa -aes128 2048 > money.key  #建立私钥
Enter PEM pass phrase:    #输入密码
Verifying - Enter PEM pass phrase:  #再次输入密码

2、在/etc/pki/tls/certs下建立新证书

[root@localhost private]# cd /etc/pki/tls/certs/
[root@localhost certs]# openssl req -utf8 -new -key /etc/pki/tls/private/money.key  -x509 -days 365 -out money.crt
Enter pass phrase for /etc/pki/tls/private/money.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xi'an
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:rhce
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:money@qq.com

注意：输入证书信息时必须一次性输对，不能退格删除

3、编制主配置文件

</VirtualHost 192.168.220.130:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/money.crt
        SSLCertificateKeyFile /etc/pki/tls/private/money.key
        ServerName www.openlab.com
        DocumentRoot /www/openlab/money
</VirtualHost>
</Directory /www/openlab/money>
        AllowOverride none
        Require all granted
</Directory>