TCP: Transmission Control Protocol, connection-oriented protocols, the need to establish a virtual link before communication, and remove the link after the end. Port number: 0-65535
UDP: User Message Protocol, no connection protocol. Port number: 0-65535
0-1023: Well-known ports, permanent allocations for fixed applications, privileged ports, 22/tcp (SSH), 80/tcp (HTTP), 443/tcp (HTTPS), 53/tcp| UDP (DNS), 21/tcp (FTP), and so on.
1024-41951: Also for the registration port, the single request is not strictly assigned to the program registration for an application use, 11211/TCP, 11211/UDP (memcached), 3306/tcp (MySQL) and so on.
41952-65535: The client program randomly uses the port, the dynamic port, or the private port, the definition of its scope:/proc/sys/net/ipv4/ip_local_port_range
Another implementation of SOCKET:IPC (interprocess communication) that allows communication between different processes on different hosts (even the same host), data exchange, Socket API, 1983, 4.2 BSD.
Class B: 128.0.0.0-191.255.255.255,netmask:16, each network has 2^16-2 available IP
Class C: 192.0.0.0-223.255.255.255,netmask:24, each network has 2^8-2 available IP
Socket domain: Indicates the "domain" of the communication (scope), we are in the IPv4 or IPv6 This range of communication, also determines whether our communication address is IPV4 format or IPv6 format.
Af_unix: used when communicating between different processes on the same host.
Each type of socket provides at least two sockets: stream, datagram.
Flow: Reliable delivery, connection-oriented, no boundaries.
Datagram: Unreliable delivery, bounded, no connection.
Css:cascading style Sheet, cascading style sheets
Js:javascript
Mime:multipurpose Internet Mail extesion, Multipurpose Internet Mail Extension Protocol, reference connection: Https://baike.baidu.com/item/MIME/2900607?fr=aladdin
Working mechanism: Reference http://blog.csdn.net/hguisu/article/details/8680808
HTTP request
HTTP response
Web Resources: Web Resource
static files:. jpg. gif. html. txt. js. css. mp3. mp4
Dynamic files:. php. JSP ...
Media:
Media type (MIME type): Major/minor
Text/html
Text/plain
Image/jpeg
Image/gif
Uri:uniform Resource Identifier, the Uniform Resource identifier.
Url:uniform Resource Locator, a Uniform Resource locator that describes the location of a specific resource for a server
Scheme://server:port/path/to/resoource
Http://www.magedu.com/images/logo.jpg
Urn:uniform Resource nameing, Uniform Resource name, currently less used
Protocol version of HTTP
http/0.9: Prototype version, simple functionality
http/1.0: The first widely used version that supports MIME.
http/1.1: Some features have been improved in version 1.0, such as enhanced caching capabilities.
Http/2.0:http/ng Next-generation HTTP
A complete HTTP request processing process:
1. Establish or process a connection, receive a request or reject a request.
2. Receiving a request: the process of receiving a request for a resource from a request packet in the network.
Concurrent access to the appropriate model (WEB I/O):
Single-process I/O structure: Initiates a process to process user requests, processing only one at a time, and multiple requests being serially responded to;
Multi-process I/O structure: Start multiple processes in parallel, each responding to a request;
Multiplexing I/O structure: a process responds to n requests;
Multithreaded model: A process generates n threads, and each thread responds to a user request;
Event-driven: Event-driven;
Multiplexed multi-process I/O structure: starts m processes, each process responds to n requests;
3. Process the request, parse the request message, and obtain information about the requested resource and the request method.
Meta Data: Request headers
<method><URL><VERSION>
Host:www.baidu.com the requested host name
Connection:
4. Access resources: Gets the requested resource in the request message.
A Web server is a server that hosts Web resources, and is responsible for providing the requestor with static resources requested by the requester, or dynamically generated resources, which are placed under a path in the domain local file, which is often referred to as docroot.
/www/var/html/
Images/1.jpg
Http://www.magedu.com/images/1.jpg
Web Server Resource Path mapping method:
A.docroot
B.alias
C. Virtual Host Docroot
D. User home directory Docroot
5. Building Response Messages
MIME type of resource:
Show categories
Magic Category
Negotiation classification
URL redirection: A Web server builds a response that is not a resource requested by a client, but a resource under another access path.
6. Sending response messages
7. Logging
HTTP Server program
httpd
Nginx
Lighttpd
Application Server:
Iis
Tomcat,jetty,jboss,resin
Webshpere,weblogic,oc4j
www.netcraft.com (View the usage ratio of each program)
HTTPD installation configuration and use:
Httpd:apache
A patchy server =apache
Asf:apache Software Foundation (Apache Software Foundation)
Features of the httpd:
Highly modular: Core+modules
Dso:dynamic Shared Object
Mpm:multipath processing Modules (multi-channel processing module)
Prefork: A multi-process model in which each process responds to a request; a master process is responsible for generating n child processes, which are also known as worker processes, each of which processes a user request, and, even without a user request, pre-generates multiple idle processes, waiting for the request to arrive at the maximum of 1024.
Worker: A multithreaded model in which each thread responds to a request; one master process produces multiple child processes, each of which is responsible for generating multiple threads, each responding to a request.
m process, N thread: M*n requests
Event: Events-driven model, each thread responds to n requests; one master process generates m child processes, and each process bytes N requests
Httpd-2.2:event for test use
Httpd-2.4:event can be used in production
HTTPD Features:
Virtual Host
IP, Port, FQDN
Cgi:common Gateway Interface, Universal Gateways Interface
Reverse Proxy
Load Balancing
Path aliases
Rich authentication mechanism: basic|digest
Support for third-party modules
CentOS 6:
Program Environment:
Configuration file:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf
Service script:
/etc/rc.d/init.d/httpd
Configuration file:/etc/sysconfig/httpd
Main Program Files:
/usr/sbin/httpd
/usr/sbin/httd.event
/usr/sbin/httpd.worker
Log file directory:/var/log/httpd/
Access_log: Access Log
Error_log: Error Log
Site Documentation Directory:/var/www/html
Module file path:/uar/lib64/httpd/modules
Configuration file Composition:
~]# grep "section"/etc/httpd/conf/httpd.conf
# # # section 1:global Environment/* Global environment variable */
# # # 2: ' Main ' server configuration/* Central Host configuration */
# # # section 3:virtual hosts/* Virtual Host configuration */
Configuration format: Directive value
directive: Character case insensitive
Value: For path, depending on file system
Common configuration:
1. Modify the listening IP and Port:listen [ip:]port (omit IP indicates that all ip;listen of the listener can be repeated multiple times)
2. Persistent connection: persistent Connection; connection is established, each resource gets completed and does not disconnect, but continues to wait for other requests to complete;
How to disconnect: 1. Quantity limit 100,2. Time limit: Configurable
Side effects: For servers with a large number of concurrent accesses, the persistent connection feature causes some requests to be unresponsive.
Compromise: Use shorter persistent connections (httpd-2.4 supports millisecond-length persistence)
Non-persistent connection: three handshakes and four disconnects are required for each originating request.
KeepAlive on| Off--turn persistent connections on or off
Maxkeepaliverequests #--Maximum number of connections
KeepAliveTimeout #--Persistent connection hold time
3.mpm:prefork|worker|event
http-2.2 does not support compiling multiple modules at the same time, only one is selected at compile time; the RPM-installed package provides three binaries for support of different mpm mechanisms; The method of confirmation is: pa aux | grep httpd
The default is/USR/SBIN/HTTPD, which uses prefork
To view a list of modules:
To view statically compiled modules:
# httpd-lcompiled in Modules: core.c prefork.c http_core.c mod_so.c
To view the static compilation and dynamic load modules:
Httpd-m
Replace the HTTPD program used:/etc/sysconfig/httpd/Modify the value of "httpd=" to restart.
#prefork的配置 <ifmodule prefork.c> startservers 8 minspareservers 5 maxspareservers - Serverlimit maxclients maxrequestsperchild 4000 </ifmodule># Worker configuration <ifmodule worker> startservers 4 maxclients minsparethreads - Maxsparethreads threadsperchild 0 </IfModule>
Pv,uv:pv:page Vies: page views, uv:user view, user views (independent IP volume)
4.DSO
Configuration instruction Implementation Module loading: LoadModule <mod_name> <mod_path>
The module path can be used relative to address: 1. Relative to the path pointed to by ServerRoot (/ETC/HTTPD):/etc/httpd/modules
5. Define the document page path for ' Main ' server, DocumentRoot
Document PATH Mapping: The path that documentroot points to is the start location of the URL path: DocumentRoot "/var/www/html"
Test/index.html-->http://host:port
/test/index.html
6. Site access control: You can specify which resources to access control based on two types of paths
File system path:
<directory "" > </Directory>
<file "" > </File>
<filematch "" > </FileMatch>
URL path
<location "" > </Location>
...
"Source Address" for access control in 7.Directory
1.Options: All available features: Indexes Includs
FollowSymLinks SymLinksIfOwnerMatch execcgi MultiViews
None,all
Indexes: Index
FollowSymLinks: Run trace symbol link file
2. Access control mechanism based on source address
Order: Detection Order
Order Allow,deny
Order Deny,allow
Allow from ipaddr
Deny from IPAddr
Source Address:
1.IP
2.NETADDR:
172.16
172.16.0.0
172.16.0.0/16
172.16.0.0/255.255.0.0
8. Define default Main page: Direcotryindex index.html Index.html.var
9. Log settings:
Error log: Errorlog Logs/error_log
Loglevel warn (log level): Debug Info Notice warn error crit alert Emerg
Access log: Customlog Logs/access_log combined
Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\" {user-agent}i\ "" combined
%H: Client IP Address
%l:remote logname (from identd,if supplied), Telnet name,-represented as empty
%u:remote user, (from Auth;may being bogus if return status (%s) is 401);
%t:time the request is received (standard Chinese format), the server receives the requested time
%r:first Line of request, the first row of requests for messages (method URL version)
%>: Response status Code
%b: The size of the response message, in bytes, not including the header of the response message;
%{referer}i: The value of the "Referer" header in the request message, the access entry for the current resource, and the hyperlink from which page to jump.
%{user-agent}i: The value of the "User-agent" header in the request message, which is the application to which the request is made.
Reference connection: Http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats
10. Path aliases
DocumentRoot "/www/htocs"
http://www.magedu.com/download/
bash-4.4.2-3.el6.x86_64.rpm
-->/www/htdocs/download/
bash-4.4.2-3.el6.x86_64.rpm
alias/url/"/path/to/somedir/"
alias/bbs/"/forum/htdocs"
Http://www.magedu.com/bbs/index.html
-->/forum/htdocs/bbs/
11. Set the default character set
Adddefaultcharset UTF-8
gbk,gb2312,gb18030
12. User-based access control
Authentication challenge: Www-authenticate, the response code is 401, the client request is denied, and the customer is required to provide the account number and password;
Authentication: Authorization, the client user fills in the account number and the password again sends the request message authentication through, then the server sends the response the resource;
Authentication type: 1.basic plaintext 2.digest, message digest
Security Domain: A path that requires user authentication to be accessed, which should be identified by name and used to inform the user of the reason for authentication;
The user's account number and password are stored in the location:
Virtual account: The authentication ID used only to access a server
Storage: text files, SQL databases, LDAP, NIS
Basic certification:
1. Define the security Domain
<directory "" >
Options None
AllowOverride None
Authtye Basic
AuthName "STRING"
AuthUserFile "/path/to/httpd_user_passwd_file"
Require User username1 UserName2
......
</Directory>
Allow all users in the account file to log in to access:
Require Valid-user
2. Provide account and password storage (text file)
Manage with the HTPASSWD command
htpasswd [option] passwordfile username
-C: Passwordfile is created automatically, so it should only be used when the first user is added
-M:MD5 Encrypt user Password
-S:SHA1 Encrypt user Password
-D: Delete the specified user
3. Implement group-based authentication:
<Directory>
Options None
AllowOverride None
AuthType Basic
AuthName "STRING"
AuthUserFile "/path/to/httpd_user_passwd_file"
AuthGroupFile "/path/to/httpd_group_file"
Require Group GROUP1 GROUP2
</Directory>
To provide: User account files and group files
Group files: Group 11th of each row
Grp_name:user1 User2 User3
Example:
<dircectory "/www/htdocs/admin" >
Options None
AllowOverride None
AuthType Basic
AuthName "Administrator Private"
AuthUserFile "/ETC/HTTPD/CONF.D/.HTPASSWD"
AuthGroupFile "/etc/httpdconf.d/.htgroup"
Require Group WebAdmin
</Directory>
13. Virtual Hosting
There are three implementation scenarios:
IP-based: Prepare at least one IP address for each virtual host
Based on port: prepare at least one dedicated port for each virtual host; seldom used in practice
Based on hostname: Prepare at least one dedicated hostname for each virtual host;
Can be mixed using any of the three above methods.
Note: The general virtual host is very useful to the central host, so to use the virtual host, first disable the central host; method: Comment DocumentRoot
Each virtual host has a proprietary configuration:
<virtualhost "Ip:port" >
ServerName
DocumentRoot ""
</VirtualHost>
Serveralias: Aliases for Virtual hosts
Errorlog
Customlog
<directory "" > </Directory>
Example 1. IP-based
<virtualhost 172.16.100.250:80>
ServerName web1.magedu.com
DocumentRoot "/vhosts/web1/htdocs"
</VirtualHost>
<virtualhost 172.16.100.251:80>
ServerName web2.magedu.com
DocumentRoot "/vhost/web2/htdocs"
</VirtualHost>
Example 2: Port-based
<virtualhost 172.16.100.251:80>
ServerName web2.magedu.com
DocumentRoot "/vhost/web2/htdocs"
</VirtualHost>
<virtualhost 172.16.100.251:8080>
ServerName web3.magedu.com
DocumentRoot "/vhost/web3/htdocs"
</VirtualHost>
Example 3: Based on hostname
<virtualhost 172.16.100.251:80>
Servernme web2.magedu.com
DocumentRoot "/vhost/web2/htdocs"
</VirtualHost>
<VirtualHost>
ServerName web4.magedu.com
DocumentRoot "/vhost/web4/htdocs"
</VirtualHost>
<VirtualHost>
ServerName web5.magedu.com
DocumentRoot "/vhost/web5/htdocs"
</VirtualHost>
14. Built-in Status page
<Location/server-status>
SetHandler Server-status
Order Deny,allow
Deny from all
Allow from 172.16
</Location>
Implementation: Access control based on account;
HTTP NOTE 1