http服务之二

httpd


http协议:

http事务:
   请求:request
   响应:response

报文语法格式:

request报文

<method> <request-URL> <version>
    <headers>

<entity-body>

response报文

<version> <status> <reason-phrase 原因短语>
<headers>
<entity-body>

method: 请求方法,标明客户端希望服务器对资源执行的动作
    GET、HEAD、POST

method(方法):

     GET:从服务器获取一个资源;
     HEAD:只从服务器获取文档的响应首部;
     POST:向服务器发送要处理的数据;
     PUT:将请求的主体部分存储在服务器上;
     DELETE:请求删除服务器上指定的文档;
     TRACE:追踪请求到达服务器中间经过的代理服务器;
    OPTIONS:请求服务器返回对指定资源支持使用的请求方法;

version:

    HTTP/<major>.<minor>

status:

三位数字,如200,301, 302, 404, 502; 标记请求处理过程中发生的情况;

status(状态码):
            1xx:100-101, 信息提示;
            2xx:200-206, 成功
            3xx:300-305, 重定向
            4xx:400-415, 错误类信息,客户端错误
            5xx:500-505, 错误类信息,服务器端错误

常用的状态码:
        200: 成功,请求的所有数据通过响应报文的entity-body部分发送;OK
        301: 请求的URL指向的资源已经被删除;但在响应报文中通过首部Location指明了资源现在所处的新位置;Moved Permanently
        302: 与301相似,但在响应报文中通过Location指明资源现在所处临时新位置; Found
        304: 客户端发出了条件式请求,但服务器上的资源未曾发生改变,则通过响应此响应状态码通知客户端;Not Modified
        401: 需要输入账号和密码认证方能访问资源;Unauthorized
        403: 请求被禁止;Forbidden
        404: 服务器无法找到客户端请求的资源;Not Found
        500: 服务器内部错误;Internal Server Error
        502: 代理服务器从后端服务器收到了一条伪响应;Bad Gateway

reason-phrase:

状态码所标记的状态的简要描述;

headers:

格式:
    name:Value

每个请求或响应报文可包含任意个首部;每个首部都有首部名称,后面跟一个冒号,而后跟上一个可选空格,接着是一个值;

entity-body:

请求时附加的数据或响应时附加的数据;

协议查看或分析的工具:

    tcpdump, tshark, wireshark

首部分类:

通用首部、请求首部、响应首部、实体首部、扩展首部

http服务之二    

通用首部:

Connection: {close|keep-alive}
Date:报文创建的日期时间
Via:经由那里跳转而来的! (一般在响应报文中添加,主要是告诉,是经过多少个中间节点而来的)
Cache-Control:缓存控制;
Pragma:为了兼容1.0的缓存

请求首部:

Host:指明请求的主机
Referer:跳转至当前页面的上级资源; (从哪个连接跳转过来的)
User-Agent:用户代理;服务器端在相应报文时有可能会压缩以后再响应,并非所有的浏览器都支持一些高级功能,于是就要根据客户端浏览器类型来决定浏览器的生成!
Client-IP:

Accept:可接收的MIME类型;
Accept-Language:
Accept-Encoding:gzip, defalte, 
Accept-Charset:字符集格式
        ...


条件式请求首部:

    Except:
    If-Modified-Since:自从某个时间之后是否发生修改
    If-Unmodified-Since:是否未曾发生过修改
    If-None-Match :与某个扩展是否不匹配
    If-Match
        用来做缓存同步测试的

安全相关的请求首部:

    Authorization:请求授权
    Cookie:追踪用户行为用 
    Cookie2:

响应首部:

安全相关的首部:
    WWW-Authenticate:认证质询
    Set-Cookie:
    Set-Cookie2:            

    信息性首部:
    Server:

协商类首部:

    Accept-Range:服务器端可接受的请求类型范围
    Vary:其它首部列表

实体首部:

Content-Encoding  内容编码
Content-Language    内容的语言
Content-Lenth    内容长度    
Content-Location    位置
Content-Type     媒体类型
...

Allow:允许使用的请求方法;
Location: 真正的资源位置所在的地址

缓存相关:
    Etag:扩展标签
    Last-Modified:最近一次的修改
    Expires:    过期时间

扩展首部:

X-Forwarded-For 从哪里过来的用来追踪用户的访问
    ……

完整格式:

url:Uniform Resource Locator 
    scheme://host:port/path

scheme://[<user>[:<password>]@<host>[:<port>]/    <path>;<params>?<query>#frag

    params:参数, ;param1=value1&param2=value2
    query:查询字符串, ?field1=value1&field2=value2
    frag:#号引导的页面锚定,#frag_id, 例如#ch1

《http权威指南》前4章

httpd-2.4基本配置:

curl命令

    curl是基于URL语法在命令行方式下工作的文件传输工具,
    它支持FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE及LDAP等协议。curl支持HTTPS认证,
    并且支持HTTP的POST、PUT等方法,FTP上传, kerberos认证,HTTP上传,代理服务器, cookies, 用户名/密码认证,
     下载文件断点续传,上载文件断点续传, http代理服务器管道( proxy tunneling), 甚至它还支持IPv6, socks5代理服务器,
     通过http代理服务器上传文件到FTP服务器等等,功能十分强大。

curl  [options]  [URL…]

curl的常用选项:

        -A/--user-agent <string> 设置用户代理发送给服务器;伪装自己的浏览器类型

        --basic 使用HTTP基本认证

        -e/--referer <URL> 来源网址

        --cacert <file> CA证书 (SSL)

        --compressed 要求返回是压缩的格式

        -H/--header <line>自定义首部信息传递给服务器

        -I/--head 只显示响应报文首部信息

        --limit-rate <rate> 设置传输速度

        -u/--user <user[:password]>设置服务器的用户和密码

        -0/--http1.0 使用HTTP 1.0    

        -X, --request <command>:自定义请求方法默认是GET方法

另一个工具:elinks

elinks  [OPTION]... [URL]...
    -dump: 不进入交互式模式,而直接将URL的内容输出至标准输出;

15、使用mod_deflate模块压缩页面优化传输速度

适用场景:
   (1) 节约带宽,额外消耗CPU;同时,可能有些较老浏览器不支持;
   (2) 压缩适于压缩的资源,例如文件文件;

可以用 curl –compressed  -I 网址  来获取某个文件的首部信息的压缩信息

    SetOutputFilter DEFLATE #---(过滤选项)

    # mod_deflate configuration  (过滤的内容)

    # Restrict compression to these MIME types
    AddOutputFilterByType DEFLATE text/plain 
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/css

    # Level of compression (Highest 9 - Lowest 1)  定义压缩比
    DeflateCompressionLevel 9

    # Netscape 4.x has some problems. 一下是对单个类型的浏览器的压缩选项作出调整
    BrowserMatch ^Mozilla/4  gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    BrowserMatch  ^Mozilla/4\.0[678]  no-gzip

    # MSIE masquerades as Netscape, but it is fine
    BrowserMatch \bMSI[E]  !no-gzip !gzip-only-text/html

16、https,  http over ssl

    OpenSSL: (单ip只能有一个站点能用ssl)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
        libcrpyto, libssl (ssl/tls), openssl

    PKI: 
        CA, 

    SSL会话的简化过程
        (1) 客户端发送可供选择的加密方式,并向服务器请求证书;
        (2) 服务器端发送证书以及选定的加密方式给客户端;
        (3) 客户端取得证书并进行证书验正:
                如果信任给其发证书的CA:
                (a) 验正证书来源的合法性;用CA的公钥解密证书上数字签名;
                (b) 验正证书的内容的合法性:完整性验正
                (c) 检查证书的有效期限;
                (d) 检查证书是否被吊销;
                (e) 证书中拥有者的名字,与访问的目标主机要一致;
        (4) 客户端生成临时会话密钥(对称密钥),并使用服务器端的公钥加密此数据发送给服务器,完成密钥交换;
        (5) 服务用此密钥加密用户请求的资源,响应给客户端;

        注意:SSL会话是基于IP地址创建;所以单IP的主机上,仅可以使用一个https虚拟主机;

    回顾几个术语:PKI,CA,CRL,X.509 (v1, v2, v3)

    配置httpd支持https:
        (1) 为服务器申请数字证书;
            测试:通过私建CA发证书
                (a) 创建私有CA
                (b) 在服务器创建证书签署请求
                (c) CA签证

        (2) 配置httpd支持使用ssl,及使用的证书;
            # yum -y install mod_ssl

            配置文件:/etc/httpd/conf.d/ssl.conf
                DocumentRoot
                ServerName
                SSLCertificateFile
                SSLCertificateKeyFile

        (3) 测试基于https访问相应的主机;
            # openssl  s_client  [-connect host:port] [-cert filename] [-CApath directory] [-CAfile filename]

17、httpd自带的应用程序

htpasswd:basic认证基于文件实现,用于生成账号和密码的程序;
        htdbm
        htdigest
apachectl:httpd自带的服务控制脚本,支持start和stop等子命令;
    apxs:- APache eXtenSion tool
        为httpd增添模块的;

rotatelogs:滚动日志
        access_log, 
        access_log, access_log.1, ...

    ab: - Apache HTTP server benchmarking tool
        webbench, httpload, ...

        loadrunner, jmeter (ASF)

        tcpcopy,

18、ab – web service的压力测试工具

http服务之二    

ab [OPTIONS]  [http[s]://]hostname[:port]/path
            请求数:[ -n requests ]
            并发数:[ -c concurrency ]
            长连接:[ -k ]

httpd-2.2与httpd-2.4的不同之处:

MPM:

  • prefork:进程模型,两级结构,master/worker, 每worker处理一个请求;

  • worker:线程模型,三级结构,master/worker/thread,每thread处理一个请求;

  • event:事件驱动的线程模型,两级结构,master/worker,每worker响应多个请求;

httpd-2.2的MPM模块为static模块,而非shared模块;

/etc/sysconfig/httpd
HTTPD=/usr/sbin/{httpd|httpd.worker|httpd.event}

            <IfModule prefork.c>
            StartServers       8
            MinSpareServers    5
            MaxSpareServers   20
            ServerLimit      256
            MaxClients       256
            MaxRequestsPerChild  4000
            </IfModule>            

            <IfModule worker.c>
            StartServers         4
            MaxClients         300
            MinSpareThreads     25
            MaxSpareThreads     75 
            ThreadsPerChild     25
            MaxRequestsPerChild  0
            </IfModule>

    基于IP的访问控制机制:
        httpd-2.4:
            require ip, require not ip, require host, require not host

        httpd-2.2:
            allow from, deny from

            order allow,deny, order deny,allow

    基于主机名的虚拟主机:
        httpd-2.2:须使用NameVirtualHost;
        httpd-2.4:无须使用;

    各映射的本地文件系统路径内的资源:
        httpd-2.4:须做显式授权
        httpd-2.2:无须显式授权

原创文章,作者:qzx,如若转载,请注明出处:http://www.178linux.com/53386

(0)
qzxqzx
上一篇 2016-10-21
下一篇 2016-10-21

相关推荐

  • 设计模式(十)享元模式Flyweight(结构型)

    相对于其它模式,Flyweight模式在PHP实现似乎没有太大的意义,因为PHP的生命周期就在一个请求,请求执行完了,php占用的资源都被释放。我们只是为了学习而简单做了介绍。 1. 概述 面向对象技术可以很好地解决系统一些灵活性或可扩展性或抽象性的问题,但在很多情况下需要在系统中增加类和对象的个数。当对象数量太多时,将导致运行代价过高,带来性能下降等问题。…

    Linux干货 2015-07-08
  • 设计模式 ( 十六 ) 观察者模式Observer(对象行为型)

    1.概述 一些面向对象的编程方式,提供了一种构建对象间复杂网络互连的能力。当对象们连接在一起时,它们就可以相互提供服务和信息。 通常来说,当某个对象的状态发生改变时,你仍然需要对象之间能互相通信。但是出于各种原因,你也许并不愿意因为代码环境的改变而对代码做大的修改。也许,你只想根据你的具体应用环境而改进通信代码。或者,你只想简单的重新构造通信代码来避免类和类…

    Linux干货 2015-07-24
  • iptables 从入门到进阶

    Linux的防火墙体系主要工作在网络层,针对TCP/IP数据包实施过滤和限制,属于典型的包过滤防火墙(或网络层防火墙)。在Linux中netfilter和iptables都是指Linux防火墙。区别在于: netfilter:指的是Linux内核中实现包过滤防火墙的内部结构,不以程序或文件的形式存在,属于“内核态”的防火墙功能体系。 iptables:指的是…

    Linux干货 2017-01-10
  • vim编辑器总结与操作练习

    一、VIM总结如下: 模式化的编辑器 1、三种基本模式:     编辑模式(命令模式)     输入模式(插入模式)    末行模式:内置的命令行接口 2、如何使用VIM打开文件,编辑文件     打开文件:     #vim  【options】【file】     +n;打开文件后直接让光标处于第n行的行首     +/PATTERN:打开文件后,直接让…

    2017-11-29
  • LVS DR模式

    一、测试环境说明 操作系统:CentOS6.7-X64 IP_VS版本:1.2.26 DR:10.10.10.130 VIP:10.10.10.140 RS1:10.10.10.131 RS2:10.10.10.132 二、LVS-DR模式原理 a)客户端发送一个请求(源地址为CIP,目标地址为VIP,我们简称为CIP:VIP)到LVS的DR b)通过在调度…

    Linux干货 2016-09-19