虚拟主机示例
安装 Nginx 并搭建基础服务
#安装 Nginx(相当于 “租下一栋楼开便利店”)[root@server ~ 15:10:56]# yum -y install nginx[root@server ~ 15:13:26]# systemctl enable nginx --now#备份并替换默认首页[root@server ~ 15:13:59]# mv /usr/share/nginx/html/index.html{,.ori}[root@server ~ 15:14:23]# echo Hello World From Nginx > /usr/share/nginx/html/index.html#配置防火墙[root@server ~ 15:15:15]# systemctl start firewalld.service [root@server ~ 15:15:39]# firewall-cmd --add-service=http --permanentsuccess[root@server ~ 15:15:42]# firewall-cmd --reloadsuccess配置虚拟主机
[root@server html 15:53:45]# yum install -y httpd#查看 Nginx 配置和用户[root@server ~ 15:54:37]# cd /etc/nginx/[root@server nginx 15:55:17]# vim nginx.conf[root@server nginx 15:56:04]# id nginxuid=998(nginx) gid=996(nginx) 组=996(nginx)[root@server nginx 15:56:06]# grep nginx /etc/passwdnginx:x:998:996:Nginx web server:/var/lib/nginx:/sbin/nologin#复制模板[root@server ~ 16:25:34]# cd /etc/nginx/[root@server nginx 16:25:51]# vim nginx.conf================================================================server {listen 80;listen [::]:80;server_name _;root /usr/share/nginx/html;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;error_page 404 /404.html;location = /404.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}================================================================#编辑新文件[root@server conf.d 16:20:54]# vim vhost-web1.conf[root@server conf.d 16:21:22]# vim vhost-web2.conf#分别写入================================================================#web1server {listen 80;listen [::]:80;server_name web1.lyk.cloud;root /website/web1.lyk.cloud;include /etc/nginx/default.d/*.conf;}#web2server {listen 80;listen [::]:80;server_name web2.lyk.cloud;root /website/web2.lyk.cloud;include /etc/nginx/default.d/*.conf;}================================================================#创建网站目录和首页[root@server nginx 16:07:51]# mkdir -p /website/web1.lyk.cloud[root@server nginx 16:08:07]# cd /website[root@server website 16:08:19]# lsweb1.lyk.cloud#web1/2写入内容root@server website 16:08:20]# echo hello 111 > web1.lyk.cloud/index.html[root@server website 16:09:21]# cp -r web1.lyk.cloud web2.lyk.cloud[root@server website 16:09:50]# echo hello 222 > web2.lyk.cloud/index.html[root@server website 16:10:11]# systemctl restart nginx.service #网络访问http://web1.lyk.cloud显示hello 111#网络访问http://web2.lyk.cloud显示hello 222#配置本地 hosts# C:\Windows\System32\drivers\etc 的host增加解析10.1.8.10 web1.lyk.cloud10.1.8.10 web2.lyk.cloud
配置SSL/TLS
生成证书
SSL/TLS 证书能让网站通过
https://访问(加密传输,相当于 “给分店装防盗门,顾客信息加密传递”)。
#生成 SSL 证书,openssl genrsa生成 2048 位的 RSA 私钥(www.key),用于加密数据[root@server ~ 16:51:47]# openssl genrsa -out www.key 2048Generating RSA private key, 2048 bit long modulus..................+++.......................................+++e is 65537 (0x10001)#生成证书签名请求[root@server ~ 16:52:02]# openssl req -new -key www.key -out www.csr -subj "/C=CN/ST=JS/L=NJ/O=LM/OU=DEVOPS/CN=www.lyk.cloud/emailAddress=lyk@lyk.cloud" [root@server ~ 17:05:50]# lsanaconda-ks.cfg inventory.dump www.csr www.key[root@server ~ 17:06:06]# openssl x509 -req -days 3650 -in www.csr -signkey www.key -out www.crtSignature oksubject=/C=CN/ST=JS/L=NJ/O=LM/OU=DEVOPS/CN=www.lyk.cloud/emailAddress=lyk@lyk.cloudGetting Private key[root@server ~ 17:12:22]# ls /etc/pki/nginx/ls: 无法访问/etc/pki/nginx/: 没有那个文件或目录#存放证书[root@server ~ 17:12:25]# mkdir -p /etc/pki/nginx[root@server ~ 17:14:19]# cp www.crt /etc/pki/nginx/www.crt[root@server ~ 17:15:51]# ls /etc/pki/nginx/private[root@server ~ 17:16:05]# mkdir -p /etc/pki/nginx/private[root@server ~ 17:16:25]# cp www.key /etc/pki/nginx/private/www.key#新建vhost-ssl.conf[root@server ~ 17:19:42]# vim /etc/nginx/conf.d/vhost-ssl.confserver {listen 443 ssl http2; #监听443端口(HTTPS默认端口),启用SSL和HTTP/2listen [::]:443 ssl http2;server_name www.lyk.cloud; # 要加密的域名root /usr/share/nginx/html; # 网站目录# 指定证书和私钥位置ssl_certificate "/etc/pki/nginx/www.crt";ssl_certificate_key "/etc/pki/nginx/private/www.key";}#重启 Nginx 生效[root@server ~ 17:35:09]# systemctl stop firewalld.service[root@server ~ 17:21:39]# systemctl restart nginx.service