Common configuration of httpd-2.2 (2)
14. Curl Command
Curl is a file transfer tool that works in command-line mode based on URL syntax, which supports protocols such as ftp, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, file, and Ldap. Curl supports HTTPS authentication, and supports HTTP post, put and other methods, FTP upload, Kerberos authentication, http upload, proxy server, cookies, username/password authentication, download file breakpoint continuation, upload file breakpoint continuation, HTTP proxy Server Pipeline (proxy tunneling), even it supports IPv6, socks5 proxy server, upload files via HTTP proxy server to FTP server and so on, the function is very powerful.
mime:major/minor, image/png, Image/gif
Curl [options] [URL ...]
Common options for Curl:
-a/--user-agent <string> set up user agent to send to server
--basic using HTTP Basic authentication
--tcp-nodelay using the Tcp_nodelay option
-e/--referer <URL> Source URL
--cacert <file> CA Certificate (SSL)
--compressed required to return a compressed format
-h/--header <line> Custom header information to the server
-i/--head only the response message header information is displayed
--limit-rate <rate> Set Transfer speed
-u/--user <user[:p assword]> Setting up the user and password for the server
-0/--http1.0 Using HTTP 1.0
Usage: Curl [options] [URL ...]
Another tool: ELinks
ELinks [OPTION] ... [URL] ...
-dump: does not enter the interactive mode, but directly the content of the URL output to the standard output;
15, User/group
Specifies the User's identity to run the httpd service process;
User Apache
Group Apache
suEXEC
16, using mod_deflate module compression page optimized transmission speed
Applicable scenarios:
(1) Save bandwidth, Additional CPU consumption, at the same time, some older browsers may not support;
(2) compressing resources suitable for compression, such as file files;
Setoutputfilter DEFLATE
# mod_deflate Configuration
# Restrict compression to these MIME types
Addoutputfilterbytype DEFLATE Text/plain
Addoutputfilterbytype DEFLATE text/html
Addoutputfilterbytype DEFLATE Application/xhtml+xml
Addoutputfilterbytype DEFLATE Text/xml
Addoutputfilterbytype DEFLATE Application/xml
Addoutputfilterbytype DEFLATE Application/x-javascript
Addoutputfilterbytype DEFLATE Text/javascript
Addoutputfilterbytype DEFLATE Text/css
# level of compression (highest 9-lowest 1)
Deflatecompressionlevel 9
# Netscape 4.x has some problems.
Browsermatch ^MOZILLA/4 gzip-only-text/html
# Netscape 4.06-4.08 has some more problems
Browsermatch ^mozilla/4\.0[678] No-gzip
# MSIE masquerades as Netscape, but it's fine
Browsermatch \bmsi[e]!no-gzip!gzip-only-text/html
17, https, http over SSL
A simplified process for SSL sessions
(1) the client sends an alternative encryption method and requests a certificate from the server;
(2) the server side sends the certificate and the selected encryption method to the client;
(3) the client obtains the certificate and carries on the certificate verification:
If you trust the CA to which the certificate is issued:
(a) legality of the source of the verification certificate; the digital signature on the certificate is decrypted with the Ca's public key;
(b) legality of the content of the positive certificate: completeness of the verification
(c) Check the validity period of the certificate;
(d) Check whether the certificate has been revoked;
(e) the name of the owner of the certificate, consistent with the target host of the visit;
(4) the client generates a temporary session key (symmetric Key) and uses the Server-side public key to encrypt the data sent to the server to complete the key exchange;
(5) The service uses this key to encrypt the resource requested by the user, responding to the client;
Note: SSL sessions are created based on IP address, so only one HTTPS virtual host can be used on a single IP host;
Review several terms: pki,ca,crl,x.509 (v1, v2, v3)
Configure HTTPD to support Https:
(1) apply for a digital certificate for the server;
Testing: issuing a certificate through a privately built CA
(a) Creating a private CA
(B) Create a certificate signing request on the server
(c) CA Visa
(2) Configure HTTPD to support the use of ssl, and the use of certificates;
# yum-y Install Mod_ssl
Configuration file:/etc/httpd/conf.d/ssl.conf
DocumentRoot
ServerName
Sslcertificatefile
Sslcertificatekeyfile
(3) the test is based on HTTPS access to the corresponding host;
# OpenSSL s_client [-connect host:port] [-cert filename] [-capath directory] [-cafile filename]
18, httpd self-brought Tool Program
Htpasswd:basic authentication based on file implementation, the use of the account password file generation tool;
APACHECTL:HTTPD comes with a service control script that supports start and stop;
Apxs: provided by the Httpd-devel package, extended httpd use of Third-party module tools;
Rotatelogs: Log Scrolling tool;
access.log--
access.log, access.1.log--
access.log, acccess.1.log, Access.2.log
Suexec: when accessing certain resources with special permission configuration, the temporary switch to the specified user is run;
Ab:apache Bench
19, httpd pressure test tools
ab, webbench, http_load, seige
jmeter, LoadRunner
Tcpcopy: netease, reproduce the real request in the production environment, and save it;
AB [OPTIONS] URL
-n: Total number of requests;
-c: the number of concurrent simulations;
-k: tested in persistent connection mode;
Configuration of the HTTP protocol and HTTPD for Linux services (ii)