• 博客园logo
  • 会员
  • 众包
  • 新闻
  • 博问
  • 闪存
  • 赞助商
  • HarmonyOS
  • Chat2DB
    • 搜索
      所有博客
    • 搜索
      当前博客
  • 写随笔 我的博客 短消息 简洁模式
    用户头像
    我的博客 我的园子 账号设置 会员中心 简洁模式 ... 退出登录
    注册 登录
悬溺
博客园    首页    新随笔    联系   管理    订阅  订阅
httpd安装,配置三种不同类型的虚拟主机,httpd配置。访问控制配置

安装开发环境
//yum安装依赖包,主程序用源码安装
需先安装依赖包

[root@rhel1 ~]# yum group mark install "Development Tools"  //安装开发工具包
上次元数据过期检查:21:12:37 前,执行于 2022年04月16日 星期六 06时57分08秒。
依赖关系解决。
=======================================================================================
 软件包                 架构                  版本                    仓库             
=======================================================================================
安装组:
 Development Tools                                                                     

事务概要
=======================================================================================

确定吗?[y/N]: y
完毕!
[root@rhel1 ~]# useradd -r -M -s /sbin/nologin apache  创建Apache用户
[root@rhel1 ~]# id apache
uid=48(apache) gid=48(apache) 组=48(apache)
[root@rhel1 ~]# grep apache /etc/group
apache:x:48:

[root@rhel1 ~]# yum -y install openssl-devel pcre-devel expat-devel libtool  //安装依赖包
上次元数据过期检查:21:20:27 前,执行于 2022年04月16日 星期六 06时57分08秒。
软件包 libtool-2.4.6-25.el8.x86_64 已安装。
依赖关系解决。
======================================================================================
 软件包                     架构          版本                    仓库           大小
======================================================================================
安装:
 expat-devel                x86_64        2.2.5-8.el8             baseos         57 k
 openssl-devel              x86_64        1:1.1.1k-6.el8          baseos        2.3 M
 pcre-devel                 x86_64        8.42-6.el8              baseos        551 k
//安装之后用到的命令工具
[root@rhel1 ~]# dnf -y install wget
[root@rhel1 ~]# dnf -y install gcc gcc-c++
[root@rhel1 ~]# dnf -y install vim
[root@rhel1 ~]# dnf -y install make

使用wget命令下载apr-1.7.0,apr-util-1.6.1,httpd-2.4.53安装包

[root@rhel1 ~]# wget https://downloads.apache.org/apr/apr-1.7.0.tar.gz
[root@rhel1 ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@rhel1 ~]# wget https://downloads.apache.org/httpd/httpd-2.4.53.tar.gz
[root@rhel1 ~]# ls  //可以看到已经下载完成
anaconda-ks.cfg  apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.53.tar.gz

解压apr-1.7.0 apr-util-1.6.1 httpd-2.4.53压缩包

[root@rhel1 ~]# tar xf apr-1.7.0.tar.gz 
[root@rhel1 ~]# tar xf apr-util-1.6.1.tar.gz 
[root@rhel1 ~]# tar xf httpd-2.4.53.tar.gz 
[root@rhel1 ~]# ls
anaconda-ks.cfg  apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.53.tar.gz
apr-1.7.0        apr-util-1.6.1    httpd-2.4.53

安装apr-1.7.0 apr-util-1.6.1 httpd-2.4.53

[root@rhel1 ~]# cd apr-1.7.0
[root@rhel1 apr-1.7.0]# 
[root@rhel1 apr-1.7.0]# ls
apr-config.in  build.conf        dso         libapr.rc     NOTICE         support
apr.dep        buildconf         emacs-mode  LICENSE       NWGNUmakefile  tables
apr.dsp        build-outputs.mk  encoding    locks         passwd         test
apr.dsw        CHANGES           file_io     Makefile.in   poll           threadproc
apr.mak        CMakeLists.txt    helpers     Makefile.win  random         time
apr.pc.in      config.layout     include     memory        README         tools
apr.spec       configure         libapr.dep  misc          README.cmake   user
atomic         configure.in      libapr.dsp  mmap          shmem
build          docs              libapr.mak  network_io    strings
[root@rhel1 apr-1.7.0]# vim configure
cfgfile="${ofile}T"
    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
    #$RM "$cfgfile"       //将此行注释,或删除
[root@rhel1 apr-1.7.0]# ./configure --prefix=/usr/local/apr
[root@rhel1 apr-1.7.0]# make  //编译
[root@rhel1 apr-1.7.0]# make install //安装
[root@rhel1 apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr  //编译子包时需要告诉主包位置
[root@rhel1 apr-util-1.6.1]# make  //编译
[root@rhel1 apr-util-1.6.1]# make install
[root@rhel1 apr-util-1.6.1]# cd ../httpd-2.4.53
[root@rhel1 httpd-2.4.53]# 
[root@rhel1 httpd-2.4.53]# pwd
/root/httpd-2.4.53
[root@rhel1 httpd-2.4.53]# ./configure --prefix=/usr/local/apache \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork       //定制功能安装
[root@rhel1 httpd-2.4.53]# make 
[root@rhel1 httpd-2.4.53]# make install
[root@rhel1 httpd-2.4.53]# cd
[root@rhel1 ~]# 
[root@rhel1 ~]# 
[root@rhel1 ~]# ls
anaconda-ks.cfg  apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.53.tar.gz
apr-1.7.0        apr-util-1.6.1    httpd-2.4.53
[root@rhel1 ~]# ls /usr/local/
apache  apr-util  etc    include  lib64    sbin   src
apr     bin       games  lib      libexec  share
[root@rhel1 ~]# cd /usr/local/apache/
[root@rhel1 apache]# ls
bin  build  cgi-bin  conf  error  htdocs  icons  include  logs  man  manual  

设置环境变量

[root@rhel1 ~]# echo 'export PATH=/usr/loacl/apache/bin:$PATH'>/etc/profile.d/apache.sh
[root@rhel1 ~]# 
[root@rhel1 ~]# source /etc/profile.d/apache.sh 
[root@rhel1 ~]# which httpd  //查看httpd命令
/usr/local/apache/bin/httpd
[root@rhel1 ~]# which apachectl  //查看apachectl命令
/usr/local/apache/bin/apachectl

映射关系处理

[root@rhel1 ~]# ln -s /usr/local/apache/include/ /usr/include/apache  //设置软链接,将include,链接到apache
[root@rhel1 ~]# vim /etc/man_db.conf  //编辑man文档
#MANDATORY_MANPATH                      /usr/src/pvm3/man
#
MANDATORY_MANPATH                       /usr/man
MANDATORY_MANPATH                       /usr/share/man
MANDATORY_MANPATH                       /usr/local/share/man
MANDATORY_MANPATH                       /usr/local/apache/man   //添加apache的man文档路径

关闭防火墙

[root@rhel1 ~]# systemctl disable --now firewalld.service   //开机不自启并且立马关闭
[root@rhel1 ~]# systemctl status firewalld  //查看状态
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: 
   Active: inactive (dead)
     Docs: man:firewalld(1)
[root@rhel1 ~]# setenforce 0    //关闭selinux并当前生效(0关闭,1开启)
[root@rhel1 ~]# getenforce      
Permissive
[root@rhel1 ~]# vim /etc/selinux/config    //编译selinux/config  
SELINUX=enforcing>SELINUX=disabled  //更改后永久关闭
[root@rhel1 ~]# ss -antl     //查看80端口号是否开启
State    Recv-Q   Send-Q       Local Address:Port       Peer Address:Port   Process   
LISTEN   0        128                0.0.0.0:22              0.0.0.0:*                
LISTEN   0        128                      *:80                    *:*                
LISTEN   0        128                   [::]:22                 [::]:*                

访问虚拟机的IP地址

取消警告信息

[root@localhost ~]# cd /usr/local/apache/
[root@localhost apache]# ls
bin(存放命令)  build  cgi-bin  conf(放配置文件)  error  htdocs(存放网站)  icons  include  logs(存放日志)  man  manual  modules
[root@localhost apache]# cd conf/
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost conf]# vim httpd.conf
#ServerName www.example.com:80  //将这一行前面的注释删掉
[root@localhost conf]# apachectl start  //此时发现已经没有警告
[root@localhost conf]# ss -antl
State     Recv-Q    Send-Q        Local Address:Port         Peer Address:Port    Process
LISTEN    0         128                    [::]:111                  [::]:*
LISTEN    0         128                       *:80                      *:*
LISTEN    0         128                    [::]:22                   [::]:*
[root@localhost ~]# cd /usr/lib/systemd/system
[root@localhost system]# ls sshd.service
sshd.service
[root@localhost system]# cp sshd.service httpd.service  //放service文件的位置进去后复制一份然后改名为httpd.service
[root@localhost system]# vim httpd.service   //编辑这个文件
[Unit]
Description=httpd server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking    
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop  //添加停止命令
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

[root@localhost system]# systemctl daemon-reload  //重新加载
[root@localhost system]# cd
[root@localhost ~]# systemctl status httpd //发现已经有此服务
● httpd.service - httpd server daemont
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)  //服务显示默认关闭
[root@localhost ~]# systemctl start httpd  //使用systemctl开启httpd服务
[root@localhost ~]# ss -antl  //查看发现开启80端口成功
State     Recv-Q    Send-Q        Local Address:Port         Peer Address:Port    Process
LISTEN    0         128                 0.0.0.0:22                0.0.0.0:*
LISTEN    0         128                       *:80                      *:*
LISTEN    0         128                    [::]:22                   [::]:*[root@localhost system]# systemctl enable --now httpd  //设置开机自启
[root@localhost ~]# systemctl status httpd
● httpd.service - httpd server daemont
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2022-04-17 02:21:15 CST; 7min ago
 Main PID: 71465 (httpd)
    Tasks: 6 (limit: 4596)
   Memory: 4.2M
   CGroup: /system.slice/httpd.service
           ├─71465 /usr/local/apache/bin/httpd -k start
           ├─71466 /usr/local/apache/bin/httpd -k start
           ├─71467 /usr/local/apache/bin/httpd -k start
           ├─71468 /usr/local/apache/bin/httpd -k start
           ├─71469 /usr/local/apache/bin/httpd -k start
           └─71470 /usr/local/apache/bin/httpd -k start

4月 17 02:21:15 localhost.localdomain systemd[1]: Starting httpd server daemont...
4月 17 02:21:15 localhost.localdomain systemd[1]: Started httpd server daemont.

虚拟主机:
虚拟主机有三类:

相同IP不同端口
不同IP相同端口
相同IP相同端口不同域名

相同IP不同端口
[root@localhost ~]# cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost conf]# ls extra/
httpd-autoindex.conf  httpd-languages.conf           httpd-ssl.conf
httpd-dav.conf        httpd-manual.conf              httpd-userdir.conf
httpd-default.conf    httpd-mpm.conf                 httpd-vhosts.conf
httpd-info.conf       httpd-multilang-errordoc.conf  proxy-html.conf
[root@localhost extra]# cd /usr/local/apache/htdocs/  //此目录为存放完网站的目录
[root@localhost htdocs]# mkdir hxwyy.example.com  //创建一个目录用于存放网站
[root@localhost conf]# vim /usr/local/apache/conf/extra/httpd-vhosts.conf  //修改虚拟主机文件
[root@localhost conf]# vim /usr/local/apache/conf/httpd.conf  //将此文件的下面一行 注释取消 让其包含虚拟主机文件 使其生效
Include conf/extra/httpd-vhosts.conf
[root@localhost conf]# systemctl restart httpd //重启服务

[root@localhost htdocs]# cd hxwyy.example.com/
[root@localhost hxwyy.example.com]# echo "123">index.html
[root@localhost hxwyy.example.com]# ls
index.html //创建网站的此时页面
不同IP相同端口
[root@localhost extra]# ip addr add 192.168.78.136/24 dev ens33  //为ens33添加一个新的ip   此添加为临时添加
[root@localhost extra]# ip addr show ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:2a:62:e5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.47.128/24 brd 192.168.78.136 scope global dynamic noprefixroute ens33
       valid_lft 1776sec preferred_lft 1776sec
    inet 192.168.47.129/24 scope global secondary ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe2a:62e5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

![](https://img2022.cnblogs.com/blog/2844307/202204/2844307-20220416221754173-1959151199.jpg)


[root@localhost extra]# vim httpd-vhosts.conf
[root@localhost extra]# cat httpd-vhosts.conf
<VirtualHost 192.168.78.136:80>  //修为固定ip
    DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
    ServerName hxwyy.example.com
    ErrorLog "logs/hxwyy.example.com-error_log"
    CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>

<VirtualHost 192.168.78.135:80>   //修改为新添加的ip端口号改为80
    DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
    ServerName mgjmg.example.com
    ErrorLog "logs/mgjmg.example.com-error_log"
    CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service  //重启服务
相同ip端口不同域名
[root@localhost extra]# vim httpd-vhosts.conf 
[root@localhost extra]# cat httpd-vhosts.conf 
<VirtualHost *:80>  //将原来的固定IP修改为*
    DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
    ServerName hxwyy.example.com   //此处是域名
    ErrorLog "logs/hxwyy.example.com-error_log"
    CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>

<VirtualHost *:80>  //将原来的固定IP修改为*
    DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
    ServerName mgjmg.example.com   //此处是域名
    ErrorLog "logs/mgjmg.example.com-error_log"
    CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>

域名是无法访问的需要修改hosts文件
hosts文件内添加这两行
192.168.78.136 hxwyy.example.com
192.168.78.135 mgjmg.example.com

配置拒指定ip访问

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/hxwyy.example.com"
    ServerName hxwyy.example.com
    ErrorLog "logs/hxwyy.example.com-error_log"
    CustomLog "logs/hxwyy.example.com-access_log" common
</VirtualHost>

<Directory "/usr/local/apache/htdocs/hxwyy.example.com">   
    <RequireAll>
        Require not ip 192.168.78.134  //添加要拒绝的ip
        Require all granted
    </RequireAll>
</Directory>

<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"
    ServerName mgjmg.example.com
    ErrorLog "logs/mgjmg.example.com-error_log"
    CustomLog "logs/mgjmg.example.com-access_log" common
</VirtualHost>
[root@localhost extra]# systemctl restart httpd.service 

对主机无法访问

配置https步骤

[root@rhel1 ~]# cd /usr/local/apache/conf/
[root@rhel1 conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@rhel1 conf]# vim httpd.conf  //取消注释
LoadModule ssl_module modules/mod_ssl.so  //注释掉这一行


生成证书
openssl实现私有CA:

[root@localhost ~]# cd /etc/pki/
[root@localhost pki]# mkdir CA
[root@localhost pki]# cd CA/
[root@localhost CA]# mkdir private
[root@localhost CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)  //在private目录下生成私钥文件
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................+++++
..............+++++
e is 65537 (0x010001)
[root@localhost CA]# ls private/
cakey.pem
[root@localhost CA]# openssl rsa -in private/cakey.pem -pubout
writing RSA key   //查看公钥
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzImoXl90+hG4T/3l8TJ2
vsSKWWXN2nuWWa05yBNA+GznsQL5xRxQhjAirjv1aP2mHLAuiecnaVgvC1Fx2fBR
yWyZDM8xUAbbm/LvNwj98jcbZYdO+nyNXSBEPe+eOx8lsdeZ/Q1adrFYnpZoOcmA
PH6AukIT5KmllY1l2m+cqTYAz5SoaKjZeT7xXpWC2hMjByQkrdfnEaf4FFn/LnSs
9wlcTWWI3xrSOG2AdaV+duYE0r7kFqg3Qzmu05hRDEML/jyMza8yyFtguyhyYi/n
czcGrPEaos3s6+FEcP5EjO16JJyvsFzDSihJRYZ+0GgX93cb0YBu2IfdwCR7XEnF
YQIDAQAB
-----END PUBLIC KEY-----

CA生成自签署证书

[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365  //生成一个证书 有效日期为365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN  //国家

State or Province Name (full name) []:HB //省份
Locality Name (eg, city) [Default City]:WH //市
Organization Name (eg, company) [Default Company Ltd]:kurumi  //公司
Organizational Unit Name (eg, section) []:kurumi  //单位
Common Name (eg, your name or your server's hostname) []:mgjmg.example.com  //域名
Email Address []:1@123.com  //邮箱
[root@localhost CA]# mkdir certs newcerts crl
[root@localhost CA]# touch index.txt && echo 01 > serial

服务器生成httpd密钥

[root@localhost CA]#  cd /usr/local/apache/conf/
[root@localhost conf]# ls
extra  httpd.conf  magic  mime.types  original
[root@localhost conf]# mkdir ssl
[root@localhost conf]#  cd ssl/
[root@localhost ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus (2 primes)
...............+++++
....................................................................................................+++++
e is 65537 (0x010001)

服务器生成证书签署请求

[root@localhost ssl]# openssl req -new -key httpd.key -days 365 -out httpd.csr
Ignoring -days; not generating a certificate
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:kurumi
Organizational Unit Name (eg, section) []:kurumi
Common Name (eg, your name or your server's hostname) []:web.example.com
Email Address []:1@123.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@localhost ssl]# ls
httpd.csr  httpd.key

CA签署客户端提交上来的证书

[root@localhost ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Apr 16 23:55:00 2022 GMT
            Not After : Apr 16 23:55:00 2023 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HB
            organizationName          = kurumi
            organizationalUnitName    = kurumi
            commonName                = web.example.com
            emailAddress              = 1@123.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                29:9C:D0:27:4B:0A:F2:C4:3F:16:64:FF:10:25:17:B5:2D:8C:8B:95
            X509v3 Authority Key Identifier: 
                keyid:06:4C:FC:24:29:DF:6F:27:2F:F3:0D:7C:E5:33:DC:C1:3C:D2:F3:6D

Certificate is to be certified until Apr 16 23:55:00 2023 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# ls
httpd.crt  httpd.csr  httpd.key

在httpd-ssl.conf中配置证书的位置

[root@localhost ssl]# cd /usr/local/apache/conf/
[root@localhost conf]# vim httpd.conf  //取消注释 
Include conf/extra/httpd-ssl.conf

[root@localhost conf]# vim extra/httpd-ssl.conf  
DocumentRoot "/usr/local/apache/htdocs/mgjmg.example.com"   //修改为证书的域名
ServerName mgjmg.example.com:443   //修改
ServerAdmin you@example.com   
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
SSLCertificateFile "/usr/local/apache/conf/ssl/httpd.crt"   //修改httpdctl的路径
SSLCertificateKeyFile "/usr/local/apache/conf/ssl/httpd.key"  //修改httpd.key的路径
[root@localhost conf]# httpd -t //检测成功
Syntax OK
[root@localhost conf]# systemctl restart httpd  //重启服务
[root@localhost conf]# ss -antl
State  Recv-Q  Send-Q   Local Address:Port   Peer Address:Port Process 
LISTEN 0       128            0.0.0.0:111         0.0.0.0:*              
LISTEN 0       128          127.0.0.1:6010        0.0.0.0:*            
LISTEN 0       128          127.0.0.1:6011        0.0.0.0:*            
LISTEN 0       128               [::]:111            [::]:*            
LISTEN 0       128                  *:80                *:*                       
LISTEN 0       128                  *:443               *:*            

使用https访问

配置https步骤:

生成证书
配置httpd.conf,取消以下内容的注释

LoadModule ssl_module modules/mod_ssl.so
Include /etc/httpd24/extra/httpd-vhosts.conf
Include /etc/httpd24/extra/httpd-ssl.conf

在httpd-vhosts.conf中配置虚拟主机
在httpd-ssl.conf中配置证书的位置
检查配置文件是否有语法错误
启动或重启服务
设置hosts以便用域名访问

posted on 2022-04-17 16:16  悬溺·  阅读(381)  评论(0)    收藏  举报
刷新页面返回顶部
博客园  ©  2004-2025
浙公网安备 33010602011771号 浙ICP备2021040463号-3