个人用户主页功能:每个用户建立一个独立的网站
以下实验中PC1为服务器端,IP地址为192.168.10.10;PC2和PC3为客户机端, IP地址为192.168.10.20和192.168.10.30。
1、在PC1服务器端部署apache服务
[root@PC1 ~]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe66:37f7 prefixlen 64 scopeid 0x20<link>
[root@PC1 ~]# yum install httpd -y
Loaded plugins: langpacks, product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-17.el7 will be installed
--> Processing Dependency: httpd-tools = 2.4.6-17.el7 for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-17.el7.x86_64
--> Running transaction check
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-17.el7 will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================
Package Arch Version Repository Size
============================================================================================
Installing:
httpd x86_64 2.4.6-17.el7 rhel7 1.2 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 rhel7 103 k
apr-util x86_64 1.5.2-6.el7 rhel7 92 k
httpd-tools x86_64 2.4.6-17.el7 rhel7 77 k
mailcap noarch 2.1.41-2.el7 rhel7 31 k
Transaction Summary
============================================================================================
Install 1 Package (+4 Dependent packages)
Total download size: 1.5 M
Installed size: 4.3 M
Downloading packages:
--------------------------------------------------------------------------------------------
Total 3.9 MB/s | 1.5 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64 1/5
Installing : apr-util-1.5.2-6.el7.x86_64 2/5
Installing : httpd-tools-2.4.6-17.el7.x86_64 3/5
Installing : mailcap-2.1.41-2.el7.noarch 4/5
Installing : httpd-2.4.6-17.el7.x86_64 5/5
rhel7/productid | 1.6 kB 00:00:00
Verifying : mailcap-2.1.41-2.el7.noarch 1/5
Verifying : httpd-tools-2.4.6-17.el7.x86_64 2/5
Verifying : apr-1.4.8-3.el7.x86_64 3/5
Verifying : apr-util-1.5.2-6.el7.x86_64 4/5
Verifying : httpd-2.4.6-17.el7.x86_64 5/5
Installed:
httpd.x86_64 0:2.4.6-17.el7
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7
httpd-tools.x86_64 0:2.4.6-17.el7 mailcap.noarch 0:2.1.41-2.el7
Complete!
2、在PC1服务器端修改用户配置文件
[root@PC1 ~]# vim /etc/httpd/conf.d/userdir.conf
1 #
2 # UserDir: The name of the directory that is appended onto a user's home
3 # directory if a ~user request is received.
4 #
5 # The path to the end user account 'public_html' directory must be
6 # accessible to the webserver userid. This usually means that ~userid
7 # must have permissions of 711, ~userid/public_html must have permissions
8 # of 755, and documents contained therein must be world-readable.
9 # Otherwise, the client will only receive a "403 Forbidden" message.
10 #
11 <IfModule mod_userdir.c>
12 #
13 # UserDir is disabled by default since it can confirm the presence
14 # of a username on the system (depending on home directory
15 # permissions).
16 #
17 #UserDir disabled
18
19 #
20 # To enable requests to /~user/ to serve the user's public_html
21 # directory, remove the "UserDir disabled" line above, and uncomment
22 # the following line instead:
23 #
24 UserDir public_html
25 </IfModule>
26
27 #
28 # Control access to UserDir directories. The following is an example
29 # for a site where these directories are restricted to read-only.
…………
3、在PC1服务器端创建两个测试用户
[root@PC1 ~]# cd /home/
[root@PC1 home]# ls
linuxprobe
[root@PC1 home]# useradd usertest1
[root@PC1 home]# useradd usertest2
[root@PC1 home]# echo redhat | passwd --stdin usertest1
Changing password for user usertest1.
passwd: all authentication tokens updated successfully.
[root@PC1 home]# echo redhat | passwd --stdin usertest2
Changing password for user usertest2.
passwd: all authentication tokens updated successfully.
[root@PC1 home]# ls
linuxprobe usertest1 usertest2
4、在PC1服务器端切换至测试用户usertest1,创建网站数据目录、修改权限
[root@PC1 home]# su - usertest1
[usertest1@PC1 ~]$ pwd
/home/usertest1
[usertest1@PC1 ~]$ mkdir public_html
[usertest1@PC1 ~]$ ls
public_html
[usertest1@PC1 ~]$ cd public_html/
[usertest1@PC1 public_html]$ ls
[usertest1@PC1 public_html]$ echo "welcome to 192.168.10.10 usertest1!" > index.html
-bash: !": event not found
[usertest1@PC1 public_html]$ echo "welcome to 192.168.10.10 usertest1\!" > index.html
[usertest1@PC1 public_html]$ ls
index.html
[usertest1@PC1 public_html]$ cat index.html
welcome to 192.168.10.10 usertest1\!
[usertest1@PC1 public_html]$ ll -d /home/usertest1
drwx------. 6 usertest1 usertest1 4096 Dec 16 23:21 /home/usertest1
[usertest1@PC1 public_html]$ chmod -R 755 /home/usertest1
[usertest1@PC1 public_html]$ ll -d /home/usertest1
drwxr-xr-x. 6 usertest1 usertest1 4096 Dec 16 23:21 /home/usertest1
5、在PC1服务器端切换至测试用户usertest2,创建网站数据目录、修改权限
[usertest1@PC1 public_html]$ su - usertest2
Password:
[usertest2@PC1 ~]$ pwd
/home/usertest2
[usertest2@PC1 ~]$ mkdir public_html
[usertest2@PC1 ~]$ ls
public_html
[usertest2@PC1 ~]$ cd public_html/
[usertest2@PC1 public_html]$ ls
[usertest2@PC1 public_html]$ echo " here is 192.168.10.10 usertest2" > index.html
[usertest2@PC1 public_html]$ ls
index.html
[usertest2@PC1 public_html]$ cat index.html
here is 192.168.10.10 usertest2
[usertest2@PC1 public_html]$ ll -d /home/usertest2
drwx------. 6 usertest2 usertest2 4096 Dec 16 23:24 /home/usertest2
[usertest2@PC1 public_html]$ chmod -R 755 /home/usertest2
[usertest2@PC1 public_html]$ ll -d /home/usertest2
drwxr-xr-x. 6 usertest2 usertest2 4096 Dec 16 23:24 /home/usertest2
6、在PC1服务器端重启apche服务
[usertest2@PC1 public_html]$ su - root
Password:
Last login: Wed Dec 2 16:39:39 CST 2020 on :0
[root@PC1 ~]# systemctl restart httpd
[root@PC1 ~]# systemctl enable httpd.service
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@PC1 ~]# systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Wed 2020-12-16 23:27:33 CST; 29s ago
Main PID: 4265 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─4265 /usr/sbin/httpd -DFOREGROUND
├─4266 /usr/sbin/httpd -DFOREGROUND
├─4267 /usr/sbin/httpd -DFOREGROUND
├─4268 /usr/sbin/httpd -DFOREGROUND
├─4269 /usr/sbin/httpd -DFOREGROUND
└─4270 /usr/sbin/httpd -DFOREGROUND
Dec 16 23:27:33 PC1 systemd[1]: Starting The Apache HTTP Server...
Dec 16 23:27:33 PC1 httpd[4265]: AH00557: httpd: apr_sockaddr_info_get() failed for PC1
Dec 16 23:27:33 PC1 httpd[4265]: AH00558: httpd: Could not reliably determine the serv...age
Dec 16 23:27:33 PC1 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
7、在PC1服务器端清空防火墙策略,并使其生效
[root@PC1 ~]# iptables -F
[root@PC1 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
8、在PC2和PC3客户机端测试与PC1服务器端的网络连通性
[root@PC2 Desktop]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.20 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe25:bb3e prefixlen 64 scopeid 0x20<link>
[root@PC2 Desktop]# ping -c 3 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.295 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.259 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.222 ms
--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.222/0.258/0.295/0.035 ms
[root@PC3 Desktop]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.30 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe7d:e711 prefixlen 64 scopeid 0x20<link>
[root@PC3 Desktop]# ping -c 3 192.168.10.10
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.331 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.214 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.157 ms
--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.157/0.234/0.331/0.072 ms
9、在PC2和PC3客户端测试PC1端的配置效果
10、在PC1服务器端设置SELinux域权限
[root@PC1 ~]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
named_tcp_bind_http_port --> off
prosody_bind_http_port --> off
[root@PC1 ~]# setsebool -P httpd_enable_homedirs=on
[root@PC1 ~]# getsebool -a | grep http
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_execmem --> off
httpd_graceful_shutdown --> on
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off
named_tcp_bind_http_port --> off
prosody_bind_http_port --> off
11、 在PC2客户机端测试调整效果 (可以访问)
12、在PC3客户机端测试配置效果 (可以访问)
以上实验实现了在PC1服务器端分别为普通用户usertest1和usertest2分别部署个人用户的网站。