题目:
创建两个用户www.zhangsan.com 加密,www.lisi.com
目录:/www/zahngsan /www/lisi
主服务器做 dns web
从服务器做dns
在从服务器上能实现curl -k https://www.zhangsan.com ok,curl http://www.lisi.com ok
思路:
1、两个虚拟机,一个为主129,一个为从131,配置好IP等,下好软件,挂载仓库等
2、在129上配置
[root@localhost ~]# cat /etc/httpd/conf.d/vhost.conf
<directory /www/>
allowoverride none
require all granted
</directory>
<virtualhost 192.168.159.129:80>
servername www.lisi.com
documentroot /www/lisi
</virtualhost>
<virtualhost 192.168.159.129:443>
servername www.zhangsan.com
documentroot /www/zhangsan
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/jiami.crt
SSLCertificateKeyFile /etc/pki/tls/private/jiami.key
</virtualhost>
3、实现加密
4、查看主是否开启http,https,dns服务
[root@localhost ~]# firewall-cmd --list-all
没有则添加:
[root@localhost ~]# firewall-cmd --permanent --add-service=http
[root@localhost ~]# firewall-cmd --permanent --add-service=https
[root@localhost ~]# firewall-cmd --permanent --add-service=dns
[root@localhost ~]# firewall-cmd --reload
[root@localhost ~]# firewall-cmd --list-all
5、测试能否访问
浏览器或者curl -k https://www.zhangsan.com ok,curl http://www.lisi.com ok
6、实现DNS
下载bind
做两个正向解析,主服务配置如下,从服务器只需更改dns为主服务器的IP
[root@localhost ~]# cat /etc/named.conf
options {
listen-on port 53 { 192.168.159.129; };
directory "/var/named";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "zhangsan.com" IN {
type master;
file "named.zhangsan";
};
zone "lisi.com" IN {
type master;
file "named.lisi";
};
[root@localhost ~]# cat /var/named/named.zhangsan
$TTL 1d
@ IN SOA @ admin.zhangsan.com. (2024070601
1
1
1
1)
IN NS ns.zhangsan.com.
ns IN A 192.168.159.129
www IN A 192.168.159.129
[root@localhost ~]# cat /var/named/named.lisi
$TTL 1d
@ IN SOA @ admin.lisi.com. (2024070601
1
1
1
1)
IN NS ns.lisi.com.
ns IN A 192.168.159.129
www IN A 192.168.159.129
[root@localhost ~]#systemctl restart named
7、查看从是否开启http,https,dns服务
[root@localhost ~]# firewall-cmd --list-all
没有则添加:
[root@localhost ~]# firewall-cmd --permanent --add-service=http
[root@localhost ~]# firewall-cmd --permanent --add-service=https
[root@localhost ~]# firewall-cmd --permanent --add-service=dns
[root@localhost ~]# firewall-cmd --reload
[root@localhost ~]# firewall-cmd --list-all
8、测试能否访问
浏览器或者curl -k https://www.zhangsan.com ok,curl http://www.lisi.com ok
---多线程上篇)
地图着色)
)
