1、请描述一次完整的http请求处理过程。
(1) 客户端与服务端通过TCP三次握手建立或处理连接:接收请求或拒绝请求
(2) 接收请求:接收来自于网络上的主机请求报文中对某特定资源的一次请求的过程
(3) 处理请求:对请求报文进行解析,获取客户端请求的资源及请求方法等相关信息
(4) 访问资源:获取请求报文中请求的资源
(5) 构建响应报文
(6) 发送响应报文
(7) 记录日志
2、httpd所支持的处理模型有哪些,他们的分别使用于哪些环境。
prefork:多进程模型,每个进程响应一个请求
一个主进程:负责生成子进程及回收子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理
n个子进程:每个子进程处理一个请求
工作模型:会预先生成几个空闲进程,随时等待用于响应用户请求;最大空闲和最小空闲
worker:多进程多线程模型,每线程处理一个用户请求
一个主进程:负责生成子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理
多个子进程:每个子进程负责生成多个线程
每个线程:负责响应用户请求
并发响应数量:m*n
m:子进程数量
n:每个子进程所能创建的最大线程数量
event:事件驱动模型,多进程模型,每个进程响应多个请求
一个主进程:负责生成子进程;负责创建套接字;负责接收请求,并将其派发给某子进程进行处理
子进程:基于事件驱动机制直接响应多个请求
3、源码编译安装LAMP环境(基于wordpress程序),并写出详细的安装、配置、测试过程。
源码编译安装LAMP环境准备:
httpd-2.4:prefork模型
mairadb-5.5:通用二进制格式(php5需要依赖于mariadb,所以得先装mariadb)
php-5.4:编译为httpd的modules
注意:首先配置好EPEL源
安装编译环境:
# yum -y groupinstall "Development Tools" "Server Platform Development"
(1)安装httpd
# yum -y install pcre-devel apr-devel apr-util-devel openssl-devel
# tar xf httpd-2.4.23.tar.bz2
# cd httpd-2.4.23
# ./configure --prefix=/usr/local/apache --sysconfdir=/etc/apache --enable-so --enable-ssl --enable-rewrite --with-zlib
--with-pcre --with-apr=/usr --with-apr-util=/usr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
# make && make install
# vim /etc/profile.d/httpd.sh
export PATH=/usr/local/apache24/bin:$PATH
# . /etc/profile.d/httpd.sh
# ln -sv /usr/local/apache24/include /usr/include/httpd
# apachectl start
(2)安装mairadb通用二进制格式
# useradd -r mysql
# mkdir -pv /mydata/data
# chown -R mysql:mysql /mydata/data
# tar xf mariadb-5.5.54-linux-x86_64.tar.gz -C /usr/local
# cd /usr/local
# ln -sv mariadb-5.5.54-linux-x86_64 mysql
# cd /usr/local/mysql
# chown -R root:mysql ./*
# cp support-files/mysql.server /etc/init.d/mysqld
# chkconfig --add mysqld
# mkdir /var/log/mariadb
# chown mysql:mysql /var/log/mariadb
# mkdir /etc/mysql
# cp support-files/my-large.cnf /etc/mysql/my.cnf
# vim /etc/mysql/my.cnf,在[mysqld]段添加如下三个选项:
datadir=/mydata/data
innodb_file_per_table = ON
skip_name_resolve = ON
# scripts/mysql_install_db --user=mysql --datadir=/mydata/data
测试配置文件语法:
# service mysqld configtest
# service mysqld start
# vim /etc/profile.d/mysql.sh
export PATH=/usr/local/mysql/bin:$PATH
# vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib
# ldconfig
# ln -sv /usr/local/mysql/include /usr/include/mysql
(3)安装php
# yum -y install libxml2-devel libmcrypt-devel bzip2-devel
# tar xf php-5.4.45.tar.gz
# cd php-5.4.45
# ./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql --with-openssl --enable-mbstring --with-png-dir
--with-mysqli=/usr/local/mysql/bin/mysql_config --with-jpeg-dir --with-freetype-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-mcrypt --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --with-apxs2=/usr/local/apache/bin/apxs
# make && make install
# cp php-5.4.45/php.ini-production /etc/php.ini
# cp /etc/apache/httpd.conf{,.backup}
# vim /etc/apache/httpd.conf,在相应位置添加如下两个选项:
AddType application/x-httpd-php .php
DirectoryIndex index.php index.html
测试httpd配置文件语法:
# apachectl -t
# apachectl restart
(4)部署wordpress
# tar xf wordpress-4.7-zh_CN.tar.gz -C /usr/local/apache/htdocs
# chmod -R 777 /usr/local/apache/htdocs/wordpress
创建wordpress数据库、用户名及密码
# mysql
mysql> CREATE DATABASE wordpress;
mysql> GRANT ALL ON wordpress.* TO 'wordpress'@'localhost' IDENTIFIED BY 'wordpress';
mysql> FLUSH PRIVILEGES;
清除防火墙规则:
# iptables -F
在浏览器进行访问及部署wordpress:
http://192.168.0.200/wordpress
4、建立httpd服务器(基于编译的方式进行),要求:
提供两个基于名称的虚拟主机:
(a)www1.stuX.com,页面文件目录为/web/vhosts/www1;错误日志为/var/log/httpd/www1.err,访问日志为/var/log/httpd/www1.access;
(b)www2.stuX.com,页面文件目录为/web/vhosts/www2;错误日志为/var/log/httpd/www2.err,访问日志为/var/log/httpd/www2.access;
(c)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主机名;
(d)通过www1.stuX.com/server-status输出httpd工作状态相关信息,且只允许提供帐号密码才能访问(status:status)。
# mkdir -pv /web/vhosts/{www1,www2}
# mkdir /var/log/httpd
# echo "<h1>www1.stuX.com</h1>" > /web/vhosts/www1/index.html
# echo "<h1>www2.stuX.com</h1>" > /web/vhosts/www2/index.html
# vim /etc/apache/httpd.conf
注释中心主机 #DocumentRoot "/usr/local/apache/htdocs"
引用虚拟主机配置文件:Include /etc/apache/extra/httpd-vhosts.conf
# vim /etc/apache/extra/httpd-vhosts.conf
注释默认配置,添加如下两个虚拟主机:
<VirtualHost *:80>
ServerName www1.stuX.com
DocumentRoot "/web/vhosts/www1"
ErrorLog "/var/log/httpd/www1.err"
CustomLog "/var/log/httpd/www1.access" combined
<Directory "/web/vhosts/www1">
Options None
AllowOverride None
Require all granted
</Directory>
<Location /server-status>
SetHandler server-status
AuthType Basic
AuthName "server-status"
AuthUserFile "/etc/apache/.status_pwd"
Require valid-user
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName www2.stuX.com
DocumentRoot "/web/vhosts/www2"
ErrorLog "/var/log/httpd/www2.err"
CustomLog "/var/log/httpd/www2.access" combined
<Directory "/web/vhosts/www2">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
# htpasswd -c /etc/apache/.status_pwd status
# apachectl -t
# apachectl restart
测试主机:
# vim /etc/hosts
192.168.20.200 www1.stuX.com www2.stuX.com
在浏览器进行访问测试:
http://www1.stuX.com
http://www2.stuX.com
5、为第4题中的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点:
(1)要求使用证书认证,证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu);
(2)设置部门为Ops,主机名为www2.stuX.com,邮件为admin@stuX.com。
构建私有CA颁发SSL证书
# (umask 077; openssl genrsa -out /etc/pki/CA/private/cakey.pem 4096)
# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server's hostname) []:www2.stuX.com
Email Address []:admin@stuX.com
# mkdir -pv /etc/pki/CA/{certs,crl,newcerts}
# touch /etc/pki/CA/{serial,index.txt}
# echo 01 > /etc/pki/CA/serial
在请求主机生成私钥,并向CA申请签署证书
# (umask 077; openssl genrsa -out /etc/apache/ssl/httpd.key 2048)
# openssl req -new -key /etc/apache/ssl/httpd.key -out /etc/apache/ssl/httpd.csr -days 365
CA签署证书
# openssl ca -in /etc/apache/ssl/httpd.csr -out /etc/pki/CA/certs/httpd.crt
# cp /etc/pki/CA/certs/httpd.crt /etc/apache/ssl/
# vim /etc/apache/httpd.conf
引用SSL配置文件:Include /etc/apache/extra/httpd-ssl.conf
加载如下模块:
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
# vim /etc/apache/extra/httpd-ssl.conf
<VirtualHost _default_:443>
DocumentRoot "/web/vhosts/www2"
ServerName www2.stuX.com
ErrorLog "/var/log/httpd/www2.ssl.err"
TransferLog "/var/log/httpd/www2.ssl.access"
<Directory "/web/vhosts/www2">
Options None
AllowOverride None
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile "/etc/apache/ssl/httpd.crt"
SSLCertificateKeyFile "/etc/apache/ssl/httpd.key"
</VirtualHost>
# apachectl -t
# apachectl restart
在浏览器进行访问测试:
https://www2.stuX.com
6、在LAMP架构中,请分别以php编译成httpd模块形式和php以fpm工作为独立守护进程的方式来支持httpd,列出详细的过程。
(1)php编译成httpd模块的形式在第3题中已实现。 (2)php编译成以fpm形式工作为独立守护进程的详细步骤如下: 注意:首先配置好EPEL源 安装编译环境: # yum -y groupinstall "Development Tools" "Server Platform Development" 编译安装php-fpm: # yum -y install libxml2-devel libmcrypt-devel bzip2-devel # tar xf php-5.4.45.tar.gz # cd php-5.4.45 # ./configure --prefix=/usr/local/phpfpm --with-mysql=/usr/local/mysql --with-openssl --enable-mbstring --with-png-dir --with-mysqli=/usr/local/mysql/bin/mysql_config --with-jpeg-dir --with-freetype-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-mcrypt --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm # make && make install # cp php-5.4.45/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm # chmod +x /etc/init.d/php-fpm # chkconfig --add php-fpm # cp /usr/local/phpfpm/etc/php-fpm.conf.default /usr/local/phpfpm/etc/php-fpm.conf # vim /usr/local/phpfpm/etc/php-fpm.conf pid = run/php-fpm.pid pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 # service php-fpm start # ss -tnl 若tcp的9000端口处于监听状态,表明php-fpm启动成功。 # vim /etc/apache/httpd.conf DirectoryIndex index.php index.html 加载如下模块: LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so # vim /etc/apache/extra/httpd-vhosts.conf <VirtualHost *:80> ServerName 192.168.0.200 DocumentRoot "/usr/local/apache/htdocs" ErrorLog "/usr/local/apache/logs/httpd_fpm.error" CustomLog "/usr/local/apache/logs/httpd_fpm.access" combined ProxyRequests Off ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/$1 <Directory "/usr/local/apache/htdocs"> Options None AllowOverride None Require all granted </Directory> </VirtualHost> # apachectl -t # apachectl restart 在浏览器进行访问测试: http://192.168.0.200/phpinfo.php 若Server API为FPM/FastCGI,表明php-fpm安装成功。
原创文章,作者:萝卜,如若转载,请注明出处:http://www.178linux.com/65062
评论列表(1条)
写的很棒,可以把tcp的四次断开也写上,如果能画个图说明一下是最好的