配置自签证书多域名的动态网站+部署http的repo仓库+基于nfs与yum仓库的http部署
1.配置自签证书多域名的动态网站
1.1配置自签证书
1.1.1配置仓库
[root@apache ~]# vim /etc/yum.repos.d/epel.repo
[epel]
name=epel
baseurl=https://mirrors.aliyun.com/epel/9/Everything/x86_64/
gpgcheck=0
1.1.2安装easy-rsa工具(用于生成和管理SSL证书)
#安装easy-rsa用于生成和管理SSL证书
[root@apache ~]# yum install easy-rsa -y
#进入easy-rsa的工作目录
[root@apache ~]# cd /usr/share/easy-rsa/3.2.1/1.1.3初始化证书目录结构
#创建pki目录及子目录,用于存放证书相关文件
[root@apache 3.2.1]# ./easyrsa init-pki1.1.4查看初始化后的目录结构
#查看初始化后的目录结构
[root@apache 3.2.1]# tree pki/
pki/
├── inline #存放内联格式的证书文件(证书+私钥合并文件)
├── issued #存放已签发的服务器/客户端证书
├── private #存放私钥文件(重要,需保密)
├── reqs #存放证书请求文件(CSR)
└── vars.example #证书配置模板(可自定义证书默认信息)1.1.5生成CA根证书
[root@apache 3.2.1]# ./easyrsa build-ca nopass
#输入CA的通用名称(Common Name),此处设置为jun.com(可自定义,用于标识CA)
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:jun.com1.1.6为www.king.com生成私钥和证书请求文件
#为www.king.com生成私钥和证书请求文件
[root@apache 3.2.1]# ./easyrsa gen-req www.king.com nopass
Your files are:
* req: /usr/share/easy-rsa/3.2.1/pki/reqs/www.king.com.req #www.king.com的证书请求
* key: /usr/share/easy-rsa/3.2.1/pki/private/www.king.com.key #对应私钥
1.1.7为www.jeams.org生成私钥和证书请求文件
#为www.jeams.org生成私钥和证书请求文件
[root@apache 3.2.1]# ./easyrsa gen-req www.jeams.org nopass
Your files are:
* req: /usr/share/easy-rsa/3.2.1/pki/reqs/www.jeams.org.req # www.jungle.org的证书请求
* key: /usr/share/easy-rsa/3.2.1/pki/private/www.jeams.org.key # 对应私钥
1.1.8使用CA根证书签发www.king.com
[root@apache 3.2.1]# ./easyrsa sign-req server www.king.com
#确认证书信息,输入yes继续
Type the word 'yes' to continue, or any other input to abort.Confirm requested details: yes #确认签发1.1.9使用CA根证书签发www.jeams.org
[root@apache 3.2.1]# ./easyrsa sign-req server www.jeams.org
# 确认证书信息,输入yes继续
Type the word 'yes' to continue, or any other input to abort.Confirm requested details: yes #确认签发1.2配置虚拟主机
1.2.1安装所需软件
[root@apache ~]# yum install mod_ssl php httpd php-fpm -y1.2.2编写配置文件
[root@apache ~]# vim /etc/httpd/conf.d/name-php.conf
DocumentRoot /www/king
ServerName www.king.com
<directory /www/king>
DirectoryIndex index.html #设置默认首页文件为index.html
allowoverride none #禁止使用.htaccess文件覆盖当前配置
require all granted #允许所有客户端访问该目录
</directory>
</virtualhost><virtualhost *:443> #绑定443端口,HTTPS默认端口
SSLEngine on
#SSL证书相关配置
SSLCertificateFile /usr/share/easy-rsa/3.2.1/pki/issued/www.jeams.org.crt #服务器证书文件(公钥)
SSLCertificateKeyFile /usr/share/easy-rsa/3.2.1/pki/private/www.jeams.org.key #服务器私钥文件
SSLCACertificateFile /usr/share/easy-rsa/3.2.1/pki/ca.crt #CA根证书(用于客户端验证服务器证书)
DocumentRoot /www/jeams
ServerName www.jeams.org
<directory /www/jeams>
DirectoryIndex index.html
allowoverride none
require all granted
</directory>
</virtualhost>
1.2.3创建目录并编写内容到文件里
[root@apache 3.2.1]# mkdir -p /www/{king,jeams}
[root@apache 3.2.1]# echo "king,this for you" > /www/king/index.html
[root@apache 3.2.1]# echo "jeams,this for you" > /www/jeams/index.html1.2.4检测并重启
[root@apache ~]# httpd -t
Syntax OK
[root@apache ~]# systemctl restart httpd php-fpm1.2.5测试
a.www.king.com(输入https:/www.king.com)
可以看到当前网站的上一层CA机构信息
b.www.jeams.org(输入https://www.jeams.org)
可以看到当前网站的上一层CA机构信息
2.部署http的repo仓库
2.1安装所需软件
[root@apache ~]# yum install httpd -y2.2创建repo目录及子目录
[root@apache ~]# mkdir /repo/{rhel,centos,ubuntu,rocky,openEuler}
[root@apache ~]# tree /repo/
[root@apache ~]# mkdir /repo/rhel/{7.9,9.1}2.3编辑配置文件
[root@apache ~]# vim /etc/httpd/conf.d/repo.conf
<directory /repo>
DirectoryIndex disabled #禁用默认的索引文件index.html
5
options indexes followsymlinks #indexes表示显示目录内容列表,followsymlinks表示追踪软链接
6
allowoverride none #none表示不允许读取.htaccess文件中设置的options值,实践中不要使用.htaccess文件,会降低性能
7
require all granted #允许所有主机通过
</directory>
<VirtualHost 192.168.75.184> #绑定特定IP,默认使用80端口(http)DocumentRoot /repo #指定网站文件存放路径
</VirtualHost>注意:做这个之前要将欢迎界面删除或改名使其失效
[root@apache ~]# mv /etc/httpd/conf.d/welcome.conf {,.bak}2.4测试并重启
[root@apache ~]# httpd -t
Syntax OK
[root@apache ~]# systemctl restart httpd2.5添加光盘
点击虚拟机并打开设置
点击添加光盘
点击确定
2.6挂载关盘到repo目录下所对应的文件
#将rhel9.1挂载到对应的目录
[root@apache ~]# mount /dev/sr0 /repo/rhel/9.1
#将rhel7.9挂载到对应的目录
[root@apache ~]#mount /dev/sr1 /repo/rhel/7.9
#将centos挂载到对应的目录
[root@apache ~]#mount /dev/sr2 /repo/centos/
#将ubuntu挂载到对应的目录
[root@apache ~]#mount /dev/sr3 /repo/ubuntu/
#将openEuler挂载到对应的目录
[root@apache ~]#mount /dev/sr4 /repo/openEuler/2.7测试
2.7.1Windows端测试
在浏览器输入IP地址
2.7.2Linux端测试(rhel7上测试)
a.配置yum仓库
[root@master yum.repos.d]# vi /etc/yum.repos.d/rhel7.repo
[rhel7]
name=rhel7
baseurl=http://192.168.75.184/rhel/7.9/
gpgcheck=0
b.清除缓存
[root@master yum.repos.d]# yum clean all
Loaded plugins: product-id, search-disabled-repos, subscription-managerThis system is not registered with an entitlement server. You can use subscription-manager to register.Cleaning repos: rhel7
[root@master yum.repos.d]# yum makecache
Loaded plugins: product-id, search-disabled-repos, subscription-managerThis system is not registered with an entitlement server. You can use subscription-manager to register.rhel7 | 2.8 kB 00:00:00
(1/5): rhel7/group | 628 kB 00:00:00
(2/5): rhel7/primary | 2.1 MB 00:00:00
(3/5): rhel7/filelists | 3.1 MB 00:00:00
(4/5): rhel7/group_xz | 95 kB 00:00:00
(5/5): rhel7/other | 1.1 MB 00:00:00
rhel7 5230/5230
rhel7 5230/5230
rhel7 5230/5230
Metadata Cache Created
c.验证
[root@master yum.repos.d]# yum install httpd -y
Loaded plugins: product-id, search-disabled-repos, subscription-managerThis system is not registered with an entitlement server. You can use subscription-manager to register.Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-95.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-95.el7 for package: httpd-2.4.6-95.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-95.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-95.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-95.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-7.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-95.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency ResolutionDependencies Resolved=======================================================================================================Package Arch Version Repository Size
=======================================================================================================
Installing:httpd x86_64 2.4.6-95.el7 rhel7 1.2 M
Installing for dependencies:apr x86_64 1.4.8-7.el7 rhel7 104 kapr-util x86_64 1.5.2-6.el7 rhel7 92 khttpd-tools x86_64 2.4.6-95.el7 rhel7 93 kmailcap noarch 2.1.41-2.el7 rhel7 31 kTransaction Summary
=======================================================================================================
Install 1 Package (+4 Dependent packages)Total download size: 1.5 M
Installed size: 4.3 M
Downloading packages:
(1/5): apr-1.4.8-7.el7.x86_64.rpm | 104 kB 00:00:00
(2/5): httpd-2.4.6-95.el7.x86_64.rpm | 1.2 MB 00:00:00
(3/5): httpd-tools-2.4.6-95.el7.x86_64.rpm | 93 kB 00:00:00
(4/5): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00:00
(5/5): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00
-------------------------------------------------------------------------------------------------------
Total 17 MB/s | 1.5 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transactionInstalling : apr-1.4.8-7.el7.x86_64 1/5 Installing : apr-util-1.5.2-6.el7.x86_64 2/5 Installing : httpd-tools-2.4.6-95.el7.x86_64 3/5 Installing : mailcap-2.1.41-2.el7.noarch 4/5 Installing : httpd-2.4.6-95.el7.x86_64 5/5 Verifying : httpd-tools-2.4.6-95.el7.x86_64 1/5 Verifying : mailcap-2.1.41-2.el7.noarch 2/5 Verifying : apr-1.4.8-7.el7.x86_64 3/5 Verifying : httpd-2.4.6-95.el7.x86_64 4/5 Verifying : apr-util-1.5.2-6.el7.x86_64 5/5 Installed:httpd.x86_64 0:2.4.6-95.el7 Dependency Installed:apr.x86_64 0:1.4.8-7.el7 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-95.el7 mailcap.noarch 0:2.1.41-2.el7 Complete!
3.基于nfs与yum仓库的http部署
| 主机 | IP |
| apache(服务端) | 192.168.75.184 |
| server(客户端) | 192.168.75.151 |
3.1安装nfs-utils(服务端和客户端都要安装)
[root@apache ~]# yum install nfs-utils -y
3.2自建yum仓库
3.2.1下载httpd及其所有依赖包
#download只下载不安装httpd软件包,--resolve是解决依赖
[root@apache ~]# yum download httpd --resolve --destdir /yum_repo/httpd/Packages3.2.2查看结构
[root@apache ~]# tree /yum_repo/httpd/
/yum_repo/httpd/
└── Packages├── apr-1.7.0-11.el9.x86_64.rpm├── apr-util-1.6.1-23.el9.x86_64.rpm├── apr-util-bdb-1.6.1-23.el9.x86_64.rpm├── apr-util-openssl-1.6.1-23.el9.x86_64.rpm├── httpd-2.4.57-5.el9.x86_64.rpm├── httpd-core-2.4.57-5.el9.x86_64.rpm├── httpd-filesystem-2.4.57-5.el9.noarch.rpm├── httpd-tools-2.4.57-5.el9.x86_64.rpm├── mod_http2-1.15.19-5.el9.x86_64.rpm├── mod_lua-2.4.57-5.el9.x86_64.rpm└── redhat-logos-httpd-90.4-2.el9.noarch.rpm
# createrepo为一堆 RPM 软件包创建一个元数据仓库(repodata/目录),使其成为一个可被 yum或 dnf包管理器识别和使用的正式软件仓库。3.2.3安装createrepo并执行
[root@apache ~]# yum install createrepo_c -y
[root@apache ~]# createrepo /yum_repo/httpd/3.2.4查看拉去到的httpd包
[root@apache ~]# tree -L 1 /yum_repo/httpd/
/yum_repo/httpd/
├── Packages
└── repodata3.2.5编辑httpd库
[root@apache ~]# vim /etc/yum.repos.d/httpd.repo
[httpd]
name=httpd
baseurl=file:///yum_repo/httpd
gpgcheck=03.2.6查看是否有Packages和repodata
[root@apache ~]# ll /yum_repo/httpd3.3编辑配置文件并检测重启
3.3.1编辑配置文件
[root@apache ~]# vim /etc/httpd/conf.d/repo.conf
<directory /yum_repo>
DirectoryIndex disabled #禁用默认的索引文件index.html
5
options indexes followsymlinks #indexes表示显示目录内容列表,followsymlinks表示追踪软链接
6
allowoverride none #none表示不允许读取.htaccess文件中设置的options值,实践中不要使用.htaccess文件,会降低性能
7
require all granted #允许所有主机通过
</directory>
<VirtualHost 192.168.75.184:80>DocumentRoot /yum_repo
</VirtualHost>3.3.2检测并重启
[root@apache ~]# httpd -t
Syntax OK
[root@apache ~]# systemctl restart httpd3.3.3在浏览器输入IP地址
注意:要将欢迎界面备份,使其失效
[root@apache ~]# mv /etc/httpd/conf.d/welcome.conf {,.bak}3.4编辑nfs配置文件
[root@apache ~]# vim /etc/exports
/yum_repo/httpd *(rw,sync,all_squash)各参数解释:
#*表示允许所有客户端访问
#rw:读写权限
#sync:同步模式
#all_squash:将所有访问的客户端用户映射为匿名用户3.5重启服务(必须要先重启rpcbind在重启nfs服务)
[root@apache ~]# systemctl enable --now rpcbind
[root@apache ~]# systemctl enable --now nfs-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
3.6客户端查看是否收到
[root@server ~]# showmount -e 192.168.75.184
Export list for 192.168.75.184:
/yum_repo/httpd *
3.7创建文件并挂载服务端发来的文件
[root@server ~]# mkdir /httpd
[root@server ~]# mount -t nfs 192.168.75.184:/yum_repo/httpd /httpd
[root@server ~]# cd /httpd/
[root@server httpd]# ls
Packages repodata
3.8编写客户端yum仓库
[root@server yum.repos.d]# vim httpd.repo
[httpd]
name=httpd
baseurl=http://192.168.75.184/httpd #httpd包所对应的路径
gpgcheck=0
3.9清除缓存
[root@server yum.repos.d]# yum makecache
正在更新 Subscription Management 软件仓库。
无法读取客户身份本系统尚未在权利服务器中注册。可使用 subscription-manager 进行注册。httpd 1.9 MB/s | 3.0 kB 00:00
元数据缓存已建立。
3.10测试
[root@server yum.repos.d]# yum install httpd -y
正在更新 Subscription Management 软件仓库。
无法读取客户身份本系统尚未在权利服务器中注册。可使用 subscription-manager 进行注册。httpd 62 kB/s | 1.4 kB 00:00
依赖关系解决。
无需任何处理。
完毕!