WEB服务器搭建（二）

一、SSL认证

二、基于虚拟目录和用户控制

三、综合以上搭建Web服务器

（1）搭建一个基于https://www.linuxprobe.com访问的网站，tom和jack可以访问该网站，该页面的内容为welcome to linuxprobe，但是rose无法访问该页面；
（2）在该网站的基础上建立一个虚拟目录/mimi，访问该目录时显示的内容为this is linuxprobe mimi，同时只有rose可以访问该虚拟目录
具体操作：（实验环境 redhat 7.2）

关闭防火墙及SELinux
[[email protected] /]#systemctl stop firewalld
[[email protected] /]#setenforce 0

基本配置文件：
[[email protected] /]# vi /etc/httpd/conf.d/ linuxprobe.conf

<directory /linuxprobe/domain>
authtype basic
authname “Please login:”
authuserfile /etc/httpd/mysecretpwd
require user tom jack

listen 7777
<virtualhost 192.168.253.128:7777>
documentroot / linuxprobe /domain
servername www.linuxprobe.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/ linuxprobe.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ linuxprobe.key

<directory "/linuxprobe/mulu ">
allowoverride none
authtype basic
authname “Please login:”
authuserfile /etc/httpd/mysecretpwd
require user rose

listen 6666
<virtualhost 192.168.253.128:6666>
documentroot / linuxprobe/mulu
alias /mimi / linuxprobe/mulu
servername www.linuxprobe.com
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/ linuxprobe.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ linuxprobe.key

创建文件目录：
mkdir –p / linuxprobe/domain
echo welcome to linuxprobe > /linuxprobe/domain/index.html
mkdir –p / linuxprobe/mulu
echo this is linuxprobe mimi > /linuxprobe/mulu/index.html

配置证书：/etc/pki/tls/certs
[[email protected] certs]# make linuxprobe.crt
umask 77 ;
/usr/bin/openssl genrsa -aes128 2048 > linuxprobe1.key
Generating RSA private key, 2048 bit long modulus
…+++
e is 65537 (0x10001)
Enter pass phrase:（redhat）
Verifying - Enter pass phrase:（redhat）
umask 77 ;
/usr/bin/openssl req -utf8 -new -key linuxprobe1.key -x509 -days 365 -out linuxprobe1.crt -set_serial 0
Enter pass phrase for linuxprobe1.key:（redhat）
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shaanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]: linuxprobe
Organizational Unit Name (eg, section) []: linuxprobe
Common Name (eg, your name or your server’s hostname) []: linuxprobe
Email Address []: linuxprobe.com

添加用户：
htpasswd –c /etc/httpd/mysecretpwd tom
htpasswd /etc/httpd/mysecretpwd jack
htpasswd /etc/httpd/mysecretpwd rose -------------密码均为redhat

更改hosts文件
[[email protected] /]#vim /etc/hosts
192.168.253.128 www. linuxprobe.com

重启服务：

[[email protected] linuxprobe]# systemctl restart httpd.service
Enter SSL pass phrase for www. linuxprobe.com:443 (RSA) : ******

进行实际测试：
1.访问 https://www.linuxprobe.com:7777
tom jack 可以成功登录访问

rose 登录失败，从而不能访问

2.访问 https://www.linuxprobe.com:6666/mimi/
tom jack 登录失败，从而不能访问

rose 可以成功登录访问 实际访问到 /linuxprobe/mulu/index.html