httpd

http協議：

http事務：
   請求：request
   響應：response

報文語法格式：

request報文

<method> <request-URL> <version>
    <headers>

<entity-body>

response報文

<version> <status> <reason-phrase 原因短語>
<headers>
<entity-body>

method: 請求方法，標明客戶端希望服務器對資源執行的動作
    GET、HEAD、POST

method(方法)：

     GET：從服務器獲取一個資源；
     HEAD：只從服務器獲取文檔的響應首部；
     POST：向服務器發送要處理的數據；
     PUT：將請求的主體部分存儲在服務器上；
     DELETE：請求刪除服務器上指定的文檔；
     TRACE：追蹤請求到達服務器中間經過的代理服務器；
    OPTIONS：請求服務器返回對指定資源支持使用的請求方法；

version:

    HTTP/<major>.<minor>

status:

三位數字，如200，301, 302, 404, 502; 標記請求處理過程中發生的情況；

status(狀態碼)：
            1xx：100-101, 信息提示；
            2xx：200-206, 成功
            3xx：300-305, 重定向
            4xx：400-415, 錯誤類信息，客戶端錯誤
            5xx：500-505, 錯誤類信息，服務器端錯誤

常用的狀態碼：
        200： 成功，請求的所有數據通過響應報文的entity-body部分發送；OK
        301： 請求的URL指向的資源已經被刪除；但在響應報文中通過首部Location指明了資源現在所處的新位置；Moved Permanently
        302： 與301相似，但在響應報文中通過Location指明資源現在所處臨時新位置; Found
        304： 客戶端發出了條件式請求，但服務器上的資源未曾發生改變，則通過響應此響應狀態碼通知客戶端；Not Modified
        401： 需要輸入賬號和密碼認證方能訪問資源；Unauthorized
        403： 請求被禁止；Forbidden
        404： 服務器無法找到客戶端請求的資源；Not Found
        500： 服務器內部錯誤；Internal Server Error
        502： 代理服務器從后端服務器收到了一條偽響應；Bad Gateway

reason-phrase：

狀態碼所標記的狀態的簡要描述；

headers：

格式：
    name：Value

每個請求或響應報文可包含任意個首部；每個首部都有首部名稱，后面跟一個冒號，而后跟上一個可選空格，接著是一個值；

entity-body：

請求時附加的數據或響應時附加的數據；

協議查看或分析的工具：

    tcpdump, tshark, wireshark

首部分類：

通用首部、請求首部、響應首部、實體首部、擴展首部

通用首部：

Connection: {close|keep-alive}
Date：報文創建的日期時間
Via：經由那里跳轉而來的！ （一般在響應報文中添加，主要是告訴，是經過多少個中間節點而來的）
Cache-Control：緩存控制；
Pragma：為了兼容1.0的緩存

請求首部：

Host：指明請求的主機
Referer：跳轉至當前頁面的上級資源； （從哪個連接跳轉過來的）
User-Agent：用戶代理；服務器端在相應報文時有可能會壓縮以后再響應，并非所有的瀏覽器都支持一些高級功能，于是就要根據客戶端瀏覽器類型來決定瀏覽器的生成！
Client-IP：

Accept：可接收的MIME類型；
Accept-Language：
Accept-Encoding：gzip, defalte, 
Accept-Charset：字符集格式
        ...


條件式請求首部：

    Except：
    If-Modified-Since：自從某個時間之后是否發生修改
    If-Unmodified-Since：是否未曾發生過修改
    If-None-Match ：與某個擴展是否不匹配
    If-Match
        用來做緩存同步測試的

安全相關的請求首部：

    Authorization：請求授權
    Cookie:追蹤用戶行為用 
    Cookie2:

響應首部：

安全相關的首部：
    WWW-Authenticate：認證質詢
    Set-Cookie:
    Set-Cookie2:            

    信息性首部：
    Server：

協商類首部：

    Accept-Range：服務器端可接受的請求類型范圍
    Vary：其它首部列表

實體首部：

Content-Encoding  內容編碼
Content-Language    內容的語言
Content-Lenth    內容長度    
Content-Location    位置
Content-Type     媒體類型
...

Allow：允許使用的請求方法；
Location： 真正的資源位置所在的地址

緩存相關：
    Etag：擴展標簽
    Last-Modified：最近一次的修改
    Expires：    過期時間

擴展首部：

X-Forwarded-For 從哪里過來的用來追蹤用戶的訪問
    ……

完整格式：

url：Uniform Resource Locator 
    scheme://host:port/path

scheme://[<user>[:<password>]@<host>[:<port>]/    <path>;<params>?<query>#frag

    params：參數， ;param1=value1&param2=value2
    query：查詢字符串， ?field1=value1&field2=value2
    frag：#號引導的頁面錨定，#frag_id, 例如#ch1

《http權威指南》前4章

httpd-2.4基本配置：

curl命令

    curl是基于URL語法在命令行方式下工作的文件傳輸工具，
    它支持FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE及LDAP等協議。curl支持HTTPS認證，
    并且支持HTTP的POST、PUT等方法，FTP上傳， kerberos認證，HTTP上傳，代理服務器， cookies， 用戶名/密碼認證，
     下載文件斷點續傳，上載文件斷點續傳, http代理服務器管道（ proxy tunneling）， 甚至它還支持IPv6， socks5代理服務器,
     通過http代理服務器上傳文件到FTP服務器等等，功能十分強大。

curl  [options]  [URL…]

curl的常用選項：

        -A/--user-agent <string> 設置用戶代理發送給服務器；偽裝自己的瀏覽器類型

        --basic 使用HTTP基本認證

        -e/--referer <URL> 來源網址

        --cacert <file> CA證書 (SSL)

        --compressed 要求返回是壓縮的格式

        -H/--header <line>自定義首部信息傳遞給服務器

        -I/--head 只顯示響應報文首部信息

        --limit-rate <rate> 設置傳輸速度

        -u/--user <user[:password]>設置服務器的用戶和密碼

        -0/--http1.0 使用HTTP 1.0    

        -X, --request <command>：自定義請求方法默認是GET方法

另一個工具：elinks

elinks  [OPTION]... [URL]...
    -dump: 不進入交互式模式，而直接將URL的內容輸出至標準輸出；

15、使用mod_deflate模塊壓縮頁面優化傳輸速度

適用場景：
   (1) 節約帶寬，額外消耗CPU；同時，可能有些較老瀏覽器不支持；
   (2) 壓縮適于壓縮的資源，例如文件文件；

可以用 curl –compressed  -I 網址  來獲取某個文件的首部信息的壓縮信息

    SetOutputFilter DEFLATE #---(過濾選項)

    # mod_deflate configuration  （過濾的內容）

    # Restrict compression to these MIME types
    AddOutputFilterByType DEFLATE text/plain 
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/css

    # Level of compression (Highest 9 - Lowest 1)  定義壓縮比
    DeflateCompressionLevel 9

    # Netscape 4.x has some problems. 一下是對單個類型的瀏覽器的壓縮選項作出調整
    BrowserMatch ^Mozilla/4  gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    BrowserMatch  ^Mozilla/4\.0[678]  no-gzip

    # MSIE masquerades as Netscape, but it is fine
    BrowserMatch \bMSI[E]  !no-gzip !gzip-only-text/html

16、https,  http over ssl

    OpenSSL: （單ip只能有一個站點能用ssl）                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          
        libcrpyto, libssl (ssl/tls)， openssl

    PKI: 
        CA, 

    SSL會話的簡化過程
        (1) 客戶端發送可供選擇的加密方式，并向服務器請求證書；
        (2) 服務器端發送證書以及選定的加密方式給客戶端；
        (3) 客戶端取得證書并進行證書驗正：
                如果信任給其發證書的CA：
                (a) 驗正證書來源的合法性；用CA的公鑰解密證書上數字簽名；
                (b) 驗正證書的內容的合法性：完整性驗正
                (c) 檢查證書的有效期限；
                (d) 檢查證書是否被吊銷；
                (e) 證書中擁有者的名字，與訪問的目標主機要一致；
        (4) 客戶端生成臨時會話密鑰（對稱密鑰），并使用服務器端的公鑰加密此數據發送給服務器，完成密鑰交換；
        (5) 服務用此密鑰加密用戶請求的資源，響應給客戶端；

        注意：SSL會話是基于IP地址創建；所以單IP的主機上，僅可以使用一個https虛擬主機；

    回顧幾個術語：PKI，CA，CRL，X.509 (v1, v2, v3)

    配置httpd支持https：
        (1) 為服務器申請數字證書；
            測試：通過私建CA發證書
                (a) 創建私有CA
                (b) 在服務器創建證書簽署請求
                (c) CA簽證

        (2) 配置httpd支持使用ssl，及使用的證書；
            # yum -y install mod_ssl

            配置文件：/etc/httpd/conf.d/ssl.conf
                DocumentRoot
                ServerName
                SSLCertificateFile
                SSLCertificateKeyFile

        (3) 測試基于https訪問相應的主機；
            # openssl  s_client  [-connect host:port] [-cert filename] [-CApath directory] [-CAfile filename]

17、httpd自帶的應用程序

htpasswd：basic認證基于文件實現，用于生成賬號和密碼的程序；
        htdbm
        htdigest
apachectl：httpd自帶的服務控制腳本，支持start和stop等子命令；
    apxs：- APache eXtenSion tool
        為httpd增添模塊的；

rotatelogs：滾動日志
        access_log, 
        access_log, access_log.1, ...

    ab： - Apache HTTP server benchmarking tool
        webbench, httpload, ...

        loadrunner, jmeter (ASF)

        tcpcopy，

18、ab – web service的壓力測試工具

ab [OPTIONS]  [http[s]://]hostname[:port]/path
            請求數：[ -n requests ]
            并發數：[ -c concurrency ]
            長連接：[ -k ]

httpd-2.2與httpd-2.4的不同之處：

MPM：

• prefork：進程模型，兩級結構，master/worker, 每worker處理一個請求；

• worker：線程模型，三級結構，master/worker/thread，每thread處理一個請求；

• event：事件驅動的線程模型，兩級結構，master/worker，每worker響應多個請求；

httpd-2.2的MPM模塊為static模塊，而非shared模塊；

/etc/sysconfig/httpd
HTTPD=/usr/sbin/{httpd|httpd.worker|httpd.event}

            <IfModule prefork.c>
            StartServers       8
            MinSpareServers    5
            MaxSpareServers   20
            ServerLimit      256
            MaxClients       256
            MaxRequestsPerChild  4000
            </IfModule>            

            <IfModule worker.c>
            StartServers         4
            MaxClients         300
            MinSpareThreads     25
            MaxSpareThreads     75 
            ThreadsPerChild     25
            MaxRequestsPerChild  0
            </IfModule>

    基于IP的訪問控制機制：
        httpd-2.4:
            require ip, require not ip, require host, require not host

        httpd-2.2：
            allow from, deny from

            order allow,deny, order deny,allow

    基于主機名的虛擬主機：
        httpd-2.2：須使用NameVirtualHost；
        httpd-2.4：無須使用；

    各映射的本地文件系統路徑內的資源：
        httpd-2.4：須做顯式授權
        httpd-2.2：無須顯式授權