rhel7 http实例2

前面的配置请参考 http://4708948.blog.51cto.com/4698948/1702486

客户机

[root@desktop0 conf.d]# curl https://server0:443

curl: (60) Peer's certificate issuer has been marked as not trusted by the user.

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"

of Certificate Authority (CA) public keys (CA certs). If the default

bundle file isn't adequate, you can specify an alternate file

using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

the bundle, the certificate verification probably failed due to a

problem with the certificate (it might be expired, or the name might

not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

the -k (or --insecure) option.

第十五题 虚拟主机

搭建一台虚拟主机使用域名www.server0.example.com(域名解析已由server.domain0.example.com上做好)该服务器的家目录在/var/www/virtual。页面文件从http://server.domain0.example.com/pub/html/www8.html下载到/var/www/html/virtual下,更名为index.html,网页内容请勿修改,要求原物理主机可以继续访问

服务器

[root@server0 conf.d]# cd /var/www/

[root@server0 www]# mkdir virtual

[root@server0 www]# cd virtual/

[root@server0 virtual]# vim index.html

[root@server0 virtual]# cat index.html

151515151515151515151515151515

[root@server0 virtual]# vim /etc/httpd/conf.d/hrr.conf

<VirtualHost *:80>

DocumentRoot "/var/www/virtual/"

ServerName www.server0.example.com

ErrorLog "/var/log/httpd/www.server0.example.com-error_log"

CustomLog "/var/log/httpd/www.server0.example.com-access_log" common

</VirtualHost>

[root@server0 virtual]# systemctl restart httpd

客户机

[root@desktop0 conf.d]# vim /etc/hosts

[root@desktop0 conf.d]# curl http://www.server0.example.com

151515151515151515151515151515

[root@desktop0 conf.d]# cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

172.25.0.11 www.server0.example.com

172.25.254.254 cla***oom.example.com

172.25.254.254 content.example.com

[root@desktop0 conf.d]#

第十七题 http访问权限

在www.server0.example.com网站的根目录创建restricted目录。下载ftp://cla***oom.example.com/pub/html/restricted0.html到restricted目录,改为index.html,请不要修改该文件的内容。要求仅desktop0主机才能访问到该页面。其他主机拒绝访问。

服务器

[root@server0 conf.d]# vim hrr.conf

[root@server0 conf.d]# systemctl restart httpd

客户机1

[root@desktop0 conf.d]# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 172.25.0.10 netmask 255.255.255.0 broadcast 172.25.0.255

[root@desktop0 conf.d]# curl http://www.server0.example.com/restricted/

desktop0 only

[root@desktop0 conf.d]#

客户机2

[root@foundation0 images]# ifconfig

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500

inet 172.25.254.250 netmask 255.255.255.0 broadcast 172.25.254.255

[root@foundation0 images]# cat /etc/hosts

172.25.0.11 www.server0.example.com

[root@foundation0 images]# curl http://www.server0.example.com/

151515151515151515151515151515

[root@foundation0 images]# curl http://www.server0.example.com/restricted/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>403 Forbidden</title>

</head><body>

<h1>Forbidden</h1>

You don't have permission to access /restricted/

on this server.

</body></html>

[root@foundation0 images]#

题目12

配置WEB站点

Server上配置一个站点http://server0.example.com然后执行下述步骤:

从ftp://172.25.254.250/pub/RHCE/12.html下载文件,并且将文件重命名index.html不要修改此文件的内容

将文件index.html拷贝到您的web服务器的dosumentroot目录下

来自于example.com域的客户端可以访问此WEB服务

来自于deny.com域 的客户端拒绝访问此WEB服务

服务器

Yum y install http*

cd /etc/httpd/conf.d/

cp /usr/share/doc/httpd-2.4.6/httpd-vhosts.conf hrr.conf

vim hrr.conf

Systemctl enable httpd

Systemctl start httpd

firewall-config

然后直接关掉

[root@server0 html]# firewall-cmd --reload

success

[root@server0 html]# firewall-cmd --list-all --zone=public

public (default, active)

interfaces: eth0 eth1 eth2 team0

sources:

services: dhcpv6-client http nfs ssh

ports: 139/tcp 138/tcp 445/tcp 80/tcp 5423/tcp 137/tcp

masquerade: no

forward-ports: port=5423:proto=tcp:toport=80:toaddr=

icmp-blocks:

rich rules:

rule family="ipv4" destination address="172.25.0.0/24" service name="http" accept

rule family="ipv4" destination address="172.25.1.0/24" service name="http" reject

cd /var/www/html/

vim index.html

12

客户端

[root@desktop0 ~]# curl http://server0

12

[root@desktop0 ~]#

题目13配置安全WEB服务

为站点http://server0.example.com配置TLS加密一个已签名证书从http://cla***oom.example.com/pub/tls/certs/www0.crt获取,此证书的密钥从http://cla***oom.example.com/pub/tls/private/www0.key获取,此证书的签名授权信息从http://cla***oom.example.com/pub/example-ca.crt获取(在教室中才有这些证书)

题目14

配置虚拟主机

在server0上扩展您的web服务器,为站点

http://14.example.com创建了个虚拟主机,然后执行下述步骤:

A设置docume