Table of Contents
Foreword:
1. Based on the domain name www.openlab.com, you can access the website and the content is welcome to openlab! ! !
analyze:
Related configuration:
2. Create three website directories for the company to display student information, teaching materials and payment websites respectively. Based on www.openlab.com/student website to access student information, www.openlab.com/data website to access teaching materials, www.openlab.com /money website to access the payment website.
analyze:
Related configuration:
3. Requirements (1) Only song and tian can access the student information website, and all users of other websites can access it. (2) Access the payment website to implement data encryption based on https access.
analyze:
Related configuration:
4. Troubleshooting ideas
Foreword:
Before we do relevant web configuration on the Linux host, we first need to check whether our host has the HTTP service installed. During configuration, we need to check whether the firewall and selinux of our host are turned off. These basic operations will affect whether we can succeed in the future. Deploy related services.
1. Turn off the firewall and selinux systemctl stop/disable firewalld close/permanently close the firewall setenforce 0 turns off selinux 2. Check whether the host has installed HTTP and HTTPS related services rpm -qa | grep http If not installed: yum install mod_ssl httpd -y
1. The content of the website that can be accessed based on the domain name www.openlab.com is welcome to openlab! ! !
Analysis:
To access the website based on the domain name, we need to pay attention to writing the corresponding domain name in the configuration, and add the resolution information of our corresponding domain name in the Linux host/etc/hosts file. If we want to achieve domain name access in the Windows host browser, we We also need to add the configured dns information to the relevant configuration file hosts, but we do not have this permission on win10 and win11 hosts, so we can use the IP address to access.
Related configuration:
1. Create http configuration file
touch /etc/httpd/conf.d/vhosts.conf
2. Edit related configurations
vim /etc/httpd/conf.d/vhosts.conf
Related configuration:
<VirtualHost 192.168.95.129:80>
DocumentRoot /www/openlab
ServerName www.openlab.com
</VirtualHost>
<Directory /www/openlab> #This directory is the file recognized by the http service. This can be customized.
AllowOverride none
Require all granted
</Directory>
3. Write website content into relevant files
mkdir /www/openlab
echo welcome to openlab !!! > /www/openlab/index.html
4. Add domain name resolution information to the /etc/hosts file
vim /etc/hosts
192.168.95.129 www.openlab.com
5. Restart the httpd service
systemctl restart httpd
6. Check whether the test is successful
curl http://www.openlab.com
If the test result is this, it means the configuration is successful.
2. Create three website directories for the company to display student information, teaching materials and payment websites respectively. Access student information based on www.openlab.com/student website, www.openlab .com/data website to access teaching materials,
Visit the payment website at www.openlab.com/money.
Analysis:
Based on the first question, we need to configure an alias for the company’s website to achieve the above requirements.
Related configuration:
1. Change the configuration file (because there are three websites, we need to add three aliases and give corresponding permissions):
vim /etc/httpd/conf.d/vhosts.conf
<VirtualHost 192.168.95.129:80>
DocumentRoot /www/openlab
ServerName www.openlab.com
alias /student /xuni/student #The following three configurations are to add aliases
alias /data /xuni/data
alias /money /xuni/money
</VirtualHost>
<Directory /www/openlab>
AllowOverride none
Require all granted
</Directory>
<Directory /xuni> (give the corresponding file location and permissions)
allowOverride none
Require all granted
</Directory>
2. Create the corresponding directory and write the index.html file:
mkdir /xuni/{student,data,money} -pv
echo this is student > /xuni/student/index.html
echo this is data > /xuni/data/index.html
echo this is money > /xuni/money/index.html
3. Restart the http service and test
systemctl restart httpd
curl http://www.openlab.com/student/
curl http://www.openlab.com/data/
curl http://www.openlab.com/money/
If the test result is this, it means the configuration is successful.
3. Requirements ( 1) The student information website can only be accessed by song and tian, and all users of other websites can access it.
(2) Access the payment website to implement data encryption based on https access.
Analysis:
(1) To implement a student information website that only two users, song and tian, can access, then we need to add user verification. First we need to create a user and password, and then change the configuration file. Note that we need to correspond to the student information website Add access control to the configuration file.
(2) If we access an encrypted website based on https, we need to self-sign a certificate to be trusted by the accessing host. Others can be configured according to relevant requirements.
Related configuration:
(1) 1. Add user information, enter the command and then enter the password according to the prompts.
htpasswd -c /etc/httpd/users song
htpasswd /etc/httpd/users tian
htpasswd /etc/httpd/users zhang
htpasswd /etc/httpd/users wang
2.Change configuration file
<Directory /xuni/student>
allowOverride none
AuthType Basic
AuthName "please login...."
AuthUserFile /etc/httpd/users
Require user song tian #Only two users, song and tian, are allowed to log in.
</Directory>
<Directory /xuni/data>
allowOverride none
AuthType Basic
AuthName "please login...."
AuthUserFile /etc/httpd/users
Require valid-user #Allow all users to log in
</Directory>
<Directory /xuni/money>
allowOverride none
AuthType Basic
AuthName "please login...."
AuthUserFile /etc/httpd/users
Require valid-user
</Directory>
3. Restart the http service and test
systemctl restart httpd
curl -u username:password http://www.openlab.com/student/
(2) 1. Implement a self-signed certificate (on the premise that mod_ssl is installed on the Linux host)
mkdir /xuni/money/{private,certs}
openssl genrsa 2048 > /xuni/money/private/openlab.key
openssl req -utf8 -new -key /etc/pki/tls/private/openlab.key -x509 -days 365 -out
/xuni/money/certs/openlab.crt
2.Change configuration file
<VirtualHost 192.168.95.129:443>
DocumentRoot /xuni/money
ServerName www.openlabmoney.com
SSLEngine on
SSLCertificateFile /xuni/money/certs/openlab.crt
SSLCertificateKeyFile /xuni/money/private/openlab.key
</VirtualHost>
<Directory /xuni/money>
allowOverride none
Require all granted
</Directory>
3. Restart the http service and verify
systemctl restart httpd
curl https://www.openlabmoney.com -k
The test result is these two, which means the configuration is successful.
4. Troubleshooting Ideas
Generally, when we configure web website services, we always encounter error messages. Generally, we do not turn off the firewall and seLinux. Pay special attention to seLinux, because I need to turn it off every time the host is turned on, or else We made a mistake in the configuration file. When checking the configuration file, we should pay attention to the following: IP, file directory, domain name, port, directory permissions, access control, and whether the command is entered in the correct format.