摸底考察-Linux系统搭建WEB网站服务
一.训练拓扑
Server | 172.16.22.225/24 |
---|---|
pc | 172.16.22.x/24 |
二.部署要求
- 版本搭建服务环境
- 服务端部署DHCP、DNS、WEB、CA服务
- 客户端可访问与验证服务端所搭建服务
三.达成目标
- 客户端、服务端网络连通
- 客户端自动从服务端获取172.16.22.X段的IP地址
- 客户端可解析网站域名www.skills.com
- 客户端可访问网站http://www.skills.com服务
- 客户端可访问网站https://www.skills.com服务
四.实现思路
分析部署要求,每个要求需要通过什么功能满足
DHCP实现思路
1.Server中安装DHCP配置IP172.16.22.225S实现地址池、给PC分配网段172.16.22.0/24
2.让PC获取IP地址,在Server上进行DHCP的配置,让PC自动获取地址
DNS实现思路
1.通过在Server中安装DNS,配置文件更改域名来实现正方向解析,在浏览器中输入www.skills.com域名,操作系统会先检查自己本地的hosts文件是否有这个网址映射关系,如果有,就先调用这个ip地址映射,完成域名解析
WEB实现思路,
1.WEB通过Apache服务器概述-安装,然后启动Apache,在浏览器界面查看测试
CA认证实现思路
1.CA首先要有一个根证书,然后用根证书来签发服务器证书和客户证书,一般理解:服务器证书和客户证书是平级关系。在SSL必须安装根证书和服务器证书来认证。
2.在生成证书之前,一般会有一个私钥,同时用私钥生成证书请求,再利用证书服务器的根证来签发证书,因此我们要在Server中生成证书私钥,其次给客户机颁发认证。
五.实现步骤
DHCP步骤
1、在CentOS7上安装DHCP软件包
yum -y install dhcp
2、配置/etc/dhcp/dhcpd.conf文件
[root@Server ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
subnet 172.16.0.0 netmask 255.255.0.0{range 172.16.22.50 172.16.22.253;
}
3、启动DHCP、systemctl start dhcpd
[root@Server ~]# systemctl start dhcpd
[root@Server ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server DaemonLoaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)Active: active (running) since 三 2022-03-16 23:55:05 CST; 1 day 14h agoDocs: man:dhcpd(8)man:dhcpd.conf(5)Main PID: 17476 (dhcpd)
4、客户机中检测地址分布情况查看IP、ip addr
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:50:56:85:0f:04 brd ff:ff:ff:ff:ff:ffinet 172.16.22.51/16 brd 172.16.255.255 scope global noprefixroute dynamic ens192valid_lft 42618sec preferred_lft 42618sec
配置DNS
yum -y install bind* #安装
启动DNSsystemctl start named.service #启动DNS
1.查看named进程是否启动、ps -eaf | grep named
[root@Server ~]# ps -eaf | grep named
named 23643 1 0 3月17 ? 00:00:01 /usr/sbin/named -u named -c /etc/named.conf
root 26121 25816 0 14:34 pts/0 00:00:00 grep --color=auto named
[root@Server ~]#
2.查看监听53号端口进行检验、netstat -an | grep :53
[root@Server ~]# netstat -an | grep :53
tcp 0 0 172.16.22.225:53 0.0.0.0:* LISTEN
tcp6 0 0 ::1:53 :::* LISTEN
udp 0 0 172.16.22.225:53 0.0.0.0:*
udp6 0 0 ::1:53 :::*
[root@Server ~]#
3、防火墙开放TCP和UDP的53号端口:iptables -I INPUT -p tcp --dport 53 -j ACCEPT iptables -I INPUT -p udp --dport 53 -j ACCEPT
4、DNS修改主配置文件/etc/named.conf
options {listen-on port 53 { 172.16.22.225; };listen-on-v6 port 53 { ::1; };directory "/var/named";dump-file "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file "/var/named/data/named.recursing";secroots-file "/var/named/data/named.secroots";allow-query { any; };/*
5、修改/etc/named.rfc1912.zones
zone "www.skills.com" IN {type master;file "www.skills.com.zone";
};
zone "22.16.172.in-addr.arpa" IN {type master;file "www.skills.com.local";
};
4、添加配置/var/named/www.skills.com.zone
[root@Server ~]# cat /var/named/www.skills.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 172.16.22.225
www A 172.16.22.225
5、添加配置/var/named/www.skills.com.local
[root@Server ~]# cat /var/named/www.skills.com.local
$TTL 1D
@ IN SOA @ rname.invalid. (0 ; serial1D ; refresh1H ; retry1W ; expire3H ) ; minimumNS @A 172.16.22.225
254 IN PTR www.skills.com
6、配置/etc/resolv.conf文件
[root@Server ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 172.16.22.225
7、启动DNS正反向测试
[root@Server ~]# nslookup www.skills.com
Server: 172.16.22.225
Address: 172.16.22.225#53Name: www.skills.com
Address: 172.16.22.225[root@Server ~]#
搭建WEB
1、安装Apache软件作为Web服务器软件
yum install -y httpd*
2、启动HTTPD Apache systemctl start httpd
[root@Server ~]# systemctl start httpd
[root@Server ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 四 2022-03-17 00:18:05 CST; 1 day 15h agoDocs: man:httpd(8)man:apachectl(8)Main PID: 17646 (httpd)Status: "Total requests: 2; Current requests/sec: 0; Current traffic: 0 B/sec"CGroup: /system.slice/httpd.service├─17646 /usr/sbin/httpd -DFOREGROUND├─17647 /usr/sbin/httpd -DFOREGROUND├─17648 /usr/sbin/httpd -DFOREGROUND├─17649 /usr/sbin/httpd -DFOREGROUND├─17650 /usr/sbin/httpd -DFOREGROUND├─17651 /usr/sbin/httpd -DFOREGROUND└─17652 /usr/sbin/httpd -DFOREGROUND3月 17 00:18:05 localhost.localdomain systemd[1]: Stopped The Apache HTTP Server.
3月 17 00:18:05 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
3月 17 00:18:05 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
[root@Server ~]#
web页面
客户端curl -iv 172.16.22.22
[root@localhost ~]# curl -iv 172.16.22.225
* About to connect() to 172.16.22.225 port 80 (#0)
* Trying 172.16.22.225...
* Connected to 172.16.22.225 (172.16.22.225) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 172.16.22.225
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Fri, 18 Mar 2022 08:16:31 GMT
Date: Fri, 18 Mar 2022 08:16:31 GMT
< Server: Apache/2.4.6 (CentOS)
Server: Apache/2.4.6 (CentOS)
< Last-Modified: Wed, 16 Mar 2022 16:10:54 GMT
Last-Modified: Wed, 16 Mar 2022 16:10:54 GMT
< ETag: "1f-5da5828760091"
ETag: "1f-5da5828760091"
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 31
Content-Length: 31
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8<
Hell,welcome to www.skills.com
* Connection #0 to host 172.16.22.225 left intact
[root@localhost ~]#
CA认证
1、首先进入/etc/pki/tls/openssl.cnf 并了解CA证书的系统文件内容
[root@Server ~]# vi /etc/pki/tls/openssl.cnf #
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
## This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)[ new_oids ]# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7####################################################################
[ ca ]
default_ca = CA_default # The default ca section####################################################################
[ CA_default ]dir = /etc/pki/CA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
2、在/etc/pki/CA下创建数据库索引文件index.txt
[root@Server ~]# cd /etc/pki/CA/
[root@Server CA]# touch index.txt
[root@Server CA]# echo 66 > serial
[root@Server CA]# ls
cacart.pem certs crl index.txt newcerts private serial
[root@Server CA]#
3、生成CA证书私钥、并设置路径、名称以及密码
24、cakey.pem私钥中提取出公钥并指定名称cacert.pem,并指定CA机构的有效期(内容包括国家、省份、城市、公司名、公司部门、服务器名称、邮箱地址)
CA证书创建完成
[root@Server CA]# cat cacart.pem
-----BEGIN CERTIFICATE-----
MIID4zCCAsugAwIBAgIJALjqtmg6JV0kMA0GCSqGSIb3DQEBCwUAMIGHMQswCQYD
VQQGEwJ6ZzERMA8GA1UECAwIc2hhbmRvbmcxETAPBgNVBAcMCGRvbmd5aW5nMRIw
EAYDVQQKDAlqemdranl4Z3MxDjAMBgNVBAsMBWp6Z2JtMQwwCgYDVQQDDANqemcx
IDAeBgkqhkiG9w0BCQEWETI3OTY2NzY0MjdAcXEuY29tMB4XDTIyMDMxNzAxMDg0
NVoXDTQyMDMxMjAxMDg0NVowgYcxCzAJBgNVBAYTAnpnMREwDwYDVQQIDAhzaGFu
ZG9uZzERMA8GA1UEBwwIZG9uZ3lpbmcxEjAQBgNVBAoMCWp6Z2tqeXhnczEOMAwG
A1UECwwFanpnYm0xDDAKBgNVBAMMA2p6ZzEgMB4GCSqGSIb3DQEJARYRMjc5NjY3
NjQyN0BxcS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2IC/k
JLIyYU1V3woYkbuNS5T4vwuNbXNHUUzuOmS+gkzN6fukQjudQCqMofAIOtrS2/dz
qTCjISoXavMEnL5mSufsCJvhJNoE+ZWZ0RZukQoRRpJtzUInggkET/pYpfIYznqC
1K9uwpV48mjGVL3qoj4HwctLjfLEcorQAPPc7BhHkQu5xrwP0WVx7mU6yOSOTdss
acrTQy+p1K+idsP5XqPhlACVjdPsaqcFjyvxrSxIXcf4StoKkq5FbnWKug6y4A7a
W7F1gIpHWuFiVOGesw6fe6ZMgt80wVLkxXdwbuyrVYm06zt7ts1Ofob4mGCXEKMO
DnW7x9eKG2zowEzBAgMBAAGjUDBOMB0GA1UdDgQWBBTjCeEjRjw2//NR7oyC0FwY
AlT4nTAfBgNVHSMEGDAWgBTjCeEjRjw2//NR7oyC0FwYAlT4nTAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCRRuexQFd+bcOIn0eYZ2a81w2J41NUAxD9
tAZbZDPWAaw3TcTLRyi2RQJuYuIKXhb8cxRBeu8m4NV4tVCs/FQOnlqVHr9lCTl0
WytoWQDfZ7EW0zmgvB82Olq4fQiy+1eRkF+KaDHSGn1uklLv7HeSlyiskxK1SQZh
giP51i/nzcU7rBGO9NaDagY2ciT7N5RkClRT/9qbmwBOuLSm/IzlFICKYkyoHvGM
p0S4YlLD+N62jgaNUeen4gV8FASejzrGDICTy0KR6UxXKQgiGmelsEj0O4d90uDf
ckxphrOAemZR+bIB79xFYVU6kc0mroTwulO0A9BMof/GgRmTHMT1
-----END CERTIFICATE-----
[root@Server CA]#
节点申请证书生成密钥对
[root@localhost ~]# mkdir /etc/httpd/ssl
[root@localhost ~]# (umask 077; openssl genrsa -out /etc/httpd/ssl/httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
...............................+++
..............................+++
e is 65537 (0x10001)
[root@localhost ~]#
生成证书请求
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = XX
countryName_min = 2
countryName_max = 2stateOrProvinceName = State or Province Name (full name)
#stateOrProvinceName_default = Default ProvincelocalityName = Locality Name (eg, city)
localityName_default = Default City0.organizationName = Organization Name (eg, company)
0.organizationName_default = Default Company Ltd# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty LtdorganizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
[root@localhost ~]# vim /etc/pki/tls/openssl.cnf
[root@localhost ~]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/
conf/ conf.modules.d/ modules/ ssl/
conf.d/ logs/ run/
[root@localhost ~]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:SD
Locality Name (eg, city) [Default City]:SD
Organization Name (eg, company) [Default Company Ltd]:jzg
Organizational Unit Name (eg, section) []:jzg
Common Name (eg, your name or your server's hostname) []:www.skills.com
Email Address []:2796676427@qq.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:000000
An optional company name []:jzg
[root@localhost ~]#
把签署请求文件发送给CA服务器
[root@localhost ~]# scp httpd.csr 172.16.22.225:/etc/pki/CA/csr
root@172.16.22.225's password:
httpd.csr: No such file or directory #此时这里出现了错误
[root@Server CA]# openssl ca -in /etc/pki/CA/csr/httpd.csr -out /etc/pki/CA/httpd.crt -days 1000
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for /etc/pki/CA/private/cakey.pem:
Error opening CA certificate /etc/pki/CA/cacert.pem
140120267863952:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/pki/CA/cacert.pem','r')
140120267863952:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load certificate
[root@Server CA] ##由于上一步没有连接上导致一下步骤无法实现
六.任务总结
任务过程中出现的问题,如何解决的,哪些关键点需要强 调和引起注意的
1、DNS中的配置文件一点要仔细,出现问题之后查看报错分析日志
/etc/named.rfc1912.zones
2、只要仔细问题范围就可以缩小、出现问题后先分析排除错误、有问题就找度娘、只要认真对待我相信再大的困难也会克服。
3、结合以上问题CA认证无法接收到发送与客户认证,遇到一些问题后续继续学习更新
摸底考察-Linux系统搭建WEB网站服务相关推荐
- 如何用windows系统访问Linux系统的web网站
我所使用的是windows7的虚拟机与Linux6.5(64位)的操作系统. 链接的是VMnet1的网卡,在windows7上配置的IP地址是192.168.1.200:在Linux系统上配置的IP地 ...
- Linux下搭建Web网站
网站需求: 1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!! 2.给该公司创建三个网站目录分别显示学生信息,教学资料和缴费网站,基于 www.o ...
- Linux 系统搭建 Web 服务器
项目开发中,服务器主机用的是 Linux 系统,服务器用 Tomcat,数据库为 Mysql. 安装服务器所用操作系统及软件 如果电脑主机是 Windows 系列系统,则需要在其上安装虚拟机,在虚拟机 ...
- Linux常用命令下,以及再CentOS7下搭建apache网站服务,以及同一服务器上搭建第二个网站
Linux常用命令下,以及再CentOS7下搭建apache网站服务,以及同一服务器上搭建第二个网站 Linux 常用命令ls -l 以长格式显示-a 显示.. 和 .-A 不显示 . 和 ..-d ...
- Linux搭建web网站综合实验
综合练习:请给openlab搭建web网站 网站需求: 1.基于域名[www.openlab.com](http://www.openlab.com)可以访问网站内容为 welcome to open ...
- 基于Linux搭建Web网站
网站需求: 1.基于域名[www.openlab.com](http://www.openlab.com)可以访问网站内容为 welcome to openlab!!! 2.给该公司创建三个子界面分别 ...
- linux下给openlab搭建web网站
综合练习:请给openlab搭建web网站 网站需求: 1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!! 2.给该公司创建三个虚拟网站目录分别显 ...
- 如何用Linux系统搭建天堂2初章服务端
如何用Linux系统搭建天堂2初章服务端 准备 1,一台云服务器(这里用的是免费服务器-三丰云https://www.sanfengyun.com/) 2,天堂2初章服务端(这里用的是血玫瑰天堂2论坛 ...
- Linux系统的web管理工具——webmin搭建
Linux系统的web管理工具--webmin搭建 一.webmin介绍 二.添加webmin的yum仓库 三.检查yum仓库状态 三.安装webmin 1.添加GPG密钥 2.安装webmin 3. ...
最新文章
- 【原创】腾讯微博的XSS攻击漏洞
- TrueNorth:IBM的百万神经元类人脑芯片
- ARKit从入门到精通(10)-ARKit让飞机绕着你飞起来
- 09-CoreData iOS10.0变化
- 极简_Gradle多Module项目组建
- plsql例外_大例外背后的真相
- 零XML的Spring配置
- Kotlin 和 Flutter 对于开发者究竟意味着什么?
- 微型计算机普遍采用的数字编码是,计算机原理复习题1
- 别以为太简单!创建最好邮件营销内容的13个技巧
- 手机最好的html5浏览器,哪款浏览器最好用:六款主流手机浏览器横评
- 简单的文件内容繁简体甄别
- python dbf 修改_Python修改DBF文件指定列
- 生活已经离不开网络,家用路由器与工业路由器有哪些区别,必备知识看完就明白
- 普通话测试app怎么样可以不交钱_考了几次普通话,仍无法达到理想成绩?
- Spark Shell 的使用
- 矩阵模板 51nod 算法马拉松分解问题
- 3D max新增超级阵列功能Array !
- c语言整形符号位_C语言中整型无符号二进制数的表示问题
- 关于Delphi中使用正则表达式获取汉字的问题