A complete HTTP request process with HTTPS implementation

a complete HTTP request process :

(1) Initiate a request to establish a connection; three handshake receive request or deny request

(2) Acceptance of the request

A request process for a resource in a request message from a network;

Concurrent access Response Model (WEB I/O);

Single-process I/O structure: Initiates a process that processes user requests, and processes only one at a time; Multiple requests are serially responded

Multi-process i/: Start multiple processes in parallel, each responding to a request

Multiplexing I/O structure: a process responds to n requests:

Multithreaded model: A process generates n threads, and each thread responds to a request;

Event-driven mechanism: Event-driven

Multiplexed multi-process I/O structure: Initiates multiple (m) processes, each of which responds to n requests;

(3) processing requests to parse the request message and obtain information about the request resource and the request method.

Meta Data: Request headers

<method> <URL> <VERSION>

Host:www.magedu.com Request Host Name

Connection:

(4) Accessing resources: obtaining the requested resource in the request message

A Web server, a server that hosts Web resources, that provides the requestor with a static resource that is requested by the requester, or a dynamically running resource, which is placed under a path on the local file system, which is often referred to as the document root (Docroot)

Web Server Resource Path mapping method:

(a) Docroot

(b) Alias

(c) Virtual machine docroot

(d) Home directory Docroot

(5) Building response messages

Resource MIME resource:

Show Categories

Magic Category

Negotiation classification

URL redirection:

The response of a Web service build is not a resource requested by the client, but another access path for the resource;

(6) Send Response message

(7) Record log

650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0063.gif "alt=" j_0063.gif "/> Finally, when the transaction ends, The Web server adds an entry in the log file to describe the transaction that was executed

HTTPS implementation

Install the SSL module

Yum Install Mod_ssl

Cat/etc/pki/tls/openssl.cnf

650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0064.gif "alt=" j_0064.gif "/> If you forget the format content, you can view the above profile file

generate a self-signed certificate CA

cd/etc/pki/ca/(umask 066;openssl genrsa-out private/cakey.pem 2048) OpenSSL Req-new-x509-key Private/cakey.pem -out cacert.pem-days 3650 OpenSSL x509-in cacert.pem-noout-text View self-signed certificate touch index.txt echo > serial

The directory tree is formatted as follows

[[email protected] CA] #tree. ├──cacert.pem├──certs├──crl├──index.txt├──newcerts├──private│└──cakey.pem└──serial

Generate the private key, since it is available to the Web server, it is best to put the private key in the server's own configuration file, you can also create a separate folder specifically managed

Cd/etc/httpd/conf.d/mkdir SSL

CD ssl/private key requests and certificates are placed here

Generate a private key, request a certificate

(Umask 066;openssl genrsa-out httpd.key 1024x768) OpenSSL Req-new-key httpd.key-out Httpd.csr

Pass the certificate request to the CA

SCP HTTPD.CSR 192.168.77.7:/etc/pki/ca/

Issuing certificates

OpenSSL ca-in httpd.csr-out certs/httpd.crt-days 363

Issuing certificates

SCP CERTS/HTTPD.CRT 192.168.77.6:/etc/httpd/conf.d/ssl/

With the Web server, and let the Web server use these certificates

SCP Cacert.pem 192.168.77.6:/etc/httpd/conf.d/ssl/

                     [[EMAIL PROTECTED] SSL] #tree                                           .                      ├── cacert.pem                     ├── httpd.crt                     ├── httpd.csr                     └──  httpd.key 

In/etc/httpd/conf.d/ssl.conf This configuration file, specify the path to the certificate, and the path to the key

SSLCERTIFICATEFILE/ETC/HTTPD/CONF.D/SSL/HTTPD.CRT sslcertificatekeyfile/etc/httpd/conf.d/ Ssl/httpd.key Sslcacertificatefile/etc/httpd/conf.d/ssl/cacert.pem

Import the root certificate to a trusted authority

Modify the Host file C:\Windows\System32\drivers\etc\host

192.168.77.6 www.a.com

This article from "13147090" blog, declined reprint!

A complete HTTP request process with HTTPS implementation