Table of Contents
Foreword:
1. Based on the domain name www.openlab.com, you can access the website and the content is welcome to openlab! ! !
analyze:
Related configuration:
2. Create three website directories for the company to display student information, teaching materials and payment websites respectively. Based on www.openlab.com/student website to access student information, www.openlab.com/data website to access teaching materials, www.openlab.com /money website to access the payment website.
analyze:
Related configuration:
3. Requirements (1) Only song and tian can access the student information website, and all users of other websites can access it. (2) Access the payment website to implement data encryption based on https access.
analyze:
Related configuration:
4. Troubleshooting ideas
Foreword:
Before we do relevant web configuration on the Linux host, we first need to check whether our host has the HTTP service installed. During configuration, we need to check whether the firewall and selinux of our host are turned off. These basic operations will affect whether we can succeed in the future. Deploy related services.
1. Turn off the firewall and selinux systemctl stop/disable firewalld close/permanently close the firewall setenforce 0 turns off selinux 2. Check whether the host has installed HTTP and HTTPS related services rpm -qa | grep http If not installed: yum install mod_ssl httpd -y
1. The content of the website that can be accessed based on the domain name www.openlab.com is welcome to openlab! ! !
Analysis:
To access the website based on the domain name, we need to pay attention to writing the corresponding domain name in the configuration, and add the resolution information of our corresponding domain name in the Linux host/etc/hosts file. If we want to achieve domain name access in the Windows host browser, we We also need to add the configured dns information to the relevant configuration file hosts, but we do not have this permission on win10 and win11 hosts, so we can use the IP address to access.
Related configuration:
1. Create http configuration file touch /etc/httpd/conf.d/vhosts.conf 2. Edit related configurations vim /etc/httpd/conf.d/vhosts.conf Related configuration: <VirtualHost 192.168.95.129:80> DocumentRoot /www/openlab ServerName www.openlab.com </VirtualHost> <Directory /www/openlab> #This directory is the file recognized by the http service. This can be customized. AllowOverride none Require all granted </Directory> 3. Write website content into relevant files mkdir /www/openlab echo welcome to openlab !!! > /www/openlab/index.html 4. Add domain name resolution information to the /etc/hosts file vim /etc/hosts 192.168.95.129 www.openlab.com 5. Restart the httpd service systemctl restart httpd 6. Check whether the test is successful curl http://www.openlab.com
If the test result is this, it means the configuration is successful.
2. Create three website directories for the company to display student information, teaching materials and payment websites respectively. Access student information based on www.openlab.com/student website, www.openlab .com/data website to access teaching materials,
Visit the payment website at www.openlab.com/money.
Analysis:
Based on the first question, we need to configure an alias for the company’s website to achieve the above requirements.
Related configuration:
1. Change the configuration file (because there are three websites, we need to add three aliases and give corresponding permissions): vim /etc/httpd/conf.d/vhosts.conf <VirtualHost 192.168.95.129:80> DocumentRoot /www/openlab ServerName www.openlab.com alias /student /xuni/student #The following three configurations are to add aliases alias /data /xuni/data alias /money /xuni/money </VirtualHost> <Directory /www/openlab> AllowOverride none Require all granted </Directory> <Directory /xuni> (give the corresponding file location and permissions) allowOverride none Require all granted </Directory> 2. Create the corresponding directory and write the index.html file: mkdir /xuni/{student,data,money} -pv echo this is student > /xuni/student/index.html echo this is data > /xuni/data/index.html echo this is money > /xuni/money/index.html 3. Restart the http service and test systemctl restart httpd curl http://www.openlab.com/student/ curl http://www.openlab.com/data/ curl http://www.openlab.com/money/
If the test result is this, it means the configuration is successful.
3. Requirements ( 1) The student information website can only be accessed by song and tian, and all users of other websites can access it.
(2) Access the payment website to implement data encryption based on https access.
Analysis:
(1) To implement a student information website that only two users, song and tian, can access, then we need to add user verification. First we need to create a user and password, and then change the configuration file. Note that we need to correspond to the student information website Add access control to the configuration file.
(2) If we access an encrypted website based on https, we need to self-sign a certificate to be trusted by the accessing host. Others can be configured according to relevant requirements.
Related configuration:
(1) 1. Add user information, enter the command and then enter the password according to the prompts. htpasswd -c /etc/httpd/users song htpasswd /etc/httpd/users tian htpasswd /etc/httpd/users zhang htpasswd /etc/httpd/users wang 2.Change configuration file <Directory /xuni/student> allowOverride none AuthType Basic AuthName "please login...." AuthUserFile /etc/httpd/users Require user song tian #Only two users, song and tian, are allowed to log in. </Directory> <Directory /xuni/data> allowOverride none AuthType Basic AuthName "please login...." AuthUserFile /etc/httpd/users Require valid-user #Allow all users to log in </Directory> <Directory /xuni/money> allowOverride none AuthType Basic AuthName "please login...." AuthUserFile /etc/httpd/users Require valid-user </Directory> 3. Restart the http service and test systemctl restart httpd curl -u username:password http://www.openlab.com/student/ (2) 1. Implement a self-signed certificate (on the premise that mod_ssl is installed on the Linux host) mkdir /xuni/money/{private,certs} openssl genrsa 2048 > /xuni/money/private/openlab.key openssl req -utf8 -new -key /etc/pki/tls/private/openlab.key -x509 -days 365 -out /xuni/money/certs/openlab.crt 2.Change configuration file <VirtualHost 192.168.95.129:443> DocumentRoot /xuni/money ServerName www.openlabmoney.com SSLEngine on SSLCertificateFile /xuni/money/certs/openlab.crt SSLCertificateKeyFile /xuni/money/private/openlab.key </VirtualHost> <Directory /xuni/money> allowOverride none Require all granted </Directory> 3. Restart the http service and verify systemctl restart httpd curl https://www.openlabmoney.com -k
The test result is these two, which means the configuration is successful.
4. Troubleshooting Ideas
Generally, when we configure web website services, we always encounter error messages. Generally, we do not turn off the firewall and seLinux. Pay special attention to seLinux, because I need to turn it off every time the host is turned on, or else We made a mistake in the configuration file. When checking the configuration file, we should pay attention to the following: IP, file directory, domain name, port, directory permissions, access control, and whether the command is entered in the correct format.