1.案例一
需求:本例要求爲 http://server0.example.com 配置Web站點,要求如下:
1.從http://ldap.example.com/pub/example.html下載一個主頁文件,將其重命名爲 index.html
2.將此文件拷貝到站點的 DocumentRoot 目錄下,不要對文件 index.html 的內容作任何修改
3.來自my133t.org的客戶端的訪問會被拒絕
1.1方案步驟
[root@server0 ~]# yum -y install httpd
[root@server0 ~]# cd /var/www/html/
[root@server0 html]# wget http://classroom.example.com/pub/example.html
[root@server0 html]# mv example.html index.html
[root@server0 html]# systemctl start httpd
[root@server0 html]# systemctl start httpd
[root@server0 html]# systemctl enable httpd
[root@server0 html]# systemctl mask iptables.service ebtables.service
[root@server0 html]# systemctl stop iptable ebtables
[root@server0 html]# firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.25.0.0/24 service name=http accept' --permanent
[root@server0 html]# firewall-cmd --reload
1.2驗證結果
2.案例二
需求爲站點 http://server0.example.com 配置TLS加密需求如下
1.一個已簽名證書從以下地址獲取 http://classroom.example.com/pub/server30.crt
2.此證書的密鑰從以下地址獲取 http://lclassroom.example.com/pub/server30.key
3.此證書的簽名授權信息從以下地址獲取http://classroom.example.com/pub/group30.crt
2.2方案步驟
[root@server0 ~]# yum -y install mod_ssl
[root@server0 ~]# cd /etc/httpd/conf.d/
[root@server0 conf.d]# vim ssl.conf
#ServerName www.example.com:443 \\去掉註釋改爲server0.example.com:443
[root@server0 certs]# wget http://classroom.example.com/pub/tls/certs/server0.crt
[root@server0 certs]# wget http://classroom.example.com/pub/tls/certs/www0.crt
[root@server0 certs]# vim /etc/httpd/conf.d/ssl.conf
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
改爲SSLCACertificateFile /etc/pki/tls/certs/www0.crt
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
改爲SSLCertificateFile /etc/pki/tls/certs/server0.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
改成SSLCertificateKeyFile /etc/pki/tls/private/server0.key
[root@server0 certs]# cd ../private/
[root@server0 private]# wget http://classroom.example.com/pub/tls/private/server0.key
[root@server0 private]# systemctl restart httpd
[root@server0 private]#firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.25.0.0/24 service name=http accept' --permanent
[root@server0 private]#firewall-cmd --reload
2.3驗證結果
3.案例三
需求
1.新建虛擬主機 http://www.example.com
2.設置 DocumentRoot 爲 /var/www/virtual
3.從 http://classroom/pub/materials/www.html 下載主頁文件,並重命名爲 index.html
不要對文件 index.html 的內容作任何修改
4.將文件index.html拷貝到DocumentRoot目錄下
5.確保 fleyd 用戶能在 /var/www/virtual 目錄建文件
3.1方案步驟
[root@server0 certs]# cd /var/www/
[root@server0 certs]# wget -O virtual/index.html http://classroom.example.com/pub/www.html
[root@server0 certs]# chown -R apache.apache /var/www/
[root@server0 certs]# useradd floyd
[root@server0 certs]#setfacl -m u:floyd:rwx virtual/
[root@server0 certs]#cd /etc/httpd/conf.d
[root@server0 conf.d]#vim httpd-vhost.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server0.example.com
<VirtualHost >
<VirtualHost *:80>
DocumentRoot "/var/www/virtual"
ServerName www.example.com
<VirtualHost >
[root@server0 conf.d]#systemctl restart httpd
3.2驗證第一個域名server0.example.com
3.3登陸客戶端修改配置並驗證第二個域名www.example.com
[root@desktop0]#vim /etc/hosts
172.25.0.11 www.example.com
[root@desktop0]#firefox &
3.4驗證
3.5切換用戶
[root@server0 conf.d]#su - floyd
[floyd@server0 ~]$cd /var/www/virtual/
[floyd@server0 virtual]$touch aa
[floyd@server0 virtual]$rm -f aa
[floyd@server0 virtual]$ls
index.html
4.案例四
需求
在你的server上的web服務器的DocumentRoot目錄下創建一個名爲private的目錄,要求如下:
1.從 http://classroom.example.com/pub/private.html 下載一個文件副本到這個目錄,並且重命名爲 index.html,不要對這個文件的內容做任何修改
2.從 server 上,任何人都可以瀏覽 private的內容,但是從其它系統不能訪問這個目錄的內容
4.1方案步驟
服務端
[root@server0 ~]#cd /var/www/html/
[root@server0 html]#mkdir private
[root@server0 html]#wget -O private/index.html http://classroom.example.com/pub/private.html
[root@server0 html]#ls
index.html
[root@server0 html]#cat private/index.html
private
[root@server0 html]#vim /etc/httpd/conf.d/httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName server0.example.com
<Directory "/var/www/html/private">
Require ip 172.25.0.11
<Directory>
<VirtualHost >
[root@server0 html]#systemctl resart httpd
4.2驗證結果
客戶端
[root@desktop0]#firefox &
驗證成功不准許客戶端登陸
服務端
[root@server0 ]#firefox &
驗證成功不准許服務端登陸
5.案例五
需求:
在server30上實現動態web內容
1.動態內容由名爲alt.example.com的虛擬主機提供
虛擬主機偵聽端口爲8909
2.從http://classroom.example.com/pub/webapp.wsgi下載一個腳本,然後放在適當的位置,不要修改文件內容
3.客戶端訪問http://alt.example.com:8909時,應該接收到動態生成的web頁面
4.此http://alt.example.com:8909必須能被example.com內所有的系統訪問
5.1方案步驟
服務端
[root@server0 ~]#cd /var/www/html/
[root@server0 www]#mkdir wsgi
[root@server0 www]#wget -o wsgi/webapp.wsgi http://classroom.example.com/pub/webapp.wsgi
[root@server0 www]#chown -R apache.apache wsgi/
[root@server0 www]#vim /etc/httpd/conf.d/httpd-vhosts.conf
在最後添加
Listen 8909
<VirtualHost *:8909>
WSGIScripAlias / "/var/www/wsgi/webapp.wsgi"
ServerName alt.example.com
<VirtualHost >
[root@server0 www]#yum -y mod_wsgi*
[root@server0 ~]#systemctl stop httpd
[root@server0 ~]#systemctl start httpd
[root@server0 ~]#semanage port -a
-t http_port_t -p tcp 8909
[root@server0 ~]#semanage port -l|grep http
[root@server0 ~]#firewall-cmd --add-rich-rule 'rule family=ipv4 source address=172.25.0.0/24 port protocol=tcp port=8909 accept' --permanent
[root@server0 ~]#firewall-cmd --reload
5.2驗證結果
客戶端
[root@desktop0]#vim /etc/hosts
172.25.0.11 alt.example.com
[root@desktop0]#firefox &
瀏覽器驗證