基于nginx的openlab的网站配置

一、题目

网站需求：
1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!!
2.给该公司创建三个子界面分别显示学生信息，教学资料和缴费网站，基于www.openlab.com/student 网站访问学生信息，www.openlab.com/data网站访问教学资料
www.openlab.com/money网站访问缴费网站。
3.要求 （1）访问该网站http请求都通过https响应。
（2）学生信息网站只有song和tian两人可以访问，其他用户不能访问。

二、工具和环境设置

[root@localhost ~]# systemctl stop firewalld.service #关闭防火墙
[root@localhost ~]# rpm -qa |grep nginx #查看nginx是否安装
nginx-filesystem-1.20.1-20.el9.noarch
nginx-core-1.20.1-20.el9.x86_64
nginx-1.20.1-20.el9.x86_64

三、配置指令

1.基于域名www.openlab.com可以访问网站内容为 welcome to openlab!!!

创建主页面和子页面文件夹和内容

[root@localhost ~]# mkdir -p /www/openlab
[root@localhost ~]# mkdir /www/openlab/student
[root@localhost ~]# mkdir /www/openlab/data
[root@localhost ~]# mkdir /www/openlab/money

[root@localhost ~]# echo "welcome to openlab!" >> /www/openlab/index.html
[root@localhost ~]# echo "data" >> /www/openlab/data/index.html
[root@localhost ~]# echo "money" >> /www/openlab/money/index.html
[root@localhost ~]# echo "student" >> /www/openlab/student/index.html

3.1建立主站

进入nginx配置文件

[root@localhost ~]# vim /etc/nginx/nginx.conf

保存退出，重启nginx

查看nginx进程

[root@localhost ~]# ps -ef | grep nginx

3.2子站/data

在server内追加以下内容

location     /data {alias   /www/openlab/data; #访问data子目录时，映射到的文件的绝对路径index   index.html      index.htm; #设置文件类型}    

3.3子站/student

/student需要加密，先安装阿帕奇工具箱

[root@localhost ~]# yum install httpd-tools -y

新建用户wy，密码123456

新建用户cxk，密码123456

设置网页访问密码

进入配置文件

在server内追加

        location        /student{alias   /www/openlab/student;index   index.html      index.htm;auth_basic      "Please input password";auth_basic_user_file    /www/openlab/student/passwd;}

3.4子站/money

生成私钥

[root@localhost ~]# openssl genrsa -aes128 2048 > /www/openlab/money/money.key
123456
123456

制作证书

[root@localhost ~]# openssl req -utf8 -new -key /www/openlab/money/money.key -x509 -days 365 -out /www/openlab/money/money.crt

Enter pass phrase for /www/openlab/money/money.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:jiangsu
Locality Name (eg, city) [Default City]:nanjing
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:dev
Common Name (eg, your name or your server's hostname) []:nodel1
Email Address []:123456@163.com

进入配置文件

[root@localhost ~]# vim /etc/nginx/nginx.conf

        server{listen  443 ssl http2;server_name     www.openlab.com;location        /money{alias   /www/openlab/money;index   index.html      index.htm;}ssl_certificate         "/www/openlab/money/money.crt";ssl_certificate_key     "/www/openlab/money/money,key.org";}

私钥密码去除，nginx不然不认识

[root@localhost ~]# cp /www/openlab/money/money.key /www/openlab/money/money.key.org
[root@localhost ~]# openssl rsa -in /www/openlab/money/money.key -out /www/openlab/money/money.key.org 

重启nginx

四、检验