HTTPD and HTTPS Learning notes

Source: Internet
Author: User

Tags: http HTTPS

First, the basic concept introduction:

1. Media Type:
HTML text/html Type

TXT Text/plain type
JPEG image/jpeg Type
GIF image/gif type

2, Method: The client wants the server side to perform the action of the resource
Get: Get a copy of a Web resource from the server
HEAD: Get the document header from the server only
POST: Send data to the server that needs to be processed (typically a form submission)
Put: Store the body part of the request message on the server
Delete: Delete a file from the server

3, the connected input/output processing structure:
Single-process Web server: Initiates a process to receive requests and processes only one request at a time, and then receives and processes subsequent requests after processing is completed;
Multi-process Web server: Initiates multiple processes, each processing a request, generating a process for each request, pre-generating the model, generating multiple idle child processes in advance, and a process pool (thread pool);
Web server multiplexing I/O: one process responds to multiple requests, and is implemented based on event-driven patterns;
Multi-threaded Web server for multiplexing I/O: one process responds to n requests; starts m processes; Number of requests processed simultaneously: N*M

4. Main program:

HTTPD feature Mpm:multipath processing module (multi-path processing)
Prefork: A multi-process model in which each process responds to a request, has good stability, but has limited concurrency, generates multiple idle processes beforehand, and because Prefork uses select () system calls, the maximum concurrency cannot exceed 1024;
Worker: A multi-process model in which each process can generate multiple threads, each responding to a request, and generating multiple idle threads in advance;
Event: A process responds directly to n requests, and can start multiple processes at the same time;
httpd-2.2: Test use;
httpd-2.4: Can be used in production;

Highly modular: Core + modules,
Dso:dynamic Shared Object

Httpd-l: Displays the modules compiled into the core
HTTPD-M: Display DSO module

<ifmodule prefork.c>
Startservers 8 (Start 8 idle processes)
Minspareservers 5 (Minimum idle process is 5)
Maxspareservers 20 (Maximum idle process is 20)
Serverlimit 256 (maximum number of clients)
MaxClients 256 (maximum number of clients)
Maxrequestsperchild 4000 (the maximum number of requests per child process is closed)

<ifmodule worker.c>
Startservers 4 (Number of boot processes)
MaxClients 300
Minsparethreads 25
Maxsparethreads 75
Threadsperchild 25 (maximum number of threads per process start)
Maxrequestsperchild 0

5, the log introduction:

Errorlog Logs/error_log: Defines the error log file path;
LogLevel warn

Logformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" combined

%h Remote Host
%l Remote logname (from Identd, if supplied)
%u Remote user (from Auth; bogus if return status (%s) is 401)
%t time the request was received (Standard 中文版 format)
%r first line of request
Method URL Version
%s Status. For requests that got internally redirected, the "the status of the *original* request---%>s for the last.
%b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a '-' rather than a 0 when no bytes is sent.
%{foobar}i the contents of Foobar:header line (s) in the request sent to the server.
%{referer}i: Jumps to the previous page where the source was before the current page;
%{user-agent}i: User agent;

For more information, please refer to:

Customlog logs/access_log Combined: Access log
Instruction log file log format name

6, Curl Introduction:

Curl is a file transfer tool that works in command-line mode based on URL syntax, which supports protocols such as FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, file, and LDAP. Curl supports HTTPS authentication, and supports HTTP post, put and other methods, FTP upload, Kerberos authentication, HTTP upload, proxy server, cookies, username/password Authentication, download file breakpoint continuation, upload file breakpoint continuation,, HTTP proxy Server pipeline (proxy tunneling), even it supports IPV6, SOCKS5 proxy server, upload files via HTTP proxy server to FTP server and so on, the function is very powerful.

Common options for Curl:

-a/--user-agent <string> set up user agent to send to server
-basic using HTTP Basic authentication
--tcp-nodelay using the Tcp_nodelay option
-e/--referer <URL> Source URL
--cacert <file> CA Certificate (SSL)
--compressed required to return a compressed format
-h/--header <line> Custom header information to the server
-i/--head only the response message header information is displayed
--limit-rate <rate> Set Transfer speed
-u/--user <user[:p assword]> setting up the user and password for the server
-0/--http1.0 Using HTTP 1.0

Usage: curl [options] [URL ...]

Second, HTTPS Introduction and configuration:

Configuration process
(a) Establishment of a private CA
Configure on the CA server
# (Umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)
#openssl Req-new-x509-key private/cakey.pem-out cacert.pem-days 3650
#echo > Serial
#touch Index.txt

(b) Generate a certificate for the server
Configuring on the HTTPD server
#mkdir certs/
# (Umask 077; OpenSSL genrsa-out httpd.key 2048)
#openssl Req-new-key httpd.key-out httpd.csr-days 350

Configure on the CA server
#openssl ca-in httpd.csr-out Httpd.crt-days 360

(c) Configuring httpd to use digital certificates

Note: SSL sessions can only be created based on IP, which means that if the server has only one IP, the HTTPS service is provided for only one virtual host;

Install the appropriate module package

# yum Install Mod_ssl


Listen 443
<virtualhost ip:port>
Sslengine on
Restart HTTPD Service

Third, httpd2.4 compiled installation:

New features of 1, 2.4:
1) MPM supports run-time loading
2) Support for event MPM
3) asynchronous read and write
4) support for each module and each directory using different log levels
5) Enhanced version of the expression parser;
6) Support millisecond keepalive timeout;
7) The FQDN (domain name) based virtual host no longer needs namevirtualhost;
8) Support users to use custom variables;

Added modules: mod_proxy_fcgi, Mod_ratelimit, Mod_request, Mod_remoteip

Some configuration mechanisms have been modified: no longer support the use of order, allow, deny to implement IP-based access control;

2, Installation httpd-2.4

dependent on 1.4+ and the above version of APR

Install Apr::

#./configure--PREFIX=/USR/LOCAL/APR (--prefix specifies the APR installation directory)
#make && make Install
Install Apr-util:

#make && make Install

Install httpd:
#./configure--prefix=/usr/local/apache--sysconfdir=/etc/httpd24--enable-so--enable-ssl--enable-cgi-- Enable-rewrite--with-zlib--with-pcre--with-apr=/usr/local/apr--with-apr-util=/usr/local/apr-util/-- Enable-modules=most--enable-mpms-shared=all--with-mpm=prefork
# Make && make install

Parameter description:

--sysconfdir=/etc/httpd24 specifying the configuration file path
--enable-so Start-up module dynamic loading and unloading
--enable-ssl Compiling the SSL module
--ENABLE-CGI supports CGI mechanisms (a protocol that enables a static Web server to parse dynamic requests)
--enable-rewrite Support for URL rewriting
--with-zlib support for packet compression
--with-pcre Support for regular expressions
--WITH-APR=/USR/LOCAL/APR indicates the directory where the dependent Apr resides
--with-apr-util=/usr/local/apr-util/indicates the directory where the dependent apr-util resides
--enable-modules=most enabled Modules
--enable-mpms-shared=all modules compiled in a shared manner
--with-mpm=prefork indicates that httpd works as Prefork

To switch the MPM used:
LoadModule Mpm_event_module modules/

This article is from the "Autumn Fairy tale" blog, please be sure to keep this source

HTTPD and HTTPS Learning notes

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

Tags Index: