实验一:使用 web 服务演示安全上下文值的设定
root@localhost \~\] # systemctl restart nginx 通过客户端测试,出现 403 状态码 # 修改自定义目录的安全上下文的值: \[root@localhost \~\] # chcon -t httpd_sys_content_t /www/ -R 也可以将自定义目录的安全上下文的值按照 /var/www/html 文件修改: \[root@localhost \~\] # chcon -R --reference=/usr/share/nginx/html/index.html /www 修改之后即可成功访问。 实验二:使用 web 服务端口的改变来演示端口的设定 \[root@localhost \~\] # vim /etc/httpd/conf.d/host.conf \[root@master-dns \~\] # cat /etc/nginx/conf.d/test_port.conf server { listen 192 .168.168.153:80; root /www/port/80; location / {} } server { listen 192 .168.168.153:10000; root /www/port/10000; location / {} } \[root@localhost \~\] # mkdir -pv /www/port/{80,10000} \[root@localhost \~\] # echo the port is 80 \> /www/port/80/index.html \[root@localhost \~\] # echo the port is 10000 \> /www/port/10000/index.html \[root@master-dns \~\] # systemctl restart nginx # 服务重启失败,查看日志 \[root@localhost \~\] # tail -f /var/log/messages # 添加 10000 端口为服务端口: \[root@localhost \~\] # semanage port -a -t http_port_t -p tcp 10000 \[root@master-dns \~\] # systemctl restart nginx \[root@master-dns \~\] # curl 192.168.168.153:10000 the port is 10000 # 测试可以访问成功 