RHCE 配置文件

配置文件

  • 配置文件
    • [1.1 配置基于主机名的 Web 服务器](#1.1 配置基于主机名的 Web 服务器)
    • [1.2 配置基于端口的 Web 服务器](#1.2 配置基于端口的 Web 服务器)
    • [1.3 配置基于IP地址的 Web 服务器](#1.3 配置基于IP地址的 Web 服务器)
    • [1.4 配置账号验证访问](#1.4 配置账号验证访问)
    • [1.5 配置 https 加密服务](#1.5 配置 https 加密服务)

配置文件

配置文件vim里面内容时,用空格分割

powershell 复制代码
#寻找配置文件
[root@localhost ~]# rpm -ql nginx
/usr/bin/nginx-upgrade
/usr/lib/systemd/system/nginx.service
/usr/share/man/man3/nginx.3pm.gz
/usr/share/man/man8/nginx-upgrade.8.gz
/usr/share/man/man8/nginx.8.gz
/usr/share/nginx/html/404.html
/usr/share/nginx/html/50x.html
/usr/share/nginx/html/icons
/usr/share/nginx/html/icons/poweredby.png
/usr/share/nginx/html/index.html
/usr/share/nginx/html/nginx-logo.png
/usr/share/nginx/html/poweredby.png
/usr/share/nginx/html/system_noindex_logo.png
/usr/share/vim/vimfiles/ftdetect/nginx.vim
/usr/share/vim/vimfiles/ftplugin/nginx.vim
/usr/share/vim/vimfiles/indent/nginx.vim
/usr/share/vim/vimfiles/syntax/nginx.vim
#查找安装历史命令
[root@localhost ~]# dnf history 
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

ID     | Command line                                    | Date and time    | Action(s)      | Altered
------------------------------------------------------------------------------------------------------
     9 | install nginx -y                                | 2024-10-27 23:00 | Install        |    3   
     8 | install rpcgen                                  | 2024-10-19 21:48 | Install        |    1  <
     7 | install -y ncurses-devel                        | 2024-10-19 21:43 | Install        |    2 > 
     6 | install openssl-devel                           | 2024-10-19 21:42 | Install        |    1   
     5 | install gcc-toolset-13-gcc gcc-toolset-13-gcc-c | 2024-10-19 21:39 | Install        |   15   
     4 | install cmake                                   | 2024-10-19 21:35 | Install        |    5   
     3 | install vsftpd -y                               | 2024-10-19 21:28 | Install        |    1   
     2 | install httpd -y                                | 2024-10-19 21:21 | Install        |   11   
     1 |                                                 | 2024-10-13 20:06 | Install        | 1256 EE
powershell 复制代码
[root@localhost ~]# ll /etc/nginx
total 68
drwxr-xr-x. 2 root root    6 Oct 11  2023 conf.d
drwxr-xr-x. 2 root root    6 Oct 11  2023 default.d
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf.default
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params.default
-rw-r--r--. 1 root root 2837 Oct 11  2023 koi-utf
-rw-r--r--. 1 root root 2223 Oct 11  2023 koi-win
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types.default
-rw-r--r--. 1 root root 2334 Oct 11  2023 nginx.conf
-rw-r--r--. 1 root root 2656 Oct 11  2023 nginx.conf.default
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params.default
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params.default
-rw-r--r--. 1 root root 3610 Oct 11  2023 win-utf
[root@localhost ~]# rpm -qf /etc/nginx/nginx.conf (主配置文件:nginx.conf)
nginx-core-1.20.1-14.el9_2.1.x86_64   #这个软件包提供了配置文件
powershell 复制代码
[root@localhost ~]# cd /etc/nginx/
[root@localhost nginx]# ll
total 68
drwxr-xr-x. 2 root root    6 Oct 11  2023 conf.d
drwxr-xr-x. 2 root root    6 Oct 11  2023 default.d
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf.default
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params.default
-rw-r--r--. 1 root root 2837 Oct 11  2023 koi-utf
-rw-r--r--. 1 root root 2223 Oct 11  2023 koi-win
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types #默认的
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types.default
-rw-r--r--. 1 root root 2334 Oct 11  2023 nginx.conf
-rw-r--r--. 1 root root 2656 Oct 11  2023 nginx.conf.default
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params.default
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params.default
-rw-r--r--. 1 root root 3610 Oct 11  2023 win-utf

排错

在重启服务时,亮红报错,复制报错信息,查看错误情况(左右键查看更多内容)

如果服务起不了,用这个命令查看服务状态
systemctl status niginx 
服务启动以后,工作是否正常
netstat -lutup | grep nginx
查看错误日志
cat /var/log/nginx/200/error.log
cat /var/log/nginx/200/error.log(访问日志)
在主服务器里面查看错误日志
tail -f /var/log/nginx/error.log

1.1 配置基于主机名的 Web 服务器

主机名:

www.baidu.com

www.360.com

www.qq.com

域:

baidu.com

vim编辑器

命令模式:

这是 vim 进入后的默认模式。在这个模式下,可以执行如下的命令:

光标跳转:
1. 通过上下左右键来进行移动
2. gg 用于回到文件开头(连续按两次 g 键)
3. G 用于回到文件的结尾(shift + g)
4. 将当前光标所在位置移动到行首和行尾按^(行首)和$(行尾)
5. 按单词进行向后移动,按 w,如果希望按单词几前则按 b
复制:esc,yy复制,esc,p粘贴,esc,dd删除
1. yy表示复制,nyy表示复制 n 行(从光标所以位置向后计算)
2. p表示粘贴所复制的内容
删除:
1. u表示撤销当前的操作
2. dd表示删除光标所在行,ndd表示删除从光标所在行向后计算 n 行,dG 表示从当前光标删除后最后,dgg表示从当前光标删除到最前

enforcing,强制模式

permissive,宽容模式,违反 SELinux 规则的行为只会记录到日志中。一般为调试用。

disabled,关闭 SELinux

1 启用

0 告警,不启用

powershell 复制代码
[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --reload 
success
[root@localhost ~]# setenforce 0 #setenforce是Linux的selinux防火墙配置命令,执行setenforce 0 表示关闭selinux防火墙。
[root@localhost ~]# ll /etc
total 1348
...
drwxr-xr-x.  2 root root        28 Oct 13 20:07 highlight
-rw-r--r--.  1 root root         9 Jun 23  2020 host.conf
-rw-r--r--.  1 root root         1 Oct 13 20:13 hostname
-rw-r--r--.  1 root root       158 Jun 23  2020 hosts
drwxr-xr-x.  2 root root        24 Oct 13 20:06 hp
drwxr-xr-x.  5 root root       105 Oct 19 21:21 httpd
...
[root@localhost ~]# vim /etc/hosts

[No write since last change]
/bin/bash: line 1: q: command not found

shell returned 127

Press ENTER or type command to continue
[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 0
[root@localhost conf.d]# vim com.conf
[root@localhost conf.d]# cat com.conf
server {
	server_name  www.example.com;
	root         /var/www/example.com/;
	access_log   /var/log/nginx/example.com/access.log;
	error_log    /var/log/nginx/example.com/error.log;
}
[root@localhost conf.d]# cat com.conf > net.conf
[root@localhost conf.d]# vim net.conf
[root@localhost conf.d]# cat net.conf
server {
	server_name  www.example.net;
	root         /var/www/example.net/;
	access_log   /var/log/nginx/example.net/access.log;
	error_log    /var/log/nginx/example.net/error.log;
}
[root@localhost conf.d]# ll /var
total 16
...
drwxr-xr-x. 17 root root 4096 Oct 29 21:13 log
...
drwxr-xr-x.  4 root root   33 Oct 19 21:21 www
drwxr-xr-x.  2 root root    6 Aug 10  2021 yp
[root@localhost conf.d]# mkdir -p /var/www/example.com/
[root@localhost conf.d]# mkdir /var/www/example.net/
[root@localhost conf.d]# echo example.com > /var/www/example.com/index.html
[root@localhost conf.d]# echo example.net > /var/www/example.net/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/example.com
[root@localhost conf.d]# mkdir /var/log/nginx/example.net
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl www.example.com
example.com
[root@localhost conf.d]# curl www.example.net
example.net

getenforce命令可以在Linux下查看是否开启了SELinux
设置为宽容模式:setenforce 0 (临时关闭,重启后失效)

设置为强制模式 :setenforce 1

设置为禁用模式:需要执行 vim /etc/selinux/config 打开selinux配置文件,将SELINUX=enforcing改为SELINUX=disabled,保存后退出,重启


1.2 配置基于端口的 Web 服务器

shell 复制代码
[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 8
-rw-r--r--. 1 root root 184 Oct 29 21:37 com.conf
-rw-r--r--. 1 root root 184 Oct 29 21:39 net.conf
[root@localhost conf.d]# vim 9091.conf
[root@localhost conf.d]# cat 9091.conf
server {
	listen    9091;
	server_name  _;
	root         /var/www/9091/;
	access_log   /var/log/nginx/9091/access.log;
	error_log    /var/log/nginx/9091/error.log;
}
[root@localhost conf.d]# mkdir /var/www/9091/
[root@localhost conf.d]# mkdir /var/www/9092/
[root@localhost conf.d]# echo 9091 > /var/www/9091/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/9091/
[root@localhost conf.d]# cp 9091.conf 9092.conf
[root@localhost conf.d]# vim 9092.conf
[root@localhost conf.d]# cat 9092.conf
server {
	listen    9092;
	server_name  _;
	root         /var/www/9092/;
	access_log   /var/log/nginx/9092/access.log;
	error_log    /var/log/nginx/9092/error.log;
}
[root@localhost conf.d]# echo 9092 > /var/www/9092/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/9092/
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl 2.2.2.131:9091
9091
[root@localhost conf.d]# curl 2.2.2.131:9092
9092

1.3 配置基于IP地址的 Web 服务器

1.查看IP ip add
2.配置IP nmcli connection modify ens160
	IP/IP掩码 ipv4.address 2.2.2.131/24
	网关 ipv4.gateway 2.2.2.2
	dns dns 2.2.2.2
	手动的ip ipv4.method mannual method
	connection.autoconnect yes
3.启动会话 nmcli connection uo ens160
4.加IP
	nmcli connection modify ens160 +ipv4.addresses 2.2.2.200/24
	nmcli connection modify ens160 +ipv4.addresses 2.2.2.201/24
5.查看IP,加的IP(secondary)
## 6.切换到配置路径 cd /etc/nginx/conf.d/、查看配置文件ll 
7.配置文件,创建基于IP的web服务器(server_name指向新加的IP2.2.2.200、2.2.2.201,间隔用空格不用tab)
	vim 200.conf
	vim 201.conf
8.创建目录
	mkdir /var/www/200
	mkdir /var/www/201
9.写入内容
	echo 200 > /var/www/200/index.html
	echo 201 > /var/www/201/index.html
10.创建日志
	mkdir /var/log/nginx/200
	mkdir /var/log/nginx/201
11.重启服务 systemctl restart nginx

难点:配置IP

将当前IP作为手动IP静态出现

dynamic

powershell 复制代码
[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:5f:5c:0a brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 2.2.2.131/24 brd 2.2.2.255 scope global dynamic noprefixroute ens160
       valid_lft 1374sec preferred_lft 1374sec
    inet6 fe80::20c:29ff:fe5f:5c0a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
powershell 复制代码
[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost ~]# nmcli connection modify ens160 ipv4.addresses 2.2.2.131/24 ipv4.gateway 2.2.2.2 ipv4.dns 2.2.2.2 ipv4.method manual connection.autoconnect yes
[root@localhost ~]# nmcli connection up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@localhost ~]# nmcli connection modify ens160 +ipv4.addresses 2.2.2.200/24
[root@localhost ~]# nmcli connection modify ens160 +ipv4.addresses 2.2.2.201/24
[root@localhost ~]# nmcli connection up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:5f:5c:0a brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 2.2.2.131/24 brd 2.2.2.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 2.2.2.200/24 brd 2.2.2.255 scope global secondary noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet 2.2.2.201/24 brd 2.2.2.255 scope global secondary noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe5f:5c0a/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 16
-rw-r--r--. 1 root root 166 Oct 29 21:55 9091.conf
-rw-r--r--. 1 root root 166 Oct 29 21:59 9092.conf
-rw-r--r--. 1 root root 184 Oct 29 21:37 com.conf
-rw-r--r--. 1 root root 184 Oct 29 21:39 net.conf
[root@localhost conf.d]# vim 200.conf
[root@localhost conf.d]# cp 200.conf 201.conf
[root@localhost conf.d]# vim 201.conf
[root@localhost conf.d]# mkdir /var/www/200
[root@localhost conf.d]# mkdir /var/www/201
[root@localhost conf.d]# echo 200 > /var/www/200/index.html
[root@localhost conf.d]# echo 201 > /var/www/201/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/200
[root@localhost conf.d]# mkdir /var/log/nginx/201
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl 2.2.2.200
200
[root@localhost conf.d]# curl 2.2.2.201
201


1.4 配置账号验证访问

安装httpd-tools(挂载)

powershell 复制代码
[root@localhost conf.d]# ll /mnt
total 0
drwxr-xr-x. 2 root root 6 Oct 13 20:09 hgfs
[root@localhost conf.d]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@localhost conf.d]# ll /mnt
total 44
drwxr-xr-x. 1 root root  2048 Oct 25  2023 AppStream
drwxr-xr-x. 1 root root  2048 Oct 25  2023 BaseOS
drwxrwxr-x. 1 root root  2048 Oct 25  2023 EFI
-r--r--r--. 1 root root  8154 Oct 25  2023 EULA
-r--r--r--. 1 root root  1455 Oct 25  2023 extra_files.json
-r--r--r--. 1 root root 18092 Oct 25  2023 GPL
drwxrwxr-x. 1 root root  2048 Oct 25  2023 images
drwxrwxr-x. 1 root root  2048 Oct 25  2023 isolinux
-r--r--r--. 1 root root   103 Oct 25  2023 media.repo
-r--r--r--. 1 root root  1669 Oct 25  2023 RPM-GPG-KEY-redhat-beta
-r--r--r--. 1 root root  3682 Oct 25  2023 RPM-GPG-KEY-redhat-release
[root@localhost conf.d]# dnf install httpd-tools -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 1 day, 0:30:56 ago on Tue 29 Oct 2024 09:33:32 PM CST.
Package httpd-tools-2.4.57-5.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to

创建用户

powershell 复制代码
[root@localhost conf.d]# htpasswd -cb password zhangsan redhat
Adding password for user zhangsan
[root@localhost conf.d]# htpasswd -b password lisi redhat
Adding password for user lisi
[root@localhost conf.d]# cat password (查看用户密码,哈希值)
zhangsan:$apr1$ToVa4mEq$BqQs99fGaEHwovR3G4wqc1
lisi:$apr1$SFer5jDM$RDUPW8ubTJH0UaiIRoE2m1
[root@localhost conf.d]# ll password
-rw-r--r--. 1 root root 90 Oct 30 22:10 password
[root@localhost conf.d]# chmod 600 password #修改权限
[root@localhost conf.d]# chown nginx password #修改用户权限
[root@localhost conf.d]# ll
total 28
-rw-r--r--. 1 root  root 149 Oct 30 21:55 200.conf
-rw-r--r--. 1 root  root 149 Oct 30 21:56 201.conf
-rw-r--r--. 1 root  root 166 Oct 29 21:55 9091.conf
-rw-r--r--. 1 root  root 166 Oct 29 21:59 9092.conf
-rw-r--r--. 1 root  root 184 Oct 29 21:37 com.conf
-rw-r--r--. 1 root  root 184 Oct 29 21:39 net.conf
-rw-------. 1 nginx root  90 Oct 30 22:10 password
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
[root@localhost conf.d]# vim /etc/hosts
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
2.2.2.131   www.account.com #新加内容
[root@localhost conf.d]# ping www.account.com 
PING www.account.com (2.2.2.131) 56(84) bytes of data.
64 bytes from www.example.com (2.2.2.131): icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from www.example.com (2.2.2.131): icmp_seq=2 ttl=64 time=0.221 ms
^C
--- www.account.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1021ms
rtt min/avg/max/mdev = 0.040/0.130/0.221/0.090 ms
[root@localhost conf.d]# ll /var
total 16
drwxr-xr-x.  2 root root   19 Oct 13 20:10 account
drwxr-xr-x.  2 root root    6 Aug 10  2021 adm
drwxr-xr-x. 21 root root 4096 Oct 19 21:21 cache
drwxr-xr-x.  2 root root    6 Jul  4  2023 crash
drwxr-xr-x.  3 root root   18 Oct 13 20:08 db
drwxr-xr-x.  2 root root    6 Aug 10  2021 empty
drwxr-xr-x.  3 root root   17 Oct 19 21:28 ftp
drwxr-xr-x.  2 root root    6 Aug 10  2021 games
drwxr-xr-x.  3 root root   18 Oct 13 20:07 kerberos
drwxr-xr-x. 58 root root 4096 Oct 27 23:00 lib
drwxr-xr-x.  2 root root    6 Aug 10  2021 local
lrwxrwxrwx.  1 root root   11 Oct 13 20:06 lock -> ../run/lock
drwxr-xr-x. 17 root root 4096 Oct 30 21:07 log
lrwxrwxrwx.  1 root root   10 Aug 10  2021 mail -> spool/mail
drwxr-xr-x.  2 root root    6 Aug 10  2021 nis
drwxr-xr-x.  2 root root    6 Aug 10  2021 opt
drwxr-xr-x.  2 root root    6 Aug 10  2021 preserve
lrwxrwxrwx.  1 root root    6 Oct 13 20:06 run -> ../run
drwxr-xr-x. 10 root root  106 Oct 13 20:10 spool
drwxrwxrwt. 13 root root 4096 Oct 30 21:57 tmp
drwxr-xr-x. 10 root root  117 Oct 30 21:33 www
drwxr-xr-x.  2 root root    6 Aug 10  2021 yp
[root@localhost conf.d]# ll /var/www
total 0
drwxr-xr-x. 2 root root 24 Oct 30 21:34 200
drwxr-xr-x. 2 root root 24 Oct 30 21:34 201
drwxr-xr-x. 2 root root 24 Oct 29 21:57 9091
drwxr-xr-x. 2 root root 24 Oct 29 21:59 9092
drwxr-xr-x. 2 root root  6 Jul 20  2023 cgi-bin
drwxr-xr-x. 2 root root 24 Oct 29 21:44 example.com
drwxr-xr-x. 2 root root 24 Oct 29 21:45 example.net
drwxr-xr-x. 2 root root  6 Jul 20  2023 html
powershell 复制代码
[root@localhost conf.d]# vim account.conf
[root@localhost conf.d]# cat account.conf
server {
	server_name  www.account.com;
	root   /var/www/account;
	location /admin {
		index index.html;
		auth_basic "login password";
		auth_basic_user_file  /etc/nginx/conf.d/password;
	}
	access_log  /var/log/nginx/account/access.log;
	error_log /var/log/nginx/error.log;
}
[root@localhost conf.d]# mkdir /var/www/account
[root@localhost conf.d]# echo public > /var/www/account/index.html
[root@localhost conf.d]# mkdir /var/www/account/admin
[root@localhost conf.d]# echo secret > /var/www/account/admin/index.html
powershell 复制代码
[root@localhost conf.d]# systemctl restart nginx //重启服务,报错
#没有/var/log/nginx/account/access.log" failed (2: No such file or directory)这个文件或目录
inx: configuration file /etc/nginx/nginx.conf test failed
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
[root@localhost conf.d]# systemctl status nginx
× nginx.service - The nginx HTTP and reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Wed 2024-10-30 22:25:36 CST; 50s ago
   Duration: 25min 4.470s
    Process: 3514 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
    Process: 3515 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
        CPU: 9ms

Oct 30 22:25:36 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 30 22:25:36 localhost.localdomain nginx[3515]: nginx: the configuration file /etc/nginx/nginx.conf sy>
Oct 30 22:25:36 localhost.localdomain nginx[3515]: nginx: [emerg] open() "/var/log/nginx/account/access.l>
Oct 30 22:25:36 localhost.localdomain nginx[3515]: nginx: configuration file /etc/nginx/nginx.conf test f>
Oct 30 22:25:36 localhost.localdomain systemd[1]: nginx.service: Control process exited, code=exited, sta>
Oct 30 22:25:36 localhost.localdomain systemd[1]: nginx.service: Failed with result 'exit-code'.
Oct 30 22:25:36 localhost.localdomain systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
 ESCOC

rver
rvice; disabled; preset: disabled)
4-10-30 22:25:36 CST; 50s ago

inx.pid (code=exited, status=0/SUCCESS)
de=exited, status=1/FAILURE)


rting The nginx HTTP and reverse proxy server...
inx: the configuration file /etc/nginx/nginx.conf syntax is ok
inx: [emerg] open() "/var/log/nginx/account/access.log" failed (2: No such file or directory)
inx: configuration file /etc/nginx/nginx.conf test failed
nx.service: Control process exited, code=exited, status=1/FAILURE
nx.service: Failed with result 'exit-code'.
led to start The nginx HTTP and reverse proxy server.
powershell 复制代码
[root@localhost conf.d]# mkdir /var/log/nginx/account/
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl www.account.com/admin/ #不能访问
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@localhost conf.d]# curl http://zhangsan:redhat@www.account.com/admin/
secret
[root@localhost conf.d]# curl http://lisi:redhat@www.account.com/admin/
secret



1.5 配置 https 加密服务

实验要求:

创建一个基于主机名(www.exam.com)的web服务器,内容不限,但内容是在根下的/www/目录下的,/www/目录是由/dev/nvme0n2 这个磁盘设备创建出来的 lvexam 这个逻辑卷挂载过来的

1.添加一个nvme接口的磁盘

2.把这个磁盘作为一个物理卷(vgexam),添加到卷组,然后创建到一个逻辑卷,这个逻辑卷叫做 lvexam

3.把逻辑卷挂载到 根下的/www

4.创建web服务,这个服务所对应的 root 是根下的 /www(创建一个虚拟主机,虚拟主机里面的root参数后面跟的是/www)相当于访问的是/www/index.html这个文件

5.重新启动虚拟机之后,依然可以自启动访问 www.exam.com(要自动挂载)

查看磁盘信息 lsblk
显示块设备的相关属性 挂载盘的情况 blkid

创建分区 fdisk /dev/nvme0n2
#创建物理卷
[root@localhost ~]# pvcreate pvexam /dev/nvme0n2
# 创建一个vg(卷组),vgreate、vgexam作为卷组名称
[root@localhost ~]# vgcreate vgexam /dev/nvme0n2
#创建逻辑卷
[root@localhost ~]# lvcreate -n lvexam -L 3G vgexam  # 名称lvexam,大小30G,使用vgtest这个卷组
#查看创建情况
lvs,vgs,pvs,查看你详细物理卷信息pvdiplay
mkdir /root/www
挂载是否必须格式化???
[root@localhost ~]# mkfs.xfs /dev/mapper/vgexam-lvexam #格式化
meta-data=/dev/mapper/vgtest-lvtest isize=512    agcount=4, agsize=1966080 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=1, sparse=1, rmapbt=0
         =                       reflink=1    bigtime=1 inobtcount=1 nrext64=0
data     =                       bsize=4096   blocks=7864320, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=16384, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

#创建挂载目录
mkdir /root/www
[root@localhost ~]# mount /dev/mapper/vgexam-lvexamt /root/www #挂载
#查看挂载情况 df -h /root/www

[root@localhost ~]# cd /etc/nginx/conf.d/

[root@localhost conf.d]# vim com.conf
[root@localhost conf.d]# cat com.conf
server {
	server_name  www.exam.com;
	root         /root/www/exam.com/;
	access_log   /root/log/nginx/exam.com/access.log;
	error_log    /root/log/nginx/exam.com/error.log;
}
[root@localhost conf.d]# mkdir -p /root/www/exam.com/
[root@localhost conf.d]# echo exam.com > /root/www/exam.com/index.html
[root@localhost conf.d]# mkdir /root/www/nginx/exam.com
[root@localhost conf.d]# curl www.exam.com

开机自动挂载设置:

ll /etc/fstab

vim /etc/fstab #查看文件系统表(不用斜线开头是相对路径,有斜线是绝对路径)

powershell 复制代码
在 /etc/fstab 文件中添加一行,指定要挂载的设备、挂载点、文件系统类型以及其他选项
[root@localhost conf.d]# vim /etc/fstab
添加内容:(显示块设备的相关属性 挂载盘的情况 blkid)
/dev/mapper/

服务开机自启动设置:

powershell 复制代码
[root@localhost ~]# fdisk /dev/nvme0n2

Welcome to fdisk (util-linux 2.37.4).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-41943039, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-41943039, default 41943039): +5G

Created a new partition 1 of type 'Linux' and of size 5 GiB.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

[root@localhost ~]# lsblk
NAME          MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
sr0            11:0    1  9.8G  0 rom  
nvme0n1       259:0    0   50G  0 disk 
├─nvme0n1p1   259:1    0  600M  0 part /boot/efi
├─nvme0n1p2   259:2    0    1G  0 part /boot
└─nvme0n1p3   259:3    0 48.4G  0 part 
  ├─rhel-root 253:0    0 44.5G  0 lvm  /
  └─rhel-swap 253:1    0  3.9G  0 lvm  [SWAP]
nvme0n2       259:4    0   20G  0 disk 
└─nvme0n2p1   259:5    0    5G  0 part 
[root@localhost ~]# pvcreate pvexam /dev/nvme0n2
  No device found for pvexam.
  Cannot use /dev/nvme0n2: device is partitioned
[root@localhost ~]# vgcreate vgexam /dev/nvme0n2p1
  Physical volume "/dev/nvme0n2p1" successfully created.
  Volume group "vgexam" successfully created
[root@localhost ~]# lvcreate -n lvexam -L 3G vgexam
  Logical volume "lvexam" created.
[root@localhost ~]# mkfs.xfs /dev/mapper/vgexam-lvexam 
meta-data=/dev/mapper/vgexam-lvexam isize=512    agcount=4, agsize=196608 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=1, sparse=1, rmapbt=0
         =                       reflink=1    bigtime=1 inobtcount=1 nrext64=0
data     =                       bsize=4096   blocks=786432, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=16384, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@localhost ~]# mkdir /root/www
[root@localhost ~]# mount /dev/mapper/vgexam-lvexam /root/www
shell 复制代码
[root@localhost ~]# cd /etc/nginx/conf.d
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
2.2.2.131   www.account.com
[root@localhost conf.d]# vim /etc/hosts
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
2.2.2.131   www.account.com
2.2.2.131   www.exam.com
[root@localhost conf.d]# vim con.conf
[root@localhost conf.d]# cat con.conf
server {
	server_name www.exam.com;
	root /www/exam.com/;
	access_log /www/nginx/exam.com/access.log;
	error_log /www/nginx/exam.com/error.log;
}
[root@localhost conf.d]# mkdir -p /www/nginx/exam.com/
[root@localhost conf.d]# echo exam.com > /root/www/exam.com/index.html
[root@localhost conf.d]# mkdir -p /www/exam.com/
[root@localhost conf.d]# mkdir /root/www/nginx/exam.com
[root@localhost conf.d]# setenforce 0
[root@localhost conf.d]# systemctl restart nginx
shell 复制代码
自动挂载:
[root@localhost conf.d]# blkid
/dev/mapper/rhel-swap: UUID="d9675047-ac80-4c05-a33b-010efac89d8c" TYPE="swap"
/dev/nvme0n1p3: UUID="kpeTos-N80e-ZJnl-cfyg-N1on-gxR4-sZeAOW" TYPE="LVM2_member" PARTUUID="146aabd0-2cff-494c-b0c1-d5a12bb236d3"
/dev/nvme0n1p1: UUID="7B98-B72C" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="4a7c4092-cdcc-4e5d-bf43-fae9584bfa0c"
/dev/nvme0n1p2: UUID="5373a599-7d61-4100-8be3-8773cecd18e6" TYPE="xfs" PARTUUID="f82559e8-dc45-4abb-92e9-9ec6bc5d256b"
/dev/sr0: UUID="2023-10-25-09-17-25-00" LABEL="RHEL-9-3-0-BaseOS-x86_64" TYPE="iso9660" PTUUID="ece57f7f" PTTYPE="dos"
/dev/mapper/vgexam-lvexam: UUID="39a5657b-6f74-4073-bf1b-37406849aca9" TYPE="xfs"
/dev/nvme0n2p1: UUID="eOG6OX-nsfn-yfIO-8uaY-UqQV-va37-9cWjC8" TYPE="LVM2_member" PARTUUID="ea4e1f45-01"
/dev/mapper/rhel-root: UUID="f3910070-cc8d-4ce9-a2b9-225aea787f16" TYPE="xfs"

[root@localhost conf.d]# vim /etc/fstab
[root@localhost ~]# cat /etc/fstab 

#
# /etc/fstab
# Created by anaconda on Sun Oct 13 12:06:20 2024
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/rhel-root   /                       xfs     defaults        0 0
UUID=5373a599-7d61-4100-8be3-8773cecd18e6 /boot                   xfs     defaults        0 0
UUID=7B98-B72C          /boot/efi               vfat    umask=0077,shortname=winnt 0 2
/dev/mapper/rhel-swap   none                    swap    defaults        0 0
/dev/mapper/vgexam-lvexam      /www                xfs defaults   0 0

[root@localhost conf.d]# vim /etc/selinux/config 
[root@localhost ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# See also:
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/changing-selinux-states-and-modes_using-selinux#changing-selinux-modes-at-boot-time_changing-selinux-states-and-modes
#
# NOTE: Up to RHEL 8 release included, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
#    grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
#    grubby --update-kernel ALL --remove-args selinux
#
SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


[root@localhost ~]# systemctl  status nginx.service 
● nginx.service - The nginx HTTP and reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-10-31 19:52:44 CST; 44s ago
    Process: 1217 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
    Process: 1221 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
    Process: 1252 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
   Main PID: 1261 (nginx)
      Tasks: 5 (limit: 22739)
     Memory: 6.3M
        CPU: 26ms
     CGroup: /system.slice/nginx.service
             ├─1261 "nginx: master process /usr/sbin/nginx"
             ├─1263 "nginx: worker process"
             ├─1264 "nginx: worker process"
             ├─1265 "nginx: worker process"
             └─1266 "nginx: worker process"

Oct 31 19:52:44 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 31 19:52:44 localhost.localdomain nginx[1221]: nginx: the configuration file /etc/nginx/nginx.con>
Oct 31 19:52:44 localhost.localdomain nginx[1221]: nginx: configuration file /etc/nginx/nginx.conf te>
Oct 31 19:52:44 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@localhost ~]# curl www.exam.com
exam.com

自启动:

相关推荐
内核程序员kevin2 小时前
TCP Listen 队列详解与优化指南
linux·网络·tcp/ip
朝九晚五ฺ6 小时前
【Linux探索学习】第十四弹——进程优先级:深入理解操作系统中的进程优先级
linux·运维·学习
自由的dream6 小时前
Linux的桌面
linux
xiaozhiwise6 小时前
Makefile 之 自动化变量
linux
意疏9 小时前
【Linux 篇】Docker 的容器之海与镜像之岛:于 Linux 系统内探索容器化的奇妙航行
linux·docker
BLEACH-heiqiyihu9 小时前
RedHat7—Linux中kickstart自动安装脚本制作
linux·运维·服务器
一只爱撸猫的程序猿9 小时前
一个简单的Linux 服务器性能优化案例
linux·mysql·nginx
我的K840910 小时前
Flink整合Hudi及使用
linux·服务器·flink
19004310 小时前
linux6:常见命令介绍
linux·运维·服务器