Linux under httpd Service noun explanation and HTTP and HTTPS server Setup

Linux under httpd Service noun explanation and HTTP and HTTPS server Setup

1.http:hypertext Transfer Protocol: Hypertext Transfer Protocol

2.uri:uniform Resource Indentifier, unified Resource labeling global scope, unified path format

3.url:uniform Resource Locator: Unified resource Positioning

4.web Resources: Multiple resources are likely to be consolidated into an HTML document

5.mime:multipurpose Internet Mail Extension, multi-purpose Internet Message extension

The non-textual data is re-encoded (BASE64) in text format before transmission, and the receiver is able to re-encode it in the opposite way

Revert to the original format and be able to call the appropriate program to open the file

6. Dynamic Web page: contains static content and dynamic content

Server-side stored document non-HTML format, but programming language development script, after the script accepts the parameters

Run the server once, after the completion of the operation will generate HTML-formatted documents, the generated documents sent to the client;

7.HTTP message: Divided into request message and response message

7.1. Request Message Syntax:

<method> <request-URL> <version>

<entity-body>

For example: Request message:

get/http/1.1

Host:www.willow.com

Connection:keep-alive

7.2. Response message Syntax:

<version> <status> <reason-phrase>

<entity-body>

Example: Response message

http/1.1 201 OK

x-powered-by:php/5.2.17

Vary:accept-encoding,cookie,user-agent

Cache-control:max-age=3, Must-revalidate

Content-encoding:bzip2

content-length:6931

Message format interpretation: The first line is often referred to as the message "Start line", and the contents of the following label format are called

Header field, each header field consists of a name and value (value) separated by commas.

In addition, the response message usually has a body of information called body, which responds to the content of the client.

8. Status Code:

1XX: Pure Information

2XX: Information on "Success" Class (200, 201, 202)

3XX: Redirect class information (301, 302, 304)

4XX: Client error class information (404)

5XX: Server-side Error class information

The main operation of the 9.WEB server

9.1. Establish a connection-accept or reject client connection requests;

9.2. Receive requests-read HTTP request messages over the network;

9.3. Process the request--parse the request message and make the corresponding action;

9.4. Access to resources-access to the relevant resources in the request message;

9.5. Build response-Generate HTTP response messages using the correct header;

9.6. Send response-sends the generated response message to the client;

9.7. Logging-When the completed HTTP transaction is logged into the log file;

How the 10.WEB server handles the schema of concurrent connection requests

10.1. Single Thread Web server (single-threaded Web servers)

In this way, the Web server processes one request at a time, and then reads and processes the next request at the end. During a request processing, all other requests are ignored, so serious concurrency problems can occur in scenarios where there are more concurrent requests.

10.2. Multi-process/multi-threaded Web server

In this architectural approach, the Web server generates multiple processes or threads that process multiple user requests in parallel, and processes or threads can be generated on demand or in advance. There are Web server applications that generate a single process or thread for each user request, but when the number of concurrent requests reaches tens of thousands, multiple concurrently running processes or threads consume a large amount of system resources.

10.3.I/O Multiplexing Web server

In order to be able to support more concurrent user requests, more and more Web servers are using multiple reuse architectures-synchronous monitoring of the active state of all connection requests, a series of specific actions for a connection when the state of a link changes (such as the data is ready or an error occurs), and after the operation is complete, This connection will be reset back to the transient stable state and returned to the list of open connections until the next status change. Because of its multiplexing nature, processes or threads are not occupied by idle connections, and thus provide an efficient mode of operation.

10.4. multiplexed multi-threaded Web server

A Web server architecture that combines multi-process and multiplexed functionality to avoid having a process serve too many user requests and take advantage of the computing power provided by multi-CPU hosts.

The Web Proxy server works between the Web client and the Web server, and it is responsible for receiving HTTP requests from the client and forwarding them to the corresponding service, and then receiving the response from the service side and echoing the response message back to the client.

11.HTTPD Service: Follow-up to httpd maintenance, that is, a patch, called a patchy Server, called Apache

So httpd belongs to Apache a service, but now people say Apache is considered httpd service

Apache Official website: www.apache.org

HTTPD website: http://httpd.apache.org

12.HTTPD Features: Create a process in advance

Maintenance of appropriate processes on demand

Module block design, the core is relatively small, various functions are added module (including PHP)

Support Run configuration, support individual compile module

Support multiple ways of virtual host configuration

13. Virtual Hosting:

IP-based virtual host; Format: ip1:80 ip2:80, IP is different, but the port is the same

Port-based virtual host; Format: ip:80 ip:8080, IP same, but Port not the same

Domain-based virtual host; format: *:80, IP same, but servername different

Support for HTTPS protocol (MOD_SSL)

Support user authentication

Support for IP-or host-name-based ACLs

Support for per-Directory access control

Support for URL rewriting

14.HTTPD Related file path:

/USR/SBIN/HTTPD (Mpm:prefork)

Httpd:root, root (main process belongs to the main group)

Httpd:apche, Apache (working process belongs to the main group)

/ETC/RC.D/INIT.D/HTTPD script File

/ETC/HTTPD: Working root directory, equivalent to program installation directory

/ETC/HTTPD/CONF: Configuration file directory

/etc/httpd/httpd.conf: Master configuration file

/etc/httpd/conf.d/*.conf such files will be httd.conf included and called

/etc/httpd/modules: Module Catalog

/etc/httpd/logs-/var/log/httpd: Log directory

There are two types of log files: Access log access_log, error log: Err_log

/var/www/html Client Access Server Page storage path

/var/www/cgi-bin Dynamic Web page path

Cgi:common Gateway Interface Universal Gateways Portal

FastCGI

Port: (80/tcp), (SSL:443/TCP)

15.httpd.conf configuration file explanation :

Format: directive value #指令 values

instruction does not distinguish between character case

Value is case-sensitive

15.1.mpm:multi Path Modules, called multi-processing module

MPM_WINNT: Windows-based

Prefork (a request with a process response, large concurrency environment consumes more resources)

Worker (one request responds with one thread, starts multiple processes, each process generates multiple threads))

Event (a process that processes multiple requests, based on events)

The URL path is relative to DocumentRoot.

15.2.Options:

None: No options are supported

Indexes: Allow index directory

Followsynlinks: Allow access to the original file that the symbolic link points to

Includes: Allow service-side inclusion (SSI) to be performed

EXECCGI: Allow CGI scripts to run

All: Support all options

15.3.Order: Used to define host-based access capabilities (IP or network address or host-defined access control mechanism)

Order Allow,deny

Allow from all

Example: Deny 172.16.1.0/24 subnet segment access to Apache server

Order Deny,allow

Deny from 172.16.0.0/24

15.4.AllowOverride authconfig: Access Apache server based on user or group authentication

Example: User-based authentication

AuthType Basic

AuthName "hint string can be arbitrary"

AUTHUSERFILE/ETC/HTTPD/CONF/HTPASSWD #自定义用户名密码文件路径及名字

Require User Username #仅允许指定用户名访问服务器

#Require valid-user #允许/etc/httpd/conf/htpasswd all user access servers

Example: Group-based authentication

AuthType Basic

AuthName "hint string can be arbitrary"

AUTHUSERFILE/ETC/HTTPD/CONF/HTPASSWD #自定义用户名密码文件路径及名字

Authgroupfile/etc/httpd/conf/group #自定义用户组路径及名字

Require Group name #允许指定组内所有用户访问服务器

15.5.htpasswd Command : Create a httpd user authentication command

-C: Create a file that holds the user's password

-M: Password MD5 one-way encryption

-D: Delete the specified user

For example: Create a password file for the first time and add Willow users:

Htpasswd-c-m/etc/httpd/conf/htpasswd Willow

For example: Once the password file has been created, add the user:

Htpasswd-m/etc/httpd/conf/htpasswd User1

For example: Delete user1 User:

htpasswd-d/etc/httpd/conf/htpasswd User1

15.6.Alias: Path alias:

Alias/url "Local_path"

15.7. Virtual Host: httpd.conf configuration file is divided into central host and virtual host configuration,

Neither of these hosts can be used at the same time, which means that only one of them

To cancel the central host method: Note The documentroot of the center host, add the # number to the front

Open the virtual host method: The default is to shut down the virtual host,Namevirtualhost *:80, the front # can be deleted

Example: Provide two domain-based virtual hosts:

a.www1.willow.com, page file directory is/VAR/WWW/HTML/WWW1;

Only allow authenticated users such as Willow and Tom to access the server

The error log is/var/log/httpd/www1.err,

Access log is/var/log/httpd/www1.access;

b.www2.willow.com, page file directory is/var/www/html/www2;

Deny 1.1.1.144 this host to access this server

The error log is/var/log/httpd/www2.err,

Access log is/var/log/httpd/www2.access;

C. Two virtual hosts set up their own homepage file index.html, respectively, their corresponding hostname;

The configuration is as follows:

Namevirtualhost *:80

<virtualhost *:80>

DocumentRoot "/VAR/WWW/HTML/WWW1"

ServerName www1.willow.com

Errorlog/var/log/httpd/www1.err

Customlog/var/log/httpd/www1.access combined

<directory "/VAR/WWW/HTML/WWW1" >

Options None

AllowOverride authconfig

AuthType Basic

AuthName "Willow1.com"

AuthUserFile "/ETC/HTTPD/CONF/HTPASSWD"

Require Valid-user

</Directory>

</VirtualHost>

<virtualhost *:80>

DocumentRoot "/VAR/WWW/HTML/WWW2"

ServerName www2.willow.com

Errorlog/var/log/httpd/www2.err

Customlog/var/log/httpd/www2.access combined

<directory "/VAR/WWW/HTML/WWW2" >

Options None

allowoverride None

Order Deny,allow

Deny from 1.1.1.144

</Directory>

</VirtualHost>

Note: 1. If you start the virtual host function, you must comment out the central host DocumentRoot

2. The WWW1 and WWW2 directories under the corresponding directory are to be created manually, index.html are also created manually

3.HTPASSWD command to create authenticated users and files, if you do not understand please look up this command in detail

16.HTTPS Service Configuration

HTTPS based on 443-port encrypted access

Yum Install-y mod_ssl

Vim/etc/httpd/conf.d/ssl.conf, mainly modifies the following items:

<virtualhost _default_:443> #可修成指定IP的443端口

DocumentRoot "/var/www/html/www"

ServerName www.willow.com

SSLCERTIFICATEFILE/ETC/HTTPD/SSL/HTTP.CRT #证书路径

Sslcertificatekeyfile/etc/httpd/ssl/http.key #私钥路径

</VirtualHost>

Note: If you do not understand the production and application of the certificate, please check my previous blog

This article is from the "Xavier Willow" blog, please be sure to keep this source http://willow.blog.51cto.com/6574604/1775718

Linux under httpd Service noun explanation and HTTP and HTTPS server Setup