构建OpenLab网站及其子站权限管理与HTTPS加密
文章描述了如何基于www.openlab.com创建子站点,分别用于学生信息、教学资料和缴费,设置访问权限(如仅允许song和tian访问学生信息),以及为缴费网站启用HTTPS加密。教程包括配置Apache虚拟主机和使用htpasswd进行用户认证。
网站需求:
1.基于域名 www.openlab.com 可以访问网站内容为 welcome to openlab!!!
2.给该公司创建三个子界面分别显示学生信息,教学资料和缴费网站,
1、基于 www.openlab.com/student 网站访问学生信息,
2、基于 www.openlab.com/data 网站访问教学资料
3、基于 www.openlab.com/money 网站访问缴费网站。
3.要求
(1)学生信息网站只有 song 和 tian 两个用户可以访问,其他用户不能访问。
(2)访问缴费网站实现数据加密基于 https 访问。
一、创建openlab网站
vim /etc/httpd/conf.d/vhost0.conf
写配置文件
<directory /openlab>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.36.130:80>
servername www.openlab.com
documentroot /openlab
</virtualhost>
创建/openlab文件,并写入index.html文件
mkdir /openlab
echo welcome to openlab > /openlab/index.html
运行
在/openlab下创建/student文件,并写入index.html文件
mkdir /openlab/student
echo welcome to student > /student/index.html
写配置文件
<directory /openlab>
allowoverride none
require all granted
</directory>
<directory /openlab/student>
authtype basic
authname "please login: "
authuserfile /etc/httpd/user
require user song tian
</directory>
<virtualhost 192.168.36.130:80>
servername www.openlab.com/student
documentroot /openlab
alias /student /openlab/student
</virtualhost>
创建两个用户
htpasswd -c /etc/httpd/student song
New password:
Re-type new password:
##Adding password for user song
htpasswd /etc/httpd/student tian
New password:
Re-type new password:
##Adding password for user tian
三、编辑/data网站
在/openlab下创建/datat文件,并写入index.html文件
mkdir /openlab/data
"welcom to data > /data/index.html
写配置文件、
<directory /openlab>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.36.130:80>
servername www.openlab.com
documentroot /openlab
alias /openlab /openlab/data
</virtualhost>
运行
三、编辑/money网站
在/openlab下创建/datat文件,并写入index.html文件
mkdir /openlab/money
welcome to money > /money/index.html
加密
[root@localhost money]# cd /etc/pki/tls/certs
[root@localhost certs]# openssl genrsa > gsy.key
[root@localhost certs]# ll
total 12
lrwxrwxrwx. 1 root root 49 Jul 29 2022 ca-bundle.crt -> /etc/pki/ca-t rust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Jul 29 2022 ca-bundle.trust.crt -> /etc/pk i/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1704 Nov 13 14:57 gsy.key
-rw-r--r--. 1 root root 1367 Nov 11 20:55 jiami.crt
-rw-r--r--. 1 root root 3980 Nov 11 20:55 localhost.crt
[root@localhost certs]# openssl req -utf8 -new -key gsy.key -x509 -days 100 -out chs.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:cq
Locality Name (eg, city) [Default City]:cq
Organization Name (eg, company) [Default Company Ltd]:cq
Organizational Unit Name (eg, section) []:ce
Common Name (eg, your name or your server's hostname) []:www.openlab.com 你要访问的文件
Email Address []:admin@123
[root@localhost certs]# ll
total 16
lrwxrwxrwx. 1 root root 49 Jul 29 2022 ca-bundle.crt -> /etc/pki/ca-t rust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Jul 29 2022 ca-bundle.trust.crt -> /etc/pk i/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r--. 1 root root 1399 Nov 13 14:59 gsy.crt
-rw-r--r--. 1 root root 1704 Nov 13 14:57 gsy.key
-rw-r--r--. 1 root root 1367 Nov 11 20:55 jiami.crt
-rw-r--r--. 1 root root 3980 Nov 11 20:55 localhost.crt
[root@localhost certs]# mv chs.key ../private/ 将.key文件移动到private目录下面
写配置文件
<directory /openlab>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.36.130:443>
servername www.openlab.com
documentroot /openlab
alias /money /openlab/money
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/gsy.crt
SSLCertificateKeyFile /etc/pki/tls/private/gsy.key
</virtualhost>
运行
扫一扫
499
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
