网站需求：

1.基于域名[www.openlab.com]可以访问网站内容为 welcome to openlab!!!

2.给该公司创建三个子界面分别显示学生信息，教学资料和缴费网站，基于[www.openlab.com/student] 网站访问学生信息

[www.openlab.com/data]网站访问教学资料

[www.openlab.com/money]网站访问缴费网站

3.要求

    （1）学生信息网站只有song和tian两人可以访问，其他用户不能访问。

      (2）访问缴费网站实现数据加密基于https访问。

1.前提配置  关防火墙 关selinux

实验环境基于OpenEler Linux  搭建网站IP地址为192.168.188.129

[root@OpenElur ~]# systemctl stop firewalld
[root@OpenElur ~]# setenforce 0

2.安装web服务程序nginx

[root@localhost ~]# yum install -y httpd

3.配置nginx文件

实现基于域名基于域名[www.openlab.com]访问网站

[root@OpenElur ~]# vim /etc/nginx/conf.d/test_name.conf
配置结果如下
server{listen 192.168.188.129:80;root /www/name/openlab;server_name www.openlab.com;location / {}
}
//写入所要展示的信息
[root@OpenElur ~]# echo welcome openlab!!!!! > /www/name/openlab/index.html

还需要配置域名解析

[root@OpenElur ~]# cat /etc/hosts
# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
192.168.188.129  www.openlab.com//写入当前主机IP和域名配置[root@OpenElur ~]# curl www.openlab.com //检验实验结果1
welcome to openlab!!!!!

 创建子网站及信息以及限制用户访问

配置nginx中alias的基本文件实现子网站访问
[root@OpenElur ~]# vim /etc/nginx/conf.d/test_alias.conf
//配置结果如下
server{listen 192.168.188.129:80;root /www/name/openlab;server_name www.openlab.com;location /student{alias /openlab/student/;auth_basic on;//启动用户控制auth_basic_user_file /etc/nginx/users;//调用用户验证的文件夹}location /date{alias /openlab/date/;}location /money{alias /openlab/money/;}
}

创建可访问的用户和密码文件
[root@node1 ~]# htpasswd  -c /etc/nginx/users song
New password: 
Re-type new password: 
Adding password for user tom
[root@node1 ~]# htpasswd /etc/nginx/users tian
New password: 
Re-type new password: 
Adding password for user tom

创建供访问网站的文件并且写入信息
[root@node1 ~]# mkdir /openlab/student -pv 
[root@node1 ~]# echo student > /openlab/student/index.html
[root@node1 ~]# mkdir /openlab/date -pv 
[root@node1 ~]# echo date > /openlab/date/index.html
[root@node1 ~]# mkdir /openlab/money -pv 
[root@node1 ~]# echo money > /openlab/money/index.html
//检验实验2结果
[root@OpenElur ~]# curl http://www.openlab.com/date/
date

https加密缴费网站

[root@OpenElur ~]# vim /etc/nginx/conf.d/test_https.conf
//配置结果如下
server{listen 192.168.188.129:443 ssl;root /openlab/money/;ssl_certificate /etc/pki/tls/certs/openlab.crt;ssl_certificate_key /etc/pki/tls/private/openlab.key;location /{index index.html}
}

[root@OpenElur ~]# openssl req -utf8 -new -key openlab.key -x509 -days 365 -out openlab.crt
Could not read private key from openlab.key
[root@OpenElur ~]# openssl genrsa -out /etc/pki/tls/private/openlab.key
[root@OpenElur ~]# openssl req -utf8 -new -key /etc/pki/tls/private/openlab.key -x509 -days 365 -out /etc/pki/tls/certs/openlab.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:86
State or Province Name (full name) [Some-State]:chengdu
Locality Name (eg, city) []:sc
Organization Name (eg, company) [Internet Widgits Pty Ltd]:open
Organizational Unit Name (eg, section) []:ce
Common Name (e.g. server FQDN or YOUR name) []:rjw
Email Address []:admin
[root@OpenElur ~]# curl https://www.openlab.com/money/ -k
[root@OpenElur ~]# money//实验结果验证3