http

13. 配置server0 Web服务,网站wwwX.example.com。拒绝cracker.com域 访问。

网页文件:http://classroom.example.com/content/exam/webs/www.html

注:命名为index.html,勿修改网页内容

14. 配置server0 Web服务,网站wwwX.example.com启用TLS加密。TLS certificate http://classroom/pub/tls/certs/wwwX.crt

TLS private key http://classroom/pub/tls/private/wwwX.key

TLS CA certificate http://classroom/pub/example-ca.crt

15. 配置server0 Web服务,网站serverX.example.com,网站目录为/var/www/virtual

网页文件:http://classroom.example.com/pub/webs/server.html

注:命名为index.html,勿修改网页内容

16. 配置server0 Web服务,网站webappX.example.com,端口为8888/tcp

Python application

http://classroom.example.com/content/exam/webs/webapp.wsgi

17. 配置server0 Web服务,http://serverX.example.com/private,仅允许从server0访问。

网页文件:http://classroom.example.com/content/exam/webs/private.html

注:命名为index.html,勿修改网页内容

 

 

13

server0

yum -y install httpd mod_ssl mod_wsgi

wget -O /root http://classroom.example.com/content/exam/webs/www.html 

cp /root/www.html /var/www/html/index.html                                                   #copy yes change name

vim /etc/httpd/conf.d/www0.example.com

<Virtualhost   *:80>

       DocumentRoot    /var/www/html

        ServerName        www0.example.com

</Virtualhost>

 

 

<Directory    /var/www/html>

            <RequireAll>

               Require all granted

               Require not ip 172.24.0.0/16

            </RequireAll>

</Directory>

systemctl enable httpd

systemctl start httpd

firewall-cmd --permanent --add-service=http

firewall-cmd --reload

restorecon -RFvv /var/www

firefox &            #test client

 

14

server0

cd /etc/httpd

wget http://classroom/pub/tls/private/www0.key

wget http://classroom/pub/example-ca.crt

wget http://classroom/pub/tls/certs/www0.crt

vim /etc/httpd/conf.d/www0.example.com

<VirtualHost *:443>

        DocumentRoot /var/www/html

        servername   www0.example.com

        SSLEngine on

        SSLProtocol all -SSLv2

        SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

        SSLHonorCipherOrder on

        SSLCertificateFile /etc/httpd/www0.crt

        SSLCertificateKeyFile  /etc/httpd//www0.key

        SSLCACertificateFile  /etc/httpd/example-ca.crt

</VirtualHost>

httpd -t

systemctl reload httpd

firefox &           #test

 

15

server0

wget -O /root http://classroom.example.com/pub/webs/server.html

mkdir /var/www/virtual

cp /root/server.html    /var/www/virtual/index.html

vim /etc/httpd/conf.d/server0.conf

<Virtualhost    *:80>

        DocumentRoot /var/www/virtaul

        Servername    server0.example.com

</Virtualhost>

 

<Directory    /var/www/virtual>

    Require all granted

</Directory>

restorecon -RFvv /var/www

systemctl reload httpd

firefox &                 

 

16

server0

wget -O /root http://classroom.example.com/content/exam/webs/webapp.wsgi

mkdir /var/www/webapp0

cp /root/webapp.wsgi /var/www/webapp0/                                #copy no change name

vim /etc/httpd/conf.d/webapp0.conf

Listen 8888

<Virtualhost    *:8888>

    WSGIScriptAlias  /    /var/www/webapp0/webapp.wsgi

    Servername    webapp0.example.com

</Virtualhost>

restorecon -RFvv /var/www

firewall-cmd --permanent --add-ports=8888/tcp

firewall-cmd --reload

semanage port -l |grep -l                                                                          #list port label 

semanage port -a -t http_port_t -p tcp 8888

systemctl restart httpd

firefox &                         

 

17 

mkdir /var/www/virtual/private

wget -O /root  http://classroom.example.com/content/exam/webs/private.html

cp /root/private.html  /var/www/virtual/private/index.html          #static default index.html

vim /etc/httpd/conf.d/server0.conf

<Directory /var/www/virtual/private>

    Require local 

</Directory>

restorecon -RFvv /var/www

systemctl restart httpd

firefox &                 #server  test