http服务之二

httpd


http协议:

http事务:
   请求:request
   响应:response

报文语法格式:

request报文

<method> <request-URL> <version>
    <headers>

<entity-body>

response报文

<version> <status> <reason-phrase 原因短语>
<headers>
<entity-body>

method: 请求方法,标明客户端希望服务器对资源执行的动作
    GET、HEAD、POST

method(方法):

     GET:从服务器获取一个资源;
     HEAD:只从服务器获取文档的响应首部;
     POST:向服务器发送要处理的数据;
     PUT:将请求的主体部分存储在服务器上;
     DELETE:请求删除服务器上指定的文档;
     TRACE:追踪请求到达服务器中间经过的代理服务器;
    OPTIONS:请求服务器返回对指定资源支持使用的请求方法;

version:

    HTTP/<major>.<minor>

status:

三位数字,如200,301, 302, 404, 502; 标记请求处理过程中发生的情况;

status(状态码):
            1xx:100-101, 信息提示;
            2xx:200-206, 成功
            3xx:300-305, 重定向
            4xx:400-415, 错误类信息,客户端错误
            5xx:500-505, 错误类信息,服务器端错误

常用的状态码:
        200: 成功,请求的所有数据通过响应报文的entity-body部分发送;OK
        301: 请求的URL指向的资源已经被删除;但在响应报文中通过首部Location指明了资源现在所处的新位置;Moved Permanently
        302: 与301相似,但在响应报文中通过Location指明资源现在所处临时新位置; Found
        304: 客户端发出了条件式请求,但服务器上的资源未曾发生改变,则通过响应此响应状态码通知客户端;Not Modified
        401: 需要输入账号和密码认证方能访问资源;Unauthorized
        403: 请求被禁止;Forbidden
        404: 服务器无法找到客户端请求的资源;Not Found
        500: 服务器内部错误;Internal Server Error
        502: 代理服务器从后端服务器收到了一条伪响应;Bad Gateway

reason-phrase:

状态码所标记的状态的简要描述;

headers:

格式:
    name:Value

每个请求或响应报文可包含任意个首部;每个首部都有首部名称,后面跟一个冒号,而后跟上一个可选空格,接着是一个值;

entity-body:

请求时附加的数据或响应时附加的数据;

协议查看或分析的工具:

    tcpdump, tshark, wireshark

首部分类:

通用首部、请求首部、响应首部、实体首部、扩展首部

http服务之二    

通用首部:

Connection: {close|keep-alive}
Date:报文创建的日期时间
Via:经由那里跳转而来的! (一般在响应报文中添加,主要是告诉,是经过多少个中间节点而来的)
Cache-Control:缓存控制;
Pragma:为了兼容1.0的缓存

请求首部:

Host:指明请求的主机
Referer:跳转至当前页面的上级资源; (从哪个连接跳转过来的)
User-Agent:用户代理;服务器端在相应报文时有可能会压缩以后再响应,并非所有的浏览器都支持一些高级功能,于是就要根据客户端浏览器类型来决定浏览器的生成!
Client-IP:

Accept:可接收的MIME类型;
Accept-Language:
Accept-Encoding:gzip, defalte, 
Accept-Charset:字符集格式
        ...


条件式请求首部:

    Except:
    If-Modified-Since:自从某个时间之后是否发生修改
    If-Unmodified-Since:是否未曾发生过修改
    If-None-Match :与某个扩展是否不匹配
    If-Match
        用来做缓存同步测试的

安全相关的请求首部:

    Authorization:请求授权
    Cookie:追踪用户行为用 
    Cookie2:

响应首部:

安全相关的首部:
    WWW-Authenticate:认证质询
    Set-Cookie:
    Set-Cookie2:            

    信息性首部:
    Server:

协商类首部:

    Accept-Range:服务器端可接受的请求类型范围
    Vary:其它首部列表

实体首部:

Content-Encoding  内容编码
Content-Language    内容的语言
Content-Lenth    内容长度    
Content-Location    位置
Content-Type     媒体类型
...

Allow:允许使用的请求方法;
Location: 真正的资源位置所在的地址

缓存相关:
    Etag:扩展标签
    Last-Modified:最近一次的修改
    Expires:    过期时间

扩展首部:

X-Forwarded-For 从哪里过来的用来追踪用户的访问
    ……

完整格式:

url:Uniform Resource Locator 
    scheme://host:port/path

scheme://[<user>[:<password>]@<host>[:<port>]/    <path>;<params>?<query>#frag

    params:参数, ;param1=value1&param2=value2
    query:查询字符串, ?field1=value1&field2=value2
    frag:#号引导的页面锚定,#frag_id, 例如#ch1

《http权威指南》前4章

httpd-2.4基本配置:

curl命令

    curl是基于URL语法在命令行方式下工作的文件传输工具,
    它支持FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE及LDAP等协议。curl支持HTTPS认证,
    并且支持HTTP的POST、PUT等方法,FTP上传, kerberos认证,HTTP上传,代理服务器, cookies, 用户名/密码认证,
     下载文件断点续传,上载文件断点续传, http代理服务器管道( proxy tunneling), 甚至它还支持IPv6, socks5代理服务器,
     通过http代理服务器上传文件到FTP服务器等等,功能十分强大。

curl  [options]  [URL…]

curl的常用选项:

        -A/--user-agent <string> 设置用户代理发送给服务器;伪装自己的浏览器类型

        --basic 使用HTTP基本认证

        -e/--referer <URL> 来源网址

        --cacert <file> CA证书 (SSL)

        --compressed 要求返回是压缩的格式

        -H/--header <line>自定义首部信息传递给服务器

        -I/--head 只显示响应报文首部信息

        --limit-rate <rate> 设置传输速度

        -u/--user <user[:password]>设置服务器的用户和密码

        -0/--http1.0 使用HTTP 1.0    

        -X, --request <command>:自定义请求方法默认是GET方法

另一个工具:elinks

elinks  [OPTION]... [URL]...
    -dump: 不进入交互式模式,而直接将URL的内容输出至标准输出;

15、使用mod_deflate模块压缩页面优化传输速度

适用场景:
   (1) 节约带宽,额外消耗CPU;同时,可能有些较老浏览器不支持;
   (2) 压缩适于压缩的资源,例如文件文件;

可以用 curl –compressed  -I 网址  来获取某个文件的首部信息的压缩信息

    SetOutputFilter DEFLATE #---(过滤选项)

    # mod_deflate configuration  (过滤的内容)

    # Restrict compression to these MIME types
    AddOutputFilterByType DEFLATE text/plain 
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/css

    # Level of compression (Highest 9 - Lowest 1)  定义压缩比
    DeflateCompressionLevel 9

    # Netscape 4.x has some problems. 一下是对单个类型的浏览器的压缩选项作出调整
    BrowserMatch ^Mozilla/4  gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    BrowserMatch  ^Mozilla/4\.0[678]  no-gzip

    # MSIE masquerades as Netscape, but it is fine
    BrowserMatch \bMSI[E]  !no-gzip !gzip-only-text/html

16、https,  http over ssl

    OpenSSL: (单ip只能有一个站点能用ssl)                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
        libcrpyto, libssl (ssl/tls), openssl

    PKI: 
        CA, 

    SSL会话的简化过程
        (1) 客户端发送可供选择的加密方式,并向服务器请求证书;
        (2) 服务器端发送证书以及选定的加密方式给客户端;
        (3) 客户端取得证书并进行证书验正:
                如果信任给其发证书的CA:
                (a) 验正证书来源的合法性;用CA的公钥解密证书上数字签名;
                (b) 验正证书的内容的合法性:完整性验正
                (c) 检查证书的有效期限;
                (d) 检查证书是否被吊销;
                (e) 证书中拥有者的名字,与访问的目标主机要一致;
        (4) 客户端生成临时会话密钥(对称密钥),并使用服务器端的公钥加密此数据发送给服务器,完成密钥交换;
        (5) 服务用此密钥加密用户请求的资源,响应给客户端;

        注意:SSL会话是基于IP地址创建;所以单IP的主机上,仅可以使用一个https虚拟主机;

    回顾几个术语:PKI,CA,CRL,X.509 (v1, v2, v3)

    配置httpd支持https:
        (1) 为服务器申请数字证书;
            测试:通过私建CA发证书
                (a) 创建私有CA
                (b) 在服务器创建证书签署请求
                (c) CA签证

        (2) 配置httpd支持使用ssl,及使用的证书;
            # yum -y install mod_ssl

            配置文件:/etc/httpd/conf.d/ssl.conf
                DocumentRoot
                ServerName
                SSLCertificateFile
                SSLCertificateKeyFile

        (3) 测试基于https访问相应的主机;
            # openssl  s_client  [-connect host:port] [-cert filename] [-CApath directory] [-CAfile filename]

17、httpd自带的应用程序

htpasswd:basic认证基于文件实现,用于生成账号和密码的程序;
        htdbm
        htdigest
apachectl:httpd自带的服务控制脚本,支持start和stop等子命令;
    apxs:- APache eXtenSion tool
        为httpd增添模块的;

rotatelogs:滚动日志
        access_log, 
        access_log, access_log.1, ...

    ab: - Apache HTTP server benchmarking tool
        webbench, httpload, ...

        loadrunner, jmeter (ASF)

        tcpcopy,

18、ab – web service的压力测试工具

http服务之二    

ab [OPTIONS]  [http[s]://]hostname[:port]/path
            请求数:[ -n requests ]
            并发数:[ -c concurrency ]
            长连接:[ -k ]

httpd-2.2与httpd-2.4的不同之处:

MPM:

  • prefork:进程模型,两级结构,master/worker, 每worker处理一个请求;

  • worker:线程模型,三级结构,master/worker/thread,每thread处理一个请求;

  • event:事件驱动的线程模型,两级结构,master/worker,每worker响应多个请求;

httpd-2.2的MPM模块为static模块,而非shared模块;

/etc/sysconfig/httpd
HTTPD=/usr/sbin/{httpd|httpd.worker|httpd.event}

            <IfModule prefork.c>
            StartServers       8
            MinSpareServers    5
            MaxSpareServers   20
            ServerLimit      256
            MaxClients       256
            MaxRequestsPerChild  4000
            </IfModule>            

            <IfModule worker.c>
            StartServers         4
            MaxClients         300
            MinSpareThreads     25
            MaxSpareThreads     75 
            ThreadsPerChild     25
            MaxRequestsPerChild  0
            </IfModule>

    基于IP的访问控制机制:
        httpd-2.4:
            require ip, require not ip, require host, require not host

        httpd-2.2:
            allow from, deny from

            order allow,deny, order deny,allow

    基于主机名的虚拟主机:
        httpd-2.2:须使用NameVirtualHost;
        httpd-2.4:无须使用;

    各映射的本地文件系统路径内的资源:
        httpd-2.4:须做显式授权
        httpd-2.2:无须显式授权

原创文章,作者:qzx,如若转载,请注明出处:http://www.178linux.com/53386

(0)
qzxqzx
上一篇 2016-10-21
下一篇 2016-10-21

相关推荐

  • linux 学习笔记

    第二周

    Linux干货 2018-03-16
  • Linux基础知识之软件包管理(一)

    软件包管理 1.软件运行环境 运维工作的任务: 系统管理、库调用管理(开发接触的多,运维接触的少),安装配置某些程序包,让程序包运行并提供相应类型的服务 程序执行的过程:     程序源代码–>预处理–>编译–>汇编–>链接     预处理:将代码…

    Linux干货 2016-08-22
  • 8.3-特殊权限(作业篇)

    1. 在/data/testdir里创建的新文件自动属于g1组,组g2的成员如: alice能对这些新文件有读写权限,组g3的成员如: tom只能对新文件有读权限,其它用户(不属于,g2,g3)不能访问这个文件夹。 root@localhost ~]# mkdir -p /data/testdir [root…

    Linux干货 2016-08-04
  • linux重装grub,并且设置多重引导

    一、利用linux安装盘(U盘,或者光盘等),启动计算机 二、选择troubleshotting==》Rescue a Centos system==》Continue 三、在shell中输入如下命令     chroot /mnt/sysimage     grub2-install /dev/vda   …

    Linux干货 2017-04-28
  • 防护墙服务

    iptables的基本认识        Netfilter组件: 内核空间,集成在linux内核中 扩展各种网络服务的结构化底层框架 内核中选取五个位置放了五个Hook(勾子)function(INPUT、OUTPUT、FORWARD、PREROUTING、POST ROUTING),而这五个hoot functio…

    2017-08-21
  • 马哥教育网络班21期-第1周课程练习

    1、  描述计算机的组成及其功能。 计算机由硬件系统和软件系统两部分组成。硬件系统由运算器,控制器,存储器,输入设备和输出设备组成.     运算器:计算机中进行算术运算和逻辑运算的部件。     控制器:计算机的控制中心。协调和指挥计算机系统的操作。  &n…

    Linux干货 2016-07-12