Configuration of the HTTP protocol and HTTPD for Linux services (ii)

Source: Internet
Author: User
Tags http post

Common configuration of httpd-2.2 (2)

14. Curl Command


Curl is a file transfer tool that works in command-line mode based on URL syntax, which supports protocols such as ftp, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, file, and Ldap. Curl supports HTTPS authentication, and supports HTTP post, put and other methods, FTP upload, Kerberos authentication, http upload, proxy server, cookies, username/password authentication, download file breakpoint continuation, upload file breakpoint continuation, HTTP proxy Server Pipeline (proxy tunneling), even it supports IPv6, socks5 proxy server, upload files via HTTP proxy server to FTP server and so on, the function is very powerful.

mime:major/minor, image/png, Image/gif


Curl [options] [URL ...]


Common options for Curl:


-a/--user-agent <string> set up user agent to send to server

--basic using HTTP Basic authentication

--tcp-nodelay using the Tcp_nodelay option

-e/--referer <URL> Source URL

--cacert <file> CA Certificate (SSL)

--compressed required to return a compressed format

-h/--header <line> Custom header information to the server

-i/--head only the response message header information is displayed

--limit-rate <rate> Set Transfer speed

-u/--user <user[:p assword]> Setting up the user and password for the server

-0/--http1.0 Using HTTP 1.0


Usage: Curl [options] [URL ...]


Another tool: ELinks

ELinks [OPTION] ... [URL] ...

-dump: does not enter the interactive mode, but directly the content of the URL output to the standard output;


15, User/group

Specifies the User's identity to run the httpd service process;

User Apache

Group Apache

suEXEC

16, using mod_deflate module compression page optimized transmission speed


Applicable scenarios:

(1) Save bandwidth, Additional CPU consumption, at the same time, some older browsers may not support;

(2) compressing resources suitable for compression, such as file files;


Setoutputfilter DEFLATE


# mod_deflate Configuration

# Restrict compression to these MIME types

Addoutputfilterbytype DEFLATE Text/plain

Addoutputfilterbytype DEFLATE text/html

Addoutputfilterbytype DEFLATE Application/xhtml+xml

Addoutputfilterbytype DEFLATE Text/xml

Addoutputfilterbytype DEFLATE Application/xml

Addoutputfilterbytype DEFLATE Application/x-javascript

Addoutputfilterbytype DEFLATE Text/javascript

Addoutputfilterbytype DEFLATE Text/css

# level of compression (highest 9-lowest 1)

Deflatecompressionlevel 9

# Netscape 4.x has some problems.

Browsermatch ^MOZILLA/4 gzip-only-text/html

# Netscape 4.06-4.08 has some more problems

Browsermatch ^mozilla/4\.0[678] No-gzip

# MSIE masquerades as Netscape, but it's fine

Browsermatch \bmsi[e]!no-gzip!gzip-only-text/html


17, https, http over SSL


A simplified process for SSL sessions

(1) the client sends an alternative encryption method and requests a certificate from the server;

(2) the server side sends the certificate and the selected encryption method to the client;

(3) the client obtains the certificate and carries on the certificate verification:

If you trust the CA to which the certificate is issued:

(a) legality of the source of the verification certificate; the digital signature on the certificate is decrypted with the Ca's public key;

(b) legality of the content of the positive certificate: completeness of the verification

(c) Check the validity period of the certificate;

(d) Check whether the certificate has been revoked;

(e) the name of the owner of the certificate, consistent with the target host of the visit;

(4) the client generates a temporary session key (symmetric Key) and uses the Server-side public key to encrypt the data sent to the server to complete the key exchange;

(5) The service uses this key to encrypt the resource requested by the user, responding to the client;


Note: SSL sessions are created based on IP address, so only one HTTPS virtual host can be used on a single IP host;


Review several terms: pki,ca,crl,x.509 (v1, v2, v3)


Configure HTTPD to support Https:

(1) apply for a digital certificate for the server;

Testing: issuing a certificate through a privately built CA

(a) Creating a private CA

(B) Create a certificate signing request on the server

(c) CA Visa

(2) Configure HTTPD to support the use of ssl, and the use of certificates;

# yum-y Install Mod_ssl


Configuration file:/etc/httpd/conf.d/ssl.conf

DocumentRoot

ServerName

Sslcertificatefile

Sslcertificatekeyfile

(3) the test is based on HTTPS access to the corresponding host;

# OpenSSL s_client [-connect host:port] [-cert filename] [-capath directory] [-cafile filename]

18, httpd self-brought Tool Program

Htpasswd:basic authentication based on file implementation, the use of the account password file generation tool;

APACHECTL:HTTPD comes with a service control script that supports start and stop;

Apxs: provided by the Httpd-devel package, extended httpd use of Third-party module tools;

Rotatelogs: Log Scrolling tool;

access.log--

access.log, access.1.log--

access.log, acccess.1.log, Access.2.log

Suexec: when accessing certain resources with special permission configuration, the temporary switch to the specified user is run;

Ab:apache Bench

19, httpd pressure test tools

ab, webbench, http_load, seige

jmeter, LoadRunner

Tcpcopy: netease, reproduce the real request in the production environment, and save it;

AB [OPTIONS] URL

-n: Total number of requests;

-c: the number of concurrent simulations;

-k: tested in persistent connection mode;


Configuration of the HTTP protocol and HTTPD for Linux services (ii)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.