实验要求

• 组建多个子目录网站www.openlab.com，该网站有2个子目录www.openlab.com/sxhkt和www.openlab.com/zy
• www.openlab.com/sxhkt使用http读取
• www.openlab.com/zy使用https读取

实验步骤

• 准备工作

[root@server ~]# setenforce 0[root@server ~]# systemctl stop firewalld[root@server ~]# systemctl disable firewalld[root@server ~]# yum install nginx -y[root@server ~]# systemctl start nginx[root@server ~]# systemctl enable nginx

• 创建网页目录

[root@server ~]# mkdir -p /www/sxhkt
[root@server ~]# mkdir -p /www/zy#使用mobaxterm上传网页数据

• Windows端建立本地hosts域名映射
• 
• 建立sxhkt的http网站

[root@server ~]# vim /etc/nginx/nginx.confserver {listen       80;listen       [::]:80;server_name  www.openlab.com;location /sxhkt {alias  /www/sxhkt;index index.html index.htm;}return 301 https://www.openlab.com;    #输入http跳转到https# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;error_page 404 /404.html;location = /404.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}

• 建立zy的https网站

#先制作私钥
#在/etc/nginx目录下制作证书所用的私钥文件zy.key
[root@server ~]# openssl genrsa -aes128 2048 > /etc/nginx/zy.key
Enter PEM pass phrase:                        #输入加密私钥的密码12345
Verifying - Enter PEM pass phrase:            #再输一遍#再制作证书 （证书需要用CA的私钥进行加密，所以在制作证书之前先制作私钥，证书中含有网站的公钥）
[root@server ~]# openssl req -utf8 -new -key  /etc/nginx/zy.key  -x509  -days  365  -out  /etc/nginx/zy.crt
Enter pass phrase for /etc/nginx/sxhkt.key:       #输入加密私钥的密码12345
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86     #国家代码
State or Province Name (full name) []:shanxi   #省份
Locality Name (eg, city) [Default City]:xian    #城市
Organization Name (eg, company) [Default Company Ltd]:openlab  #公司
Organizational Unit Name (eg, section) []:rhce    #部门
Common Name (eg, your name or your server's hostname) []:server   #主机名
Email Address []:and@qq.com   #邮箱#在加载ssl支持的nginx并使用上述私钥时必须去除设置的私钥密码12345
[root@server ~]# cd /etc/nginx
[root@server nginx]# cp zy.key zy.key.org  #先做备份
[root@server nginx]# openssl rsa -in zy.key.org -out zy.key  #去除密码
Enter pass phrase for sxhkt.key.org:         #输入加密私钥的密码12345
writing RSA key[root@server ~]# vim /etc/nginx/nginx.confserver {listen       443 ssl http2;listen       [::]:443 ssl http2;server_name  www.openlab.com;location /zy {alias  /www/zy;index index.html index.htm;}ssl_certificate "/etc/nginx/zy.crt";ssl_certificate_key "/etc/nginx/zy.key";ssl_session_cache shared:SSL:1m;ssl_session_timeout  10m;ssl_ciphers PROFILE=SYSTEM;ssl_prefer_server_ciphers on;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}

• 重启服务，测试

[root@server ~]# systemctl restart nginx#在Windows端浏览器上输入www.openlab.com/sxhkt和www.openlab.com/zy，其中www.openlab.com/zy会跳转到https://www.openlab.com/zy