Web Services in layman's

For people who have not done web development, web development involves a lot of nouns, Apache. Nginx,cgi,php,http,cookie. Session What is this big piece of stuff, and here we go from the network level to clear these things.

1. What is HTTP

For the web is always the thing is HTTP, then what is HTTP? The official word is Hyper Text Transfer Protocol, which is also inferred from the name that HTTP is a protocol. and is an application layer protocol, its corresponding transport layer protocol TCP.

So, what the hell. HTTP is an application-layer protocol based on TCP.

So the simple point is that the client initiates the connection, and then each other sends a datagram through TCP, and the server will reply to a datagram after processing. and close the connection. This time the HTTP request is over.

So the initial HTTP model is to request a corresponding connection at a time. That is what we often see, HTTP stateless features.

1.1 Format of the datagram

According to the process described above. You need to specify a format between the server and the client, both parties in accordance with the format to unpack, HTTP protocol format such as the following:

You can see the full picture of a package with no matter what one grab bag tool, such as the header field name will include Accept, accept-encoding, Accept-language, Cache-control, connection, Cookie, host, User-agent and so on.

and the server reply to the datagram must contain a status code. Baotou includes fields such as Cache-control, Connection, content-encoding, content-type, date, pragma, server, Setcookie, transfer-encoding, and so on.

A few interesting fields will be picked up later to illustrate.

1.2 http Cookies

Say cookies first. What is a cookie used to do? We know that the HTTP protocol itself means that every request is stateless. That is, there is no logical association between two requests, and HTTP server does not know whether the second request and the first request are from the same client. However, as a Web application stateless is certainly not satisfied with the demand. One of the most typical examples is the user's login state, we can not ask every time the user wants to get a page to log in again, so there is a mechanism to record these States, cookies and session is the most important solution.

Cookies are managed by the browser and are generally stored in client memory, so the lifecycle is the browser session, after the browser is closed. The cookie will go away on its own initiative.

Of course, suppose the cookie sets the expiration time. It will also be synced by the browser on the disk.

During each HTTP request, the browser chooses a portion of the cookie in the HTTP header to be sent to webserver in accordance with certain principles.

So the direct result of a cookie being too long is that the HTTP packet is too large, so the HTTP protocol has a limit on the length of the cookie.

How do I change cookies? We can often see the sample code that uses JS or PHP to change the cookie. Using JS to change the cookie is more intuitive, because the cookie is managed by the browser, JS is also by the browser to parse. But why would PHP be able to change cookies as a script for server side? Because of the Set-cookie field in the HTTP callback, this field tells the browser which fields of the cookie need to be changed.

Now that you mention cookies, talk about the session together.

The session is also a mechanism designed to achieve state preservation. But it does exist on the server side.

Session can be seen as a server side of a hash table, the default is stored as a file, the hash table key is the session ID. The session ID is stored in the cookie, so each time the server unlocks the HTTP packet, the session ID in the cookie will be able to data in the hash table. Then the problem comes, assuming the user has banned cookies in the browser. Can't you find the session? Of course not, but there are many other ways of banning cookies that can be put back in the HTTP package, and can be placed in the other fields of the header, for example get parameters. can also be placed in the package body, such as the post number, such things can not be baffled by the program ape

1.3 http LONG/short connection

In http1.0 where there is no connection this field, because in http1.0 it is a request for a corresponding connection, that is, after the server issued the corresponding will be actively disconnected. This will

The connection field is added to the http1.1 version number, and the default value is keep-alive. Its other value is close.

Keep-alive is the way to tell the other person this request is a long connection. That is, do not disconnect after sending the corresponding package, even if it is an error response.

To give a sample example:

Request

• Connection:keep-alive indicates that please do not disconnect after this request
• Connection:close says disconnect after this request

Response

• Connection:keep-alive I'm not going to disconnect after this request.
• Connection:close I will disconnect after this request.

So the request and the response only have a close, which means that the connection will be disconnected after this time.

When the first request and response are keep-alive. A long connection was established. This time the client will be able to use the pipeline way to the server to the contract. Pipeline means that the client sends the request continuously without waiting for a response, and the server responds in the order of request.

The long connection brings new problems.

1.3.1 Timeout Protection

What if I have been in a inactive state since the connection was established? Wasted server an FD and client port. Therefore, a timeout protection mechanism is required, such as the ability to configure the value of its keepalive_timeout in Nginx. The HTTP protocol does not specify the time-out for server and client. Can be arbitrarily specified by the developer.

1.3.2 Sub-Package protocol

In short-connect mode. Because the connection is closed directly after each server response, the short client only needs to infer EOF to infer whether the response package is over. For the keep Alive model, the continuation of this approach will greatly reduce efficiency. So the Content-length and transfer-encoding two fields are introduced.

1.4 http Datagram Terminator

When a client requests a static resource for a server. The message length that the server clearly responds to. So you can use the Content-length field to tell the client the length of the response data.

Assuming, however, that a dynamic Web page is requested, it is impossible for the server to know the length of the corresponding packet beforehand. So it is possible to use the transfer-encoding:trunked mode to pass data, that is, to generate data on one side to send. The one-time correspondence consists of multiple trunks, finally ending with a trunk marker of length 0. Each trunk is a block of data. The trunk header marks the length of the current data block.

2. What is Apache and Nginx

Assuming that they are HTTP servers (and, of course, other feature), it is easier to understand that they are an implementation of the HTTP protocol, such as Nginx HTTP module basically is in accordance with the HTTP protocol of the RFC document, the various situations cover again. Simply put. Package, filter, and subcontracting is a brief of nginx.

3. What is the general Web architecture?

is a common web schema that is used by the reverse proxy server. Httpserver composition. Httpserver is also divided into Nginx process and PHP process.

First, a reverse proxy serveris exposed to the user. The existence of reverse proxy has several functions, one is load balancing. The reverse proxy server receives the packet and forwards it to the real Business Server in accordance with a certain load-balancing algorithm, and one of the actions is to prevent the attack. It will filter out a lot of illegal requests according to certain rules, thus reduce the load of the business machine, because it is simply forwarding, there is no real business logic, so even if hackers attack this layer is not much harm. At the same time, the reverse proxy server is also able to cache some static resources. Further reduce the load on the business machine.

Nginx, as a httpserver, is primarily responsible for the hold connection throughout the architecture. Does not do the actual processing of the request, it is drawn as a block in the. But it is also a multi-process structure.

If 8 Nginx workers are configured on the same machine. The number of connections per worker configured is 1024, so the ability to hold the machine is probably 8*1024.

Nginx worker and PHP-FPM communication mode is through the socket to communicate, so nginx and PHP-FPM can be deployed on the same machine can also be deployed on different machines.

PHP-FPM is a PHP plugin that is now integrated into PHP's core code and is an implementation of fast-cgi. Its process structure is basically similar to Nginx, which is composed of a master process and multiple worker processes. FASTCGI rules that each request comes in and picks a process from the process pool. To load and run a PHP script that will be returned to the process pool after the script is finished. So PHP-FPM says it's just a process manager, as its name sees (FastCGI process manager).

PHP-FPM the number of worker processes is configured by two static and dynamic. If configured as static, the number of Max_children workers is directly forked from master at the time of FPM startup, and this number is unchanged in execution.

Dynamic, however, represents a dynamically forked worker process based on detailed requests, with a maximum value of Max_children. So, how should this Max_children be configured? Assuming that the number of workers is too small, then PHP-FPM received Nginx data request when the process pool is found to have no process, the direct denial of service, resulting in the HTTP request ended 502.

Assuming that Max_children is configured too much, it consumes redundant system resources, especially in the case of static. So the more modest way to do this is to match the value to a larger one, and then observe the number of active processes. Finally, select a suitable value.

We can see in fastcgi mode. A process is a corresponding request, if said on a machine we configured 300 fastcgi process, then it can be processed at the same time the maximum number of requests is 300, is far less than the access capability of Nginx.

Assuming PHP has some plug-in calls (such as file upload download, etc.), the current process can not handle other requests, so that php-fpm in this framework is a bottleneck, how to improve performance is a question worth exploring.

When the browser appears with an error page or a white page. It is possible that no matter what part of the failure. It's going to be a slow look.

Web Services in layman's