RHCE 配置文件

配置文件

配置文件
- - 排错
- 1.1 配置基于主机名的 Web 服务器
- 1.2 配置基于端口的 Web 服务器
- 1.3 配置基于IP地址的 Web 服务器
- 1.4 配置账号验证访问
- 1.5 配置 https 加密服务
- 1.6 课后习题

配置文件

在这里插入图片描述

配置文件vim里面内容时，用空格分割

#寻找配置文件
[root@localhost ~]# rpm -ql nginx
/usr/bin/nginx-upgrade
/usr/lib/systemd/system/nginx.service
/usr/share/man/man3/nginx.3pm.gz
/usr/share/man/man8/nginx-upgrade.8.gz
/usr/share/man/man8/nginx.8.gz
/usr/share/nginx/html/404.html
/usr/share/nginx/html/50x.html
/usr/share/nginx/html/icons
/usr/share/nginx/html/icons/poweredby.png
/usr/share/nginx/html/index.html
/usr/share/nginx/html/nginx-logo.png
/usr/share/nginx/html/poweredby.png
/usr/share/nginx/html/system_noindex_logo.png
/usr/share/vim/vimfiles/ftdetect/nginx.vim
/usr/share/vim/vimfiles/ftplugin/nginx.vim
/usr/share/vim/vimfiles/indent/nginx.vim
/usr/share/vim/vimfiles/syntax/nginx.vim

#查找安装历史命令
[root@localhost ~]# dnf history 
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.ID     | Command line                                    | Date and time    | Action(s)      | Altered
------------------------------------------------------------------------------------------------------9 | install nginx -y                                | 2024-10-27 23:00 | Install        |    3   8 | install rpcgen                                  | 2024-10-19 21:48 | Install        |    1  <7 | install -y ncurses-devel                        | 2024-10-19 21:43 | Install        |    2 > 6 | install openssl-devel                           | 2024-10-19 21:42 | Install        |    1   5 | install gcc-toolset-13-gcc gcc-toolset-13-gcc-c | 2024-10-19 21:39 | Install        |   15   4 | install cmake                                   | 2024-10-19 21:35 | Install        |    5   3 | install vsftpd -y                               | 2024-10-19 21:28 | Install        |    1   2 | install httpd -y                                | 2024-10-19 21:21 | Install        |   11   1 |                                                 | 2024-10-13 20:06 | Install        | 1256 EE

[root@localhost ~]# ll /etc/nginx
total 68
drwxr-xr-x. 2 root root    6 Oct 11  2023 conf.d
drwxr-xr-x. 2 root root    6 Oct 11  2023 default.d
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf.default
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params.default
-rw-r--r--. 1 root root 2837 Oct 11  2023 koi-utf
-rw-r--r--. 1 root root 2223 Oct 11  2023 koi-win
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types.default
-rw-r--r--. 1 root root 2334 Oct 11  2023 nginx.conf
-rw-r--r--. 1 root root 2656 Oct 11  2023 nginx.conf.default
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params.default
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params.default
-rw-r--r--. 1 root root 3610 Oct 11  2023 win-utf
[root@localhost ~]# rpm -qf /etc/nginx/nginx.conf （主配置文件：nginx.conf）
nginx-core-1.20.1-14.el9_2.1.x86_64   #这个软件包提供了配置文件

[root@localhost ~]# cd /etc/nginx/
[root@localhost nginx]# ll
total 68
drwxr-xr-x. 2 root root    6 Oct 11  2023 conf.d
drwxr-xr-x. 2 root root    6 Oct 11  2023 default.d
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf
-rw-r--r--. 1 root root 1077 Oct 11  2023 fastcgi.conf.default
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params
-rw-r--r--. 1 root root 1007 Oct 11  2023 fastcgi_params.default
-rw-r--r--. 1 root root 2837 Oct 11  2023 koi-utf
-rw-r--r--. 1 root root 2223 Oct 11  2023 koi-win
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types #默认的
-rw-r--r--. 1 root root 5231 Oct 11  2023 mime.types.default
-rw-r--r--. 1 root root 2334 Oct 11  2023 nginx.conf
-rw-r--r--. 1 root root 2656 Oct 11  2023 nginx.conf.default
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params
-rw-r--r--. 1 root root  636 Oct 11  2023 scgi_params.default
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params
-rw-r--r--. 1 root root  664 Oct 11  2023 uwsgi_params.default
-rw-r--r--. 1 root root 3610 Oct 11  2023 win-utf

排错

在重启服务时，亮红报错，复制报错信息，查看错误情况（左右键查看更多内容）

如果服务起不了，用这个命令查看服务状态
systemctl status niginx 
服务启动以后，工作是否正常
netstat -lutup | grep nginx
查看错误日志
cat /var/log/nginx/200/error.log
cat /var/log/nginx/200/error.log(访问日志)
在主服务器里面查看错误日志
tail -f /var/log/nginx/error.log

1.1 配置基于主机名的 Web 服务器

主机名:
www.baidu.com
www.360.com
www.qq.com
域：
baidu.com

vim编辑器

命令模式：
这是 vim 进入后的默认模式。在这个模式下，可以执行如下的命令：

光标跳转：
1. 通过上下左右键来进行移动
2. gg 用于回到文件开头（连续按两次 g 键）
3. G 用于回到文件的结尾（shift + g）
4. 将当前光标所在位置移动到行首和行尾按^（行首）和$（行尾）
5. 按单词进行向后移动，按 w，如果希望按单词几前则按 b
复制：esc，yy复制，esc，p粘贴，esc，dd删除
1. yy表示复制，nyy表示复制 n 行（从光标所以位置向后计算）
2. p表示粘贴所复制的内容
删除：
1. u表示撤销当前的操作
2. dd表示删除光标所在行，ndd表示删除从光标所在行向后计算 n 行，dG 表示从当前光标删除后最后，dgg表示从当前光标删除到最前

enforcing，强制模式
permissive，宽容模式，违反 SELinux 规则的行为只会记录到日志中。一般为调试用。
disabled，关闭 SELinux
1 启用
0 告警，不启用

[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --reload 
success
[root@localhost ~]# setenforce 0 #setenforce是Linux的selinux防火墙配置命令，执行setenforce 0 表示关闭selinux防火墙。
[root@localhost ~]# ll /etc
total 1348
...
drwxr-xr-x.  2 root root        28 Oct 13 20:07 highlight
-rw-r--r--.  1 root root         9 Jun 23  2020 host.conf
-rw-r--r--.  1 root root         1 Oct 13 20:13 hostname
-rw-r--r--.  1 root root       158 Jun 23  2020 hosts
drwxr-xr-x.  2 root root        24 Oct 13 20:06 hp
drwxr-xr-x.  5 root root       105 Oct 19 21:21 httpd
...
[root@localhost ~]# vim /etc/hosts[No write since last change]
/bin/bash: line 1: q: command not foundshell returned 127Press ENTER or type command to continue
[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 0
[root@localhost conf.d]# vim com.conf
[root@localhost conf.d]# cat com.conf
server {server_name  www.example.com;root         /var/www/example.com/;access_log   /var/log/nginx/example.com/access.log;error_log    /var/log/nginx/example.com/error.log;
}
[root@localhost conf.d]# cat com.conf > net.conf
[root@localhost conf.d]# vim net.conf
[root@localhost conf.d]# cat net.conf
server {server_name  www.example.net;root         /var/www/example.net/;access_log   /var/log/nginx/example.net/access.log;error_log    /var/log/nginx/example.net/error.log;
}
[root@localhost conf.d]# ll /var
total 16
...
drwxr-xr-x. 17 root root 4096 Oct 29 21:13 log
...
drwxr-xr-x.  4 root root   33 Oct 19 21:21 www
drwxr-xr-x.  2 root root    6 Aug 10  2021 yp
[root@localhost conf.d]# mkdir -p /var/www/example.com/
[root@localhost conf.d]# mkdir /var/www/example.net/
[root@localhost conf.d]# echo example.com > /var/www/example.com/index.html
[root@localhost conf.d]# echo example.net > /var/www/example.net/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/example.com
[root@localhost conf.d]# mkdir /var/log/nginx/example.net
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl www.example.com
example.com
[root@localhost conf.d]# curl www.example.net
example.net

getenforce命令可以在Linux下查看是否开启了SELinux

设置为宽容模式：setenforce 0 （临时关闭，重启后失效）
设置为强制模式：setenforce 1
设置为禁用模式：需要执行 vim /etc/selinux/config 打开selinux配置文件，将SELINUX=enforcing改为SELINUX=disabled,保存后退出，重启

在这里插入图片描述

1.2 配置基于端口的 Web 服务器

[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 8
-rw-r--r--. 1 root root 184 Oct 29 21:37 com.conf
-rw-r--r--. 1 root root 184 Oct 29 21:39 net.conf
[root@localhost conf.d]# vim 9091.conf
[root@localhost conf.d]# cat 9091.conf
server {listen    9091;server_name  _;root         /var/www/9091/;access_log   /var/log/nginx/9091/access.log;error_log    /var/log/nginx/9091/error.log;
}
[root@localhost conf.d]# mkdir /var/www/9091/
[root@localhost conf.d]# mkdir /var/www/9092/
[root@localhost conf.d]# echo 9091 > /var/www/9091/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/9091/
[root@localhost conf.d]# cp 9091.conf 9092.conf
[root@localhost conf.d]# vim 9092.conf
[root@localhost conf.d]# cat 9092.conf
server {listen    9092;server_name  _;root         /var/www/9092/;access_log   /var/log/nginx/9092/access.log;error_log    /var/log/nginx/9092/error.log;
}
[root@localhost conf.d]# echo 9092 > /var/www/9092/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/9092/
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl 2.2.2.131:9091
9091
[root@localhost conf.d]# curl 2.2.2.131:9092
9092

在这里插入图片描述

1.3 配置基于IP地址的 Web 服务器

1.查看IP ip add
2.配置IP nmcli connection modify ens160IP/IP掩码 ipv4.address 2.2.2.131/24网关 ipv4.gateway 2.2.2.2dns dns 2.2.2.2手动的ip ipv4.method mannual methodconnection.autoconnect yes
3.启动会话 nmcli connection uo ens160
4.加IPnmcli connection modify ens160 +ipv4.addresses 2.2.2.200/24nmcli connection modify ens160 +ipv4.addresses 2.2.2.201/24
5.查看IP，加的IP（secondary）
## 6.切换到配置路径 cd /etc/nginx/conf.d/、查看配置文件ll 
7.配置文件，创建基于IP的web服务器（server_name指向新加的IP2.2.2.200、2.2.2.201，间隔用空格不用tab）vim 200.confvim 201.conf
8.创建目录mkdir /var/www/200mkdir /var/www/201
9.写入内容echo 200 > /var/www/200/index.htmlecho 201 > /var/www/201/index.html
10.创建日志mkdir /var/log/nginx/200mkdir /var/log/nginx/201
11.重启服务 systemctl restart nginx

难点：配置IP

将当前IP作为手动IP静态出现
dynamic

[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:5f:5c:0a brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 2.2.2.131/24 brd 2.2.2.255 scope global dynamic noprefixroute ens160valid_lft 1374sec preferred_lft 1374secinet6 fe80::20c:29ff:fe5f:5c0a/64 scope link noprefixroute valid_lft forever preferred_lft forever

[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost ~]# nmcli connection modify ens160 ipv4.addresses 2.2.2.131/24 ipv4.gateway 2.2.2.2 ipv4.dns 2.2.2.2 ipv4.method manual connection.autoconnect yes
[root@localhost ~]# nmcli connection up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@localhost ~]# nmcli connection modify ens160 +ipv4.addresses 2.2.2.200/24
[root@localhost ~]# nmcli connection modify ens160 +ipv4.addresses 2.2.2.201/24
[root@localhost ~]# nmcli connection up ens160
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost ~]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:0c:29:5f:5c:0a brd ff:ff:ff:ff:ff:ffaltname enp3s0inet 2.2.2.131/24 brd 2.2.2.255 scope global noprefixroute ens160valid_lft forever preferred_lft foreverinet 2.2.2.200/24 brd 2.2.2.255 scope global secondary noprefixroute ens160valid_lft forever preferred_lft foreverinet 2.2.2.201/24 brd 2.2.2.255 scope global secondary noprefixroute ens160valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe5f:5c0a/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@localhost ~]# cd /etc/nginx/conf.d/
[root@localhost conf.d]# ll
total 16
-rw-r--r--. 1 root root 166 Oct 29 21:55 9091.conf
-rw-r--r--. 1 root root 166 Oct 29 21:59 9092.conf
-rw-r--r--. 1 root root 184 Oct 29 21:37 com.conf
-rw-r--r--. 1 root root 184 Oct 29 21:39 net.conf
[root@localhost conf.d]# vim 200.conf
[root@localhost conf.d]# cp 200.conf 201.conf
[root@localhost conf.d]# vim 201.conf
[root@localhost conf.d]# mkdir /var/www/200
[root@localhost conf.d]# mkdir /var/www/201
[root@localhost conf.d]# echo 200 > /var/www/200/index.html
[root@localhost conf.d]# echo 201 > /var/www/201/index.html
[root@localhost conf.d]# mkdir /var/log/nginx/200
[root@localhost conf.d]# mkdir /var/log/nginx/201
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl 2.2.2.200
200
[root@localhost conf.d]# curl 2.2.2.201
201

在这里插入图片描述

1.4 配置账号验证访问

安装httpd-tools（挂载）

[root@localhost conf.d]# ll /mnt
total 0
drwxr-xr-x. 2 root root 6 Oct 13 20:09 hgfs
[root@localhost conf.d]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@localhost conf.d]# ll /mnt
total 44
drwxr-xr-x. 1 root root  2048 Oct 25  2023 AppStream
drwxr-xr-x. 1 root root  2048 Oct 25  2023 BaseOS
drwxrwxr-x. 1 root root  2048 Oct 25  2023 EFI
-r--r--r--. 1 root root  8154 Oct 25  2023 EULA
-r--r--r--. 1 root root  1455 Oct 25  2023 extra_files.json
-r--r--r--. 1 root root 18092 Oct 25  2023 GPL
drwxrwxr-x. 1 root root  2048 Oct 25  2023 images
drwxrwxr-x. 1 root root  2048 Oct 25  2023 isolinux
-r--r--r--. 1 root root   103 Oct 25  2023 media.repo
-r--r--r--. 1 root root  1669 Oct 25  2023 RPM-GPG-KEY-redhat-beta
-r--r--r--. 1 root root  3682 Oct 25  2023 RPM-GPG-KEY-redhat-release
[root@localhost conf.d]# dnf install httpd-tools -y
Updating Subscription Management repositories.
Unable to read consumer identityThis system is not registered with an entitlement server. You can use subscription-manager to register.Last metadata expiration check: 1 day, 0:30:56 ago on Tue 29 Oct 2024 09:33:32 PM CST.
Package httpd-tools-2.4.57-5.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to

创建用户

[root@localhost conf.d]# htpasswd -cb password zhangsan redhat
Adding password for user zhangsan
[root@localhost conf.d]# htpasswd -b password lisi redhat
Adding password for user lisi
[root@localhost conf.d]# cat password （查看用户密码，哈希值）
zhangsan:$apr1$ToVa4mEq$BqQs99fGaEHwovR3G4wqc1
lisi:$apr1$SFer5jDM$RDUPW8ubTJH0UaiIRoE2m1
[root@localhost conf.d]# ll password
-rw-r--r--. 1 root root 90 Oct 30 22:10 password
[root@localhost conf.d]# chmod 600 password #修改权限
[root@localhost conf.d]# chown nginx password #修改用户权限
[root@localhost conf.d]# ll
total 28
-rw-r--r--. 1 root  root 149 Oct 30 21:55 200.conf
-rw-r--r--. 1 root  root 149 Oct 30 21:56 201.conf
-rw-r--r--. 1 root  root 166 Oct 29 21:55 9091.conf
-rw-r--r--. 1 root  root 166 Oct 29 21:59 9092.conf
-rw-r--r--. 1 root  root 184 Oct 29 21:37 com.conf
-rw-r--r--. 1 root  root 184 Oct 29 21:39 net.conf
-rw-------. 1 nginx root  90 Oct 30 22:10 password
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
[root@localhost conf.d]# vim /etc/hosts
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
2.2.2.131   www.account.com #新加内容
[root@localhost conf.d]# ping www.account.com 
PING www.account.com (2.2.2.131) 56(84) bytes of data.
64 bytes from www.example.com (2.2.2.131): icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from www.example.com (2.2.2.131): icmp_seq=2 ttl=64 time=0.221 ms
^C
--- www.account.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1021ms
rtt min/avg/max/mdev = 0.040/0.130/0.221/0.090 ms
[root@localhost conf.d]# ll /var
total 16
drwxr-xr-x.  2 root root   19 Oct 13 20:10 account
drwxr-xr-x.  2 root root    6 Aug 10  2021 adm
drwxr-xr-x. 21 root root 4096 Oct 19 21:21 cache
drwxr-xr-x.  2 root root    6 Jul  4  2023 crash
drwxr-xr-x.  3 root root   18 Oct 13 20:08 db
drwxr-xr-x.  2 root root    6 Aug 10  2021 empty
drwxr-xr-x.  3 root root   17 Oct 19 21:28 ftp
drwxr-xr-x.  2 root root    6 Aug 10  2021 games
drwxr-xr-x.  3 root root   18 Oct 13 20:07 kerberos
drwxr-xr-x. 58 root root 4096 Oct 27 23:00 lib
drwxr-xr-x.  2 root root    6 Aug 10  2021 local
lrwxrwxrwx.  1 root root   11 Oct 13 20:06 lock -> ../run/lock
drwxr-xr-x. 17 root root 4096 Oct 30 21:07 log
lrwxrwxrwx.  1 root root   10 Aug 10  2021 mail -> spool/mail
drwxr-xr-x.  2 root root    6 Aug 10  2021 nis
drwxr-xr-x.  2 root root    6 Aug 10  2021 opt
drwxr-xr-x.  2 root root    6 Aug 10  2021 preserve
lrwxrwxrwx.  1 root root    6 Oct 13 20:06 run -> ../run
drwxr-xr-x. 10 root root  106 Oct 13 20:10 spool
drwxrwxrwt. 13 root root 4096 Oct 30 21:57 tmp
drwxr-xr-x. 10 root root  117 Oct 30 21:33 www
drwxr-xr-x.  2 root root    6 Aug 10  2021 yp
[root@localhost conf.d]# ll /var/www
total 0
drwxr-xr-x. 2 root root 24 Oct 30 21:34 200
drwxr-xr-x. 2 root root 24 Oct 30 21:34 201
drwxr-xr-x. 2 root root 24 Oct 29 21:57 9091
drwxr-xr-x. 2 root root 24 Oct 29 21:59 9092
drwxr-xr-x. 2 root root  6 Jul 20  2023 cgi-bin
drwxr-xr-x. 2 root root 24 Oct 29 21:44 example.com
drwxr-xr-x. 2 root root 24 Oct 29 21:45 example.net
drwxr-xr-x. 2 root root  6 Jul 20  2023 html

[root@localhost conf.d]# vim account.conf
[root@localhost conf.d]# cat account.conf
server {server_name  www.account.com;root   /var/www/account;location /admin {index index.html;auth_basic "login password";auth_basic_user_file  /etc/nginx/conf.d/password;}access_log  /var/log/nginx/account/access.log;error_log /var/log/nginx/error.log;
}
[root@localhost conf.d]# mkdir /var/www/account
[root@localhost conf.d]# echo public > /var/www/account/index.html
[root@localhost conf.d]# mkdir /var/www/account/admin
[root@localhost conf.d]# echo secret > /var/www/account/admin/index.html

[root@localhost conf.d]# systemctl restart nginx //重启服务，报错
#没有/var/log/nginx/account/access.log" failed (2: No such file or directory)这个文件或目录
inx: configuration file /etc/nginx/nginx.conf test failed
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
[root@localhost conf.d]# systemctl status nginx
× nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; preset: disabled)Active: failed (Result: exit-code) since Wed 2024-10-30 22:25:36 CST; 50s agoDuration: 25min 4.470sProcess: 3514 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)Process: 3515 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)CPU: 9msOct 30 22:25:36 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 30 22:25:36 localhost.localdomain nginx[3515]: nginx: the configuration file /etc/nginx/nginx.conf sy>
Oct 30 22:25:36 localhost.localdomain nginx[3515]: nginx: [emerg] open() "/var/log/nginx/account/access.l>
Oct 30 22:25:36 localhost.localdomain nginx[3515]: nginx: configuration file /etc/nginx/nginx.conf test f>
Oct 30 22:25:36 localhost.localdomain systemd[1]: nginx.service: Control process exited, code=exited, sta>
Oct 30 22:25:36 localhost.localdomain systemd[1]: nginx.service: Failed with result 'exit-code'.
Oct 30 22:25:36 localhost.localdomain systemd[1]: Failed to start The nginx HTTP and reverse proxy server.ESCOCrver
rvice; disabled; preset: disabled)
4-10-30 22:25:36 CST; 50s agoinx.pid (code=exited, status=0/SUCCESS)
de=exited, status=1/FAILURE)rting The nginx HTTP and reverse proxy server...
inx: the configuration file /etc/nginx/nginx.conf syntax is ok
inx: [emerg] open() "/var/log/nginx/account/access.log" failed (2: No such file or directory)
inx: configuration file /etc/nginx/nginx.conf test failed
nx.service: Control process exited, code=exited, status=1/FAILURE
nx.service: Failed with result 'exit-code'.
led to start The nginx HTTP and reverse proxy server.

[root@localhost conf.d]# mkdir /var/log/nginx/account/
[root@localhost conf.d]# systemctl restart nginx
[root@localhost conf.d]# curl www.account.com/admin/ #不能访问
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.20.1</center>
</body>
</html>
[root@localhost conf.d]# curl http://zhangsan:redhat@www.account.com/admin/
secret
[root@localhost conf.d]# curl http://lisi:redhat@www.account.com/admin/
secret

在这里插入图片描述

1.5 配置 https 加密服务

 [root@kittod conf.d]# cat /etc/hosts...192.168.197.130   www.https.com[root@kittod conf.d]# mkdir /var/www/https/[root@kittod conf.d]# echo https > /var/www/https/index.html[root@kittod conf.d]# mkdir /var/log/nginx/https[root@kittod conf.d]# cat https.conf 
server {listen              443 ssl;server_name         www.https.com;root                /var/www/https/;ssl_certificate     /etc/pki/tls/certs/https.com.crt;ssl_certificate_key /etc/pki/tls/private/https.com.key;access_log   /var/log/nginx/https/access.log;error_log    /var/log/nginx/https/error.log;}[root@kittod certs]# pwd/etc/pki/tls/certs[root@kittod certs]# openssl genrsa > https.com.key[root@kittod certs]# openssl req -new -key https.com.key -x509 -days 100 
out https.com.crtYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.----
Country Name (2 letter code) [XX]:86State or Province Name (full name) []:chongqingLocality Name (eg, city) [Default City]:bananOrganization Name (eg, company) [Default Company Ltd]:chengkeOrganizational Unit Name (eg, section) []:rhceCommon Name (eg, your name or your server's hostname) []:www.https.comEmail Address []:admin@https.com[root@kittod certs]# chmod 600 https*[root@kittod certs]# ll https*-rw-------. 1 root root 1436 Oct 25 16:10 https.com.crt-rw-------. 1 root root 1704 Oct 25 16:08 https.com.key[root@kittod certs]# mv https.com.key ../private/[root@kittod conf.d]# systemctl restart nginx[root@kittod conf.d]# curl https://www.https.comcurl: (60) SSL certificate problem: self-signed certificateMore details here: https://curl.se/docs/sslcerts.htmlcurl failed to verify the legitimacy of the server and therefore could notestablish a secure connection to it. To learn more about this situation andhow to fix it, please visit the web page mentioned above.[root@kittod conf.d]# curl https://www.https.com -khttps

1.6 课后习题

实验要求：
创建一个基于主机名（www.exam.com）的web服务器，内容不限，但内容是在根下的/www/目录下的，/www/目录是由/dev/nvme0n2 这个磁盘设备创建出来的 lvexam 这个逻辑卷挂载过来的

1.添加一个nvme接口的磁盘
2.把这个磁盘作为一个物理卷（vgexam），添加到卷组，然后创建到一个逻辑卷，这个逻辑卷叫做 lvexam
3.把逻辑卷挂载到根下的/www
4.创建web服务，这个服务所对应的 root 是根下的 /www(创建一个虚拟主机，虚拟主机里面的root参数后面跟的是/www)相当于访问的是/www/index.html这个文件
5.重新启动虚拟机之后，依然可以自启动访问 www.exam.com（要自动挂载）

查看磁盘信息 lsblk
显示块设备的相关属性 挂载盘的情况 blkid创建分区 fdisk /dev/nvme0n2
#创建物理卷
[root@localhost ~]# pvcreate pvexam /dev/nvme0n2
# 创建一个vg（卷组），vgreate、vgexam作为卷组名称
[root@localhost ~]# vgcreate vgexam /dev/nvme0n2
#创建逻辑卷
[root@localhost ~]# lvcreate -n lvexam -L 3G vgexam  # 名称lvexam，大小30G，使用vgtest这个卷组
#查看创建情况
lvs，vgs，pvs,查看你详细物理卷信息pvdiplay
mkdir /root/www
挂载是否必须格式化？？？
[root@localhost ~]# mkfs.xfs /dev/mapper/vgexam-lvexam #格式化
meta-data=/dev/mapper/vgtest-lvtest isize=512    agcount=4, agsize=1966080 blks=                       sectsz=512   attr=2, projid32bit=1=                       crc=1        finobt=1, sparse=1, rmapbt=0=                       reflink=1    bigtime=1 inobtcount=1 nrext64=0
data     =                       bsize=4096   blocks=7864320, imaxpct=25=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=16384, version=2=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0#创建挂载目录
mkdir /root/www
[root@localhost ~]# mount /dev/mapper/vgexam-lvexamt /root/www #挂载
#查看挂载情况 df -h /root/www[root@localhost ~]# cd /etc/nginx/conf.d/[root@localhost conf.d]# vim com.conf
[root@localhost conf.d]# cat com.conf
server {server_name  www.exam.com;root         /root/www/exam.com/;access_log   /root/log/nginx/exam.com/access.log;error_log    /root/log/nginx/exam.com/error.log;
}
[root@localhost conf.d]# mkdir -p /root/www/exam.com/
[root@localhost conf.d]# echo exam.com > /root/www/exam.com/index.html
[root@localhost conf.d]# mkdir /root/www/nginx/exam.com
[root@localhost conf.d]# curl www.exam.com

开机自动挂载设置：
ll /etc/fstab
vim /etc/fstab #查看文件系统表（不用斜线开头是相对路径，有斜线是绝对路径）

在 /etc/fstab 文件中添加一行，指定要挂载的设备、挂载点、文件系统类型以及其他选项
[root@localhost conf.d]# vim /etc/fstab
添加内容：（显示块设备的相关属性 挂载盘的情况 blkid）
/dev/mapper/

在这里插入图片描述

服务开机自启动设置：

[root@localhost ~]# fdisk /dev/nvme0n2Welcome to fdisk (util-linux 2.37.4).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.Command (m for help): n
Partition typep   primary (0 primary, 0 extended, 4 free)e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-41943039, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-41943039, default 41943039): +5GCreated a new partition 1 of type 'Linux' and of size 5 GiB.Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.[root@localhost ~]# lsblk
NAME          MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
sr0            11:0    1  9.8G  0 rom  
nvme0n1       259:0    0   50G  0 disk 
├─nvme0n1p1   259:1    0  600M  0 part /boot/efi
├─nvme0n1p2   259:2    0    1G  0 part /boot
└─nvme0n1p3   259:3    0 48.4G  0 part ├─rhel-root 253:0    0 44.5G  0 lvm  /└─rhel-swap 253:1    0  3.9G  0 lvm  [SWAP]
nvme0n2       259:4    0   20G  0 disk 
└─nvme0n2p1   259:5    0    5G  0 part 
[root@localhost ~]# pvcreate pvexam /dev/nvme0n2No device found for pvexam.Cannot use /dev/nvme0n2: device is partitioned
[root@localhost ~]# vgcreate vgexam /dev/nvme0n2p1Physical volume "/dev/nvme0n2p1" successfully created.Volume group "vgexam" successfully created
[root@localhost ~]# lvcreate -n lvexam -L 3G vgexamLogical volume "lvexam" created.
[root@localhost ~]# mkfs.xfs /dev/mapper/vgexam-lvexam 
meta-data=/dev/mapper/vgexam-lvexam isize=512    agcount=4, agsize=196608 blks=                       sectsz=512   attr=2, projid32bit=1=                       crc=1        finobt=1, sparse=1, rmapbt=0=                       reflink=1    bigtime=1 inobtcount=1 nrext64=0
data     =                       bsize=4096   blocks=786432, imaxpct=25=                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=16384, version=2=                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@localhost ~]# mkdir /root/www
[root@localhost ~]# mount /dev/mapper/vgexam-lvexam /root/www

[root@localhost ~]# cd /etc/nginx/conf.d
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
2.2.2.131   www.account.com
[root@localhost conf.d]# vim /etc/hosts
[root@localhost conf.d]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
2.2.2.131   www.example.com
2.2.2.131   www.example.net
2.2.2.131   www.account.com
2.2.2.131   www.exam.com
[root@localhost conf.d]# vim con.conf
[root@localhost conf.d]# cat con.conf
server {server_name www.exam.com;root /www/exam.com/;access_log /www/nginx/exam.com/access.log;error_log /www/nginx/exam.com/error.log;
}
[root@localhost conf.d]# mkdir -p /www/nginx/exam.com/
[root@localhost conf.d]# echo exam.com > /root/www/exam.com/index.html
[root@localhost conf.d]# mkdir -p /www/exam.com/
[root@localhost conf.d]# mkdir /root/www/nginx/exam.com
[root@localhost conf.d]# setenforce 0
[root@localhost conf.d]# systemctl restart nginx

自动挂载：
[root@localhost conf.d]# blkid
/dev/mapper/rhel-swap: UUID="d9675047-ac80-4c05-a33b-010efac89d8c" TYPE="swap"
/dev/nvme0n1p3: UUID="kpeTos-N80e-ZJnl-cfyg-N1on-gxR4-sZeAOW" TYPE="LVM2_member" PARTUUID="146aabd0-2cff-494c-b0c1-d5a12bb236d3"
/dev/nvme0n1p1: UUID="7B98-B72C" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="4a7c4092-cdcc-4e5d-bf43-fae9584bfa0c"
/dev/nvme0n1p2: UUID="5373a599-7d61-4100-8be3-8773cecd18e6" TYPE="xfs" PARTUUID="f82559e8-dc45-4abb-92e9-9ec6bc5d256b"
/dev/sr0: UUID="2023-10-25-09-17-25-00" LABEL="RHEL-9-3-0-BaseOS-x86_64" TYPE="iso9660" PTUUID="ece57f7f" PTTYPE="dos"
/dev/mapper/vgexam-lvexam: UUID="39a5657b-6f74-4073-bf1b-37406849aca9" TYPE="xfs"
/dev/nvme0n2p1: UUID="eOG6OX-nsfn-yfIO-8uaY-UqQV-va37-9cWjC8" TYPE="LVM2_member" PARTUUID="ea4e1f45-01"
/dev/mapper/rhel-root: UUID="f3910070-cc8d-4ce9-a2b9-225aea787f16" TYPE="xfs"[root@localhost conf.d]# vim /etc/fstab
[root@localhost ~]# cat /etc/fstab #
# /etc/fstab
# Created by anaconda on Sun Oct 13 12:06:20 2024
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/rhel-root   /                       xfs     defaults        0 0
UUID=5373a599-7d61-4100-8be3-8773cecd18e6 /boot                   xfs     defaults        0 0
UUID=7B98-B72C          /boot/efi               vfat    umask=0077,shortname=winnt 0 2
/dev/mapper/rhel-swap   none                    swap    defaults        0 0
/dev/mapper/vgexam-lvexam      /www                xfs defaults   0 0[root@localhost conf.d]# vim /etc/selinux/config 
[root@localhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
# See also:
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/changing-selinux-states-and-modes_using-selinux#changing-selinux-modes-at-boot-time_changing-selinux-states-and-modes
#
# NOTE: Up to RHEL 8 release included, SELINUX=disabled would also
# fully disable SELinux during boot. If you need a system with SELinux
# fully disabled instead of SELinux running with no policy loaded, you
# need to pass selinux=0 to the kernel command line. You can use grubby
# to persistently set the bootloader to boot with selinux=0:
#
#    grubby --update-kernel ALL --args selinux=0
#
# To revert back to SELinux enabled:
#
#    grubby --update-kernel ALL --remove-args selinux
#
SELINUX=permissive
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@localhost ~]# systemctl  status nginx.service 
● nginx.service - The nginx HTTP and reverse proxy serverLoaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; preset: disabled)Active: active (running) since Thu 2024-10-31 19:52:44 CST; 44s agoProcess: 1217 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)Process: 1221 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)Process: 1252 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)Main PID: 1261 (nginx)Tasks: 5 (limit: 22739)Memory: 6.3MCPU: 26msCGroup: /system.slice/nginx.service├─1261 "nginx: master process /usr/sbin/nginx"├─1263 "nginx: worker process"├─1264 "nginx: worker process"├─1265 "nginx: worker process"└─1266 "nginx: worker process"Oct 31 19:52:44 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 31 19:52:44 localhost.localdomain nginx[1221]: nginx: the configuration file /etc/nginx/nginx.con>
Oct 31 19:52:44 localhost.localdomain nginx[1221]: nginx: configuration file /etc/nginx/nginx.conf te>
Oct 31 19:52:44 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
[root@localhost ~]# curl www.exam.com
exam.com