【Linux】练习---基于虚拟目录和用户控制的静态网站

实验要求：

    搭建一个基于https://www.zuoye.com:22222访问的web网站，网站首页在/www/https/，内容为zuoye，可以根据https://www.zuoye.com:22222/mimi访问到的信息为mimi，该网站的实际内容在/usr/local/secret，该网站的内容只有用户xiaoming能够查看。

1、关闭防火墙和selinux

[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# setenforce 0

2、安装httpd、make和mod_ssl

[root@bogon httpd]# yum install -y httpd

[root@bogon httpd]# yum install -y mod_ssl

[root@bogon httpd]# yum install -y make

3、查看/etc/pki/tls/certs/下是否有Makefile文件，若没有则需要从rhel7复制该文件（没有此文件则不能自制证书）

 [root@bogon ~]# cd /etc/pki/tls/certs

 [root@bogon certs]# scp [email protected]:/etc/pki/tls/certs/Makefile .

4、给虚拟服务器自制证书以及秘钥

[root@bogon conf.d]# cd /etc/pki/tls/certs
[root@bogon certs]# make zhengshu.crt                //制作证书
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > zhengshu.key
Generating RSA private key, 2048 bit long modulus (2 primes)
............+++++
.........................................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase:                                 //设置密码
Verifying - Enter pass phrase:                        //确认密码
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key zhengshu.key -x509 -days 365 -out zhengshu.crt -set_serial 0
Enter pass phrase for zhengshu.key:                   //此密码与上述密码相同
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ZG                               //国家
State or Province Name (full name) []:SX                           //省份
Locality Name (eg, city) [Default City]:Xi'an                      //城市
Organization Name (eg, company) [Default Company Ltd]:beixin       //公司
Organizational Unit Name (eg, section) []:ce                       //部门
Common Name (eg, your name or your server's hostname) []:www.ceshi.com   //服务器名
Email Address []:[email protected]                                       //邮箱

5、创建两个主页文件根目录，并定义页面内容 

[root@bogon ~]# mkdir -p /www/https/
[root@bogon ~]# mkdir -p /usr/local/secret
[root@bogon ~]# echo zuoye > /www/https/index.html
[root@bogon ~]# echo mimi > /usr/local/secret/index.html

6、定义可访问服务器的用户（小明）

[root@bogon certs]# htpasswd -c /etc/httpd/mymima xiaoming

[root@bogon certs]# htpasswd -c /etc/httpd/mymima xiaoming
New password:                          //设置密码
Re-type new password:                  //确认密码
Adding password for user xiaoming         //添加成功

7、通过查看/etc/httpd/conf.d/ssl.conf文件来写配置文件（vhost-https-virtual-user.conf）

[root@bogon httpd]# vim /etc/httpd/conf.d/vhost-https-virtual-user.conf

listen 22222                                     //监听22222端口
<virtualhost 192.168.74.130:22222>
        documentroot /www/https                  //网页文件存放的位置
        servername www.zuoye.com                 //服务器名
        SSLEngine on                             
        SSLCertificateFile /etc/pki/tls/certs/zhengshu.crt         //证书所在位置
        SSLCertificateKeyFile /etc/pki/tls/certs/zhengshu.key       //秘钥所在位置
        alias /mimi /usr/local/secret                 //别名为mimi,内容在/usr/local/secret
</virtualhost>

<directory /www/https>
        allowoverride none
        require all granted
</directory>

<directory /usr/local/secret>
        AuthType basic                     //基本认证类型（账号）
        AuthName "Please login:"           //提示信息，双引号必须有，可以更换为其它提示信息
        AuthuserFile /etc/httpd/mymima     //用户认证文件的用户名和密码指定的文件所在位置
        Require user xiaoming              //指定这两个用户可以访问该服务器
</directory>

8、重新启动httpd服务

[root@bogon httpd]# systemctl restart httpd
Enter TLS private key passphrase for www.zuoye.com:443 (RSA) : ******     //输入密码

 9、在虚拟机上添加此域名解析（/etc/hosts）

 

10、在主机上添加此域名解析（可用Notepad++打开C:\Windows\System32\drivers\etc\hosts文件进行修改）

11、测试