http-2.2

HTTP-2.2

httpd configuration file Composition: grep "section"/etc/httpd/conf/httpd.conf # # # # 1:global Environment # # # # 2: ' Main ' Server Configuration # # # # section 3:virtual hosts Configuration format: Directive value directive: case-Insensitive character value: is case-sensitive when it is a path, Depending on the file system httpd2.2 program Environment RPM-QL HTTPD/ETC/HTTPD/ETC/HTTPD/CONF/ETC/HTTPD/CONF.D/ETC/HTTPD/L        Ogs/etc/httpd/modules/etc/httpd/run/etc/logrotate.d/httpd/etc/rc.d/init.d/htcacheclean /ETC/RC.D/INIT.D/HTTPD/ETC/SYSCONFIG/HTCACHECLEAN/ETC/SYSCONFIG/HTTPD/USR/LIB64/HTTPD/ usr/lib64/httpd/modules/usr/sbin/apachectl/usr/sbin/htcacheclean/usr/sbin/httpd/usr/sbin/h        Ttpd.event/usr/sbin/httpd.worker/usr/sbin/httxt2dbm/usr/sbin/rotatelogs/usr/sbin/suexec        /usr/share/doc//usr/share/man/man8//var/cache/mod_proxy/var/lib/dav/var/log/httpd      /var/run/httpd  /var/www/var/www/cgi-bin/var/www/error/var/www/html/var/www/icons Service script:/etc/r  C.D/INIT.D/HTTPD configuration file:/etc/sysconfig/httpd/etc/httpd/conf/httpd.conf Service Control and startup: Chkconfig httpd        On|off Service {start|stop|restart|status|configtest|reload} httpd site Web page document root:/var/www/html module file path:        /etc/httpd/modules/usr/lib64/httpd/modules Main program file:/usr/sbin/httpd/usr/sbin/httpd.worker   /usr/sbin/httpd.event main process file:/etc/httpd/run/httpd.pid log file directory:/VAR/LOG/HTTPD access_log: Access log error_log: Error log Help documentation package: Httpd-manual 3) HTTP protocol HTTP protocol http/0.9, http/1.0, http /1.1, http/2.0 stateless stateless, server unable to continuously track visitor source resolve HTTP protocol Stateless method cookie client holds session costume            Service-Side Hosting HTTP transactions: one-time access to process requests: Request response: Response protocol View or analysis tools: tcpdump wireshark tshArk1 "Displays server version information Servertokens major| minor| min[imal]| prod[uctonly]| os| Full Servertokens prod[uctonly]: Server:apache servertokens major:server:apache/2 servertokens Min or:server:apache/2.0 Servertokens Min[imal]: server:apache/2.0.41 servertokens os:server:apache/2.0.41        (Unix)    Servertokens full (or not specified): server:apache/2.0.41 recommended to modify the listening IP and PORT Prod using Servertokens Listen 2 [ip:]port Omit IP is represented as 0.0.0.0 Listen instruction at least one, can repeat multiple Listen Listen 8080 modify the listener socket, restart the service process to take effect 3 "persistent connection Persiste    NT Connection: The connection is established, each resource gets completed and does not disconnect, but continues to wait for other requests to complete, by default closing the persistent connection. Disconnect condition: Limit to 100 time limit: In seconds, httpd-2.4 supports millisecond side effects: For servers with a large number of concurrent accesses, the persistent connectivity feature makes some requests unresponsive: use a shorter persistent connection time setting: Keepaliv E on|        OFF keepalivetimeout maxkeepaliverequests 100 Test: Telnet web_server_ip PORT get/url http/1.1    Host:web_server_ip4 "MPM (multi-processing module) multi-channel processing modules. Prefork, worker, event (pilot phase) httpd-2.2 does not support compiling multiple modules at the same timeblock, so only one is selected at compile time.    RPM-Installed packages provide three binary program files for support of different MPM mechanisms, respectively. 1. Confirmation method: PS aux | grep httpd defaults to/USR/SBIN/HTTPD, which is prefork 2. View the statically compiled module Httpd-l 3. View statically compiled and dynamically loaded modules Httpd–m 4.    When the dynamic module is loaded, it takes effect without rebooting. 5. Dynamic module Path/USR/LIB64/HTTPD/MODULES/6. Replace the HTTPD program used: VIM/ETC/SYSCONFIG/HTTPD httpd=/usr/sbin/httpd.worker restart service effective pstree-p|g Rep httpd View process and thread 7.        HTTPD 2.4 differs from the configuration file in a dynamic module:/etc/httpd/conf.modules.d/00-mpm.conf httpd–m |grep mpm Restart service takes effect Pstree-p|grep httpd view process and thread 8. Default configuration of Prefork <ifmodule prefork.c> startservers 8 minspareservers 5 Maxspares Ervers serverlimit 256 max process count, Max 20000 maxclients 256 max concurrent Maxrequestsperchild 4000 The maximum number of requests a child process can process, after processing Maxrequestsperchild requests, the child process will be terminated by the parent process, when the memory occupied by the child process is freed (0 o'clock never released) </IfModule> 9. Default configuration for worker <ifmodule worker.c> StartServers 4 maxclients minsparethreads maxsparethreads threadsperchild 25 Maxrequestsperchild 0 Unrestricted </ifmodule>5 "dso:dynamic Shared Object load dynamic module configuration Vim/et                C/HTTPD/CONF/HTTPD.CONF configuration Specifies implementation module loading format: LoadModule <mod_name> <mod_path> Module file path can use relative path, relative to ServerRoot, default/ETC/HTTPD example: LoadModule auth_basic_module Modules/mod_auth_basic.s        O6 "Defines the document page path for ' Main ' server DocumentRoot"/path "Document path mapping: The path that documentroot points to is the starting position of the URL path        Example: DocumentRoot "/app/data" http://HOST:PORT/test/index.html-/app/data/test/index.html Note: SELinux and Iptables7 define the site home page directoryindex index.html index.html.var 8 site access control a common mechanism for identifying which resources to access control is based on two mechanisms    。  There are two kinds of access control mechanism, namely client source address, user account file system path: <directory "/path" > ... </Directory> <file  "/path/file" >      ... </File> <filematch "PATTERN" > ... </FileMatch> URL path: & Lt Location "" > ... </Location> <locationmatch "> ... </locationmatch&g    T Example: <filesmatch "\. (gif|jpe?g|png) $ "> <files"? at.* "> Wildcard <Location/status> <locationmatch"/(Extra|s pecial)/data "> 9" <Directory> "based on source address" for access control (1) Options: followed by 1 or more list of options separated by whitespace characters, before option +,-table            Add or remove the specified options.                Common options: Indexes: The index list is returned to the user when there is no resource file in the specified URL path that matches the defined master page resource. FollowSymLinks: Allow access to the source file pointed to by the symbolic link file None: All disabled All: allow Example: <direct ory/web/docs> Options Indexes followsymlinks </Directory> <d irectory/web/docs/spec> Options followsymlinks </Directory> <D irectory/web/docs> Options Indexes followsymlinks </Directory>        <Directory/web/docs/spec> Options +includes-indexes </Directory>             (2) AllowOverride: Which directives related to access control can be placed in the specified directory. htaccess (specified by accessfilename) file, overwriting previous configuration directives, but only valid for <directory> statements. AllowOverride All: All instructions are valid allowoverride none:.htaccess file is invalid allowoverride authconfig Ind                EXEs: No other directives except authconfig and indexes can overwrite (3) Order and allow, deny order: Define the order of validity, and write in the following notation that the default law takes effect. Order Allow,deny order Deny,allow allow from deny from all Ow.denv Deny.allow only allow yes Yes only deny no no Bo                Th no Yes none no Yes Source address: IP Network:         172.16       172.16.0.0 172.16.0.0/16 172.16.0.0/255.255.0.0 (4) Example: <files "*.txt" > Order Deny,allow deny from 172.16. 100.100 allow from 172.16 </files> <files "*.txt" > Order a        Llow,deny deny from 172.16.100.100 allow from 172.16 </files> 10 "log setting 1. Log type: Access log error log 2. Error log: errorlog logs/error_log LogLevel warn LogLevel selectable values: Debug, info, not Ice,warn,error,crit,alert,emerg 3. Access log: Define log Format: Logformat format Strings Logformat "%h%l%u%t \"%r\ "%>s%b\"%{referer}i\ "\"                %{user-agent}i\ "" Combined use log format: Customlog logs/access_log combined reference Help: Http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats%h GuestClient IP address%l remote user, enable Mod_ident is valid, usually minus "-"%u authentication (Basic, Digest) remote user, non-logon access, for a minus sign "-"%t server The time when the request was received%r the first line of the request message, recording the "method" of the request, "URL", and the size of the protocol version%>s response status Code%b response message, in bytes, not including the response message HT TP Header%{referer}i The first "Referer" value in the request message, that is, from which page the hyperlink jumps to the current page of the%{USER-AGENT}I request message Header "User-agent" value, that is, Application 11 "Set default character set Adddefaultcharset UTF-8 Chinese character set: GBK, GB2312, gb18030:wq12" define path alias format: alias/url/"/pa        th/"DocumentRoot"/www/htdocs "http://www.m.com/download/bash.rpm ==>/www/htdocs/download/bash.rpm alias/download/"/rpms/pub/" http://www.m.com/rpms/pub/bash.rpm ==>/www/htdocs/download/bash.rpm 1 3 "User-based access control 1. Authentication challenge: The response code is 401, rejecting the client request and stating that the client is required to provide account number and password 2. Authentication: After the client user fills in the account number and the password again sends the request message, when the authentication passes, the server sends the response Resource 3. Authentication method Two kinds: basic: PlainText digest: Message digest Authentication, compatibility is poor 4.        Security Domain: A path that requires user authentication to be accessible, and should be identified by name to facilitate the user's authentication. 5. User's account and password virtual account: onlyThe authentication identity store used to access a service: text file, SQL database, LDAP directory store, NIS, etc. 6.                    Basic Authentication Configuration Example: (1) Define security Domain <directory "/path" > Options None allowoverride None authtype Basic authname "warning! ": Feel free to write AuthUserFile"/path/httpd_user_passwd_file "Require USER username1 username2.                ..                </Directory> Require valid-user: All users defined in the AuthUserFile file are allowed login access. Require User user1 User2 ...            : Only the specific number of users that are defined in the AuthUserFile file, such as User1,user2, are allowed to log on, which are virtual users, that is, non-system users.                     (2) Provide account and password storage (text file) use special commands to complete the creation of such files and user management htpasswd [options]/path/httpd_passwd_file username                    -C: Automatically create files and encrypt-s:sha format only if the file does not exist with-M:MD5 format -D: Deletes the specified user 7.  Authentication based on group account (1) Defining a security Domain <directory "/path" > AuthType Basic                  AuthName "String" AuthUserFile "/path/httpd_user_passwd_file" Auth Groupfile "/path/httpd_group_file" Require GROUP grpname1 grpname2 ... </directory&gt            ;                (2) Create user account and group account files; Group files: Each row defines a group grp_name:username1 username2 ... Example: <directory "/www/htdocs/admin" > "Options None" Al                        Lowoverride None authtype Basic authname "Administator private"                        AuthUserFile "/etc/httpd/conf.d/.htpasswd" AuthGroupFile "/etc/httpd/conf.d/.htgroup" Require group Webadmins </Directory> vim/etc/httpd/conf. D/.htgroup Webadmins:wang Mage (3) remote client and user-authenticated control Satisfy all| Any client IP and user verificationThe certificate needs to be passed before any client IP and user authentication can be achieved, an example is available: Require Valid-user Order Allow,deny allow from 192.168.1 Satisfy Any14 "virtual Host 1. Site identity: The socket IP is the same, but the port is different IP, but the port is the default port 2. The FQDN is different; the first host:www.m.com in the request message is 3.        There are three implementations: IP-based: Prepare at least one IP address for each virtual host port: Use at least one separate port-based FQDN for each virtual host: Use at least one FQDN per virtual host 4.            Note: The general virtual machine should not be mixed with the main host, so to use the virtual host, the main host is generally disabled first.            Disable method: Note The documentroot of the hub host.            This is because the configuration file, which is followed by default, is overwritten earlier.        Be aware of DNS issues when using SERVERNAME. 5.            How to configure the virtual host: <virtualhost ip:port> ServerName FQDN documentroot "/path" </VirtualHost> Recommendation: The above configuration is stored in a separate configuration file 6. Other available directives: Serveralias: Alias of Virtual host, can be used multiple times errorlog: Error log customlog: Access log <directory "     /path ">       </Directory> Alias 7. Example of IP-based virtual host: <virtualhost 172.16.100.6:80> documentroot "/HTDOCS1" </virtua lhost> <virtualhost 172.16.100.7:80> documentroot "HTDOCS2" </virtualhost            > <virtualhost 172.16.100.8:80> documentroot "HTDOCS3" </VirtualHost>            Note: When you use HTTPD-T to check the error will appear, and reported that the mistake is servername No, this does not care, because there is no writing.        This confidential is equipped with all IP addresses and can be used for communication. 8.                Port-based virtual hosts: can be mixed with IP-based virtual hosts listen 808 listen 8080 <virtualhost 172.16.100.6:80> ServerName www.a.com documentroot "HTDOCS1" </VirtualHost> <virtu Alhost 172.16.100.6:808> ServerName www.b.net documentroot "HTDOCS2" </virt ualhost> <virtualhost 172.16.100.6:8080> ServerName WWW.C.ORG DocumentRoot "HTDOCS3" </VirtualHost> Note: httpd to listen to all the ports indicated here.            Be aware of DNS when using ServerName.            Or do not use the virtual machine's DNS, you configure the DNS.                        Either use the DNS of the virtual machine and match it in the/etc/hosts. 9.  FQDN-based virtual host: Namevirtualhost *:80,httpd2.4 this directive is not required <virtualhost *:80> ServerName                www.a.com documentroot "HTDOCS1" </VirtualHost> <virtualhost *:80> ServerName www.b.net documentroot "HTDOCS2" </VirtualHost> <virtua            Lhost *:80> ServerName www.c.org documentroot "HTDOCS3" </VirtualHost>    Note: The same is noted for DNS. 15 "Status" page LoadModule status_module modules/mod_status.so <Location/server-status> Sethan Dler server-status Order allow,deny allow from 172.16 </Location> ExtenDedstatus on display extended information 

http-2.2