rhel7 http執行個體2

rhel7 http執行個體2

前面的配置請參考 http://4708948.blog.51cto.com/4698948/1702486

客戶機

[root@desktop0 conf.d]# curl https://server0:443

curl: (60) Peer's certificate issuer has been marked as not trusted by the user.

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"

of Certificate Authority (CA) public keys (CA certs). If the default

bundle file isn't adequate, you can specify an alternate file

using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

the bundle, the certificate verification probably failed due to a

problem with the certificate (it might be expired, or the name might

not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

the -k (or --insecure) option.

第十五題 虛拟主機

搭建一台虛拟主機使用域名www.server0.example.com（域名解析已由server.domain0.example.com上做好）該伺服器的家目錄在/var/www/virtual。頁面檔案從http://server.domain0.example.com/pub/html/www8.html下載下傳到/var/www/html/virtual下，更名為index.html，網頁内容請勿修改，要求原實體主機可以繼續通路

伺服器

[root@server0 conf.d]# cd /var/www/

[root@server0 www]# mkdir virtual

[root@server0 www]# cd virtual/

[root@server0 virtual]# vim index.html

[root@server0 virtual]# cat index.html

151515151515151515151515151515

[root@server0 virtual]# vim /etc/httpd/conf.d/hrr.conf

<VirtualHost *:80>

DocumentRoot "/var/www/virtual/"

ServerName www.server0.example.com

ErrorLog "/var/log/httpd/www.server0.example.com-error_log"

CustomLog "/var/log/httpd/www.server0.example.com-access_log" common

</VirtualHost>

[root@server0 virtual]# systemctl restart httpd

[root@desktop0 conf.d]# vim /etc/hosts

[root@desktop0 conf.d]# curl http://www.server0.example.com

[root@desktop0 conf.d]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

172.25.0.11 www.server0.example.com

172.25.254.254 classroom.example.com

172.25.254.254 content.example.com

[root@desktop0 conf.d]#

第十七題 http通路權限

在www.server0.example.com網站的根目錄建立restricted目錄。下載下傳ftp://classroom.example.com/pub/html/restricted0.html到restricted目錄,改為index.html，請不要修改該檔案的内容。要求僅desktop0主機才能通路到該頁面。其他主機拒絕通路。

[root@server0 conf.d]# vim hrr.conf

[root@server0 conf.d]# systemctl restart httpd

客戶機1

[root@desktop0 conf.d]# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 172.25.0.10 netmask 255.255.255.0 broadcast 172.25.0.255

[root@desktop0 conf.d]# curl http://www.server0.example.com/restricted/

desktop0 only

客戶機2

[root@foundation0 images]# ifconfig

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 172.25.254.250 netmask 255.255.255.0 broadcast 172.25.254.255

[root@foundation0 images]# cat /etc/hosts

[root@foundation0 images]# curl http://www.server0.example.com/

[root@foundation0 images]# curl http://www.server0.example.com/restricted/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

You don't have permission to access /restricted/

on this server.

</body></html>

[root@foundation0 images]#

題目12

配置WEB站點

Server上配置一個站點http://server0.example.com然後執行下述步驟：

從ftp://172.25.254.250/pub/RHCE/12.html下載下傳檔案，并且将檔案重命名index.html不要修改此檔案的内容

将檔案index.html拷貝到您的web伺服器的dosumentroot目錄下

來自于example.com域的用戶端可以通路此WEB服務

來自于deny.com域 的用戶端拒絕通路此WEB服務

Yum y install http*

cd /etc/httpd/conf.d/

cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf hrr.conf

vim hrr.conf

Systemctl enable httpd

Systemctl start httpd

firewall-config

然後直接關掉

[root@server0 html]# firewall-cmd --reload

success

[root@server0 html]# firewall-cmd --list-all --zone=public

public (default, active)

interfaces: eth0 eth1 eth2 team0

sources:

services: dhcpv6-client http nfs ssh

ports: 139/tcp 138/tcp 445/tcp 80/tcp 5423/tcp 137/tcp

masquerade: no

forward-ports: port=5423:proto=tcp:toport=80:toaddr=

icmp-blocks:

rich rules:

rule family="ipv4" destination address="172.25.0.0/24" service name="http" accept

rule family="ipv4" destination address="172.25.1.0/24" service name="http" reject

cd /var/www/html/

vim index.html

12

用戶端

[root@desktop0 ~]# curl http://server0

[root@desktop0 ~]#

題目13配置安全WEB服務

為站點http://server0.example.com配置TLS加密一個已簽名證書從http://classroom.example.com/pub/tls/certs/www0.crt擷取，此證書的密鑰從http://classroom.example.com/pub/tls/private/www0.key擷取，此證書的簽名授權資訊從http://classroom.example.com/pub/example-ca.crt擷取（在教室中才有這些證書）

題目14

配置虛拟主機

在server0上擴充您的web伺服器，為站點

http://14.example.com建立了個虛拟主機，然後執行下述步驟：

A設定docume

      本文轉自810105851 51CTO部落格，原文連結：http://blog.51cto.com/4708948/1702487，如需轉載請自行聯系原作者