Apache httpd Service--http Protocol

HTTP protocol

? The version of the HTTP protocol is: http/0.9, http/1.0, http/1.1, http/2.0;http protocol is stateless, the server cannot continuously trace the source of the client, the method of resolving HTTP protocol stateless has cookies and session ; A single-access process request (requests) and response (response) is an HTTP transaction

HTTPQ Request Message

HTTP response Messages

HTTP messages

• Request message

<method> <request-URL> <version> <headers> <entity-body> 

• Response message

<version> <status> <reason-phrase> <headers> <entity-body> 

Method: The request methods that indicate what the client wants the server to do with the resource

Get: Get a resource from the server
HEAD: Get the document's response header from the server only
POST: Enter data to the server, which is usually processed by the gateway program again
Put: Store the principal part of the request on the server, such as uploading a file
Delete: Request to delete the specified document on the server
Trace: Trace request arrives at the Server intermediate proxy server
OPTIONS: Request server returns the request method used for the specified resource support

Status: Marks what happens during request processing, such as 200,301, 302, 404, 502

200: Successful, the request data is sent through the entity-body part of the response message; OK
301: The requested URL points to a resource that has been deleted, but the new location where the resource is located is indicated in the response message through the header position; Moved Permanently
302: Response message location indicates temporary new position of resources; Moved temporarily
304: The client makes a conditional request, but the resource on the server has not changed, notifying the client by responding to this response status code; not Modified
401: Need to enter account and password authentication to access resources; unauthorized
403: the request is forbidden; Forbidden
404: The server cannot find the resource requested by the client; not Found
500: Server internal error; Internal Server errors
502: The proxy server received a pseudo-response from the backend server, such as unable to connect to the gateway; Bad Gateway
503: Service Unavailable, temporary server maintenance or overload, server unable to process request
504: Gateway Timeout

Reason-phrase: A brief description of the status marked by the status code

Headers: Each request or response message may contain an arbitrary header, each header has a header name, followed by a colon and followed by an optional space followed by a value

Entity-body: Data that is attached to data or response when requested

HTTP header Field

1. The HTTP header field contains the most informative information. The first field is also present in the request and response messages and covers the content information related to the HTTP message. The first field is used to provide customer service side and server side the message body size, language used, authentication information and so on;
2. Header field structure The HTTP header field is composed of the header field name and the field value, separated by a colon ":";
3. The field value corresponds to a single HTTP header field that can have multiple values;
4. When two or more header fields with the same header field name appear in the header, it is not clear within the specification that the order of precedence may be different depending on the internal processing logic of the browser, and the results may not be consistent.

• General Header: The header used by both the request and response messages

Date: The time the message was created
Connection: Connection status, such as Keep-alive, close
Via: Displays the intermediary node through which the message was passed (proxy, Gateway)
Cache-control: Controlling caching, such as cache duration
Mime-version: MIME version used by the sending side
Warning: Error Notification

• Request Header: The header used when sending request messages from the client to the server side. Supplemental content, client information, request content-related priority information, etc.

Request Header:
Accept: Notifies the server of its own acceptable media type
Accept-charset: Acceptable character set for the client
Accept-encoding: The client can accept encoded formats, such as Gzip
Accept-language: Acceptable language for clients
CLIENT-IP: Requested Client IP
Host: The requested server name and port number
Referer: Jumps to the previous URL of the current URI
User-agent: Client Agent, browser version

Conditional Request Header:
Expect: Allow clients to list the server behavior required by a request
If-modified-since: Whether the requested resource has been modified since the specified time
If-unmodified-since: Contrary to the above
If-none-match: The ETag label of the document stored in the local cache does not match the etag of the server document
If-match: Contrary to the above

Security Request Header:
Authorization: Send authentication information to the server, such as account number and password
Cookie: The client sends a cookie to the server
Cookie2: The cookie version used to describe the request-side support

Proxy Request Header:
Proxy-authorization: Authenticating to a proxy server

• Response header: The header to use when returning a response message from the server side to the client. Additional content for the response is added, and additional content information is also required from the client

Informational Nature:
Age: Response duration from initial creation
Server: Program software name and version
Negotiation header: Used when a resource has multiple representation methods
Accept-ranges: The type of request scope that the server can accept
Vary: Other header lists viewed by the server
Security Response Header:
Set-cookie: Setting Cookies to clients
Set-cookie2: Similar to the above
Www-authenticate: List of challenges from the server to the client

• Entity Header: The header used for the entity portion of the request message and response message. Added resources within the
  Update time and other entity-related information

? Allow: Lists the request methods that can be used for this resource entity
Location: Tell the client where the real entity is located
Content-encoding: Encoding of the principal execution
Content-language: The most appropriate language to understand the subject
Content-length: Length of the body
Content-location: Where the entity is really located
Content-type: Object type of the principal, such as text
Cache correlation:
ETag: Extended label for entity
Expires: The expiration time of the entity
Last-modified: Time of last modification

• Extension header

Cookies

? HTTP is a stateless protocol . The protocol itself does not save the communication state between the request and the response. That is, at the HTTP level, the protocol does not persist for sent requests or responses. This is to deal with a lot of transactions faster, to ensure the scalability of the Protocol, and specifically to design the HTTP protocol so simple. However, with the continuous development of the WEB, many businesses need to save the state of communication. Cookie technology was introduced. The State management cookie technology using cookies controls the state of the client by writing cookie information in the request and response messages. The cookie notifies the client to save the cookie based on a header field information called Set-cookie in the response message sent from the server side. When the next client sends a request to the server, the client automatically adds the Cookie value to the request message and sends it out. After the server-side discovers the Cookie sent by the client, it checks the connection request from which client, then compares the records on the server, and finally obtains the previous state information.

Set-cookie Header Field Example:

~]# curl-v pan.baidu.comset-cookie:baiduid=0d82f2da4e71efde069d8c6bc7d7f22e:fg=1; Expires=fri, 21-jun-19 03:48:53 GMT; max-age=31536000; path=/; domain=.baidu.com; Version=1

Name=value gives the Cookie the name and its value, which is required
Expires=date the expiration date of the Cookie, if not explicitly specified, by default until the browser is closed
Path=path the file directory on the server as the applicable object for the cookie, and defaults to the file directory where the document is located if not specified
domain= domain name as the domain name of the cookie applicable object, if not specified, the default is the domain name of the server that created the cookie
Secure only sends cookies when HTTPS is securely communicating
HttpOnly restrict cookies from being accessed by JavaScript scripts

Example: viewing cookies

~]# Yum Install httpd php-y~]# vim/var/www/html/setcookie.php<?phpsetcookie ("title", "Hello World")? >~]# Vim/var /www/html/index.php<?phpecho $_cookie["title"];var_dump ($_cookie);? >~]# systemctl Start httpd

First visit:http://192.168.0.7/setcookie.php

Re-visit:http://192.168.0.7/index.php

Show:

hello worldarray(1) { ["title"]=> string(11) "hello world" }

The cookie is already in effect.

A complete HTTP request processing process

1. Resolution Request: The client is accessed through the FQDN, first resolved by the DNS server to an IP address, and returned to the client destination IP address
2. Establish connection: Receive connection request
3. Receive request: The process of receiving a request for a resource in a client request message
4. Processing request: The server parses the request message and obtains information about the requested resource and request method, and processes the request according to the method, resource, header and optional principal part.
5. Get a resource: The server obtains the requested resource Web server in the request message, which is the server that holds the Web resource, is responsible for providing the requestor with the static resources requested by the requester, or the resources generated after the dynamic run
6. Build Response message: Once the Web server recognizes the resource, it executes the action described in the request method and returns the response message. The response message contains the response status code, the response header, if the response body is generated, also includes the response body
7. Send Response message: The Web server also faces the same problem as receiving data when sending data over a connection. The server may have many connections to each client, some are idle, some are sending data to the server, and some are echoing the response data to the client. The server wants to record the status of the connection, and also pay special attention to the processing of the persistent connection. For non-persistent connections, the server should close its own end of the connection after sending the entire message. For persistent connections, the connection may remain open, in which case the server calculates the Content-length header correctly, or the client cannot know when the response is over.
8. Logging: Finally, when the transaction ends, the Web server adds an entry in the log file to describe the transaction that was executed

Apache HTTP Server Introduction

? Apache, an open source web server software for the Apache Software Foundation, can run on most computer operating systems. Because of its cross-platform and security, is widely used, is one of the most popular Web server software. It is fast, reliable, and can be augmented with simple APIs to compile perl/python and other interpreters into the server.

Characteristics:

• Highly modular: Core + modules
• Dso:dynamic Shared Object dynamic Add/Unload
• Mpm:multi-processing module multi-channel processing modules
• Prefork: Multi-process I/O model, each process responds to a request, the default model

One main process: Generate and Reclaim n child processes, create sockets, do not respond to requests

Multiple child processes: The work process, each child process processing a request, the system initially, the pre-generation of several idle processes, waiting for the request, maximum no more than 1024

• Worker: multiplexed Multi-process I/O model, multi-process multithreaded, IIS uses this model

One main process: generate M child processes, each of which is responsible for producing n threads, each of which responds to a request, and the concurrent response request: M*n

• Event: Incident-driven model (variant of worker model)

A main process: generate M child processes, each process responds to n requests directly, concurrent response requests: M*n, there is a dedicated thread to manage these keep-alive types of threads, when there is a real request, the request is passed to the service thread, after execution is complete, and allow the release. This enhances the request processing capability in high concurrency scenarios

• Virtual Host: Ip,port,fqdn
• Cgi:common Gateway Interface, Universal Gateways Interface
• Reverse Proxy
• Support for third-party modules

Apache httpd Service--http Protocol