net25-第12周作業

1、請描述一次完整的http請求處理過程；

– （1）客戶端發送http請求
– （2）服務端建立或處理連接，接受請求或拒絕請求
– （3）接受請求：接受客戶端對服務器某一資源的請求
– （4）處理請求：對請求報文進行解析，獲取客戶端請求的資源及請求方法等相關信息
– （5）訪問資源：獲取請求報文中請求的資源
– （6）構建響應報文
– （7）發送響應報文
– （8）記錄日志

2、httpd所支持的處理模型有哪些，他們的分別使用于哪些環境。

– prefork: 多進程模型，一個進程處理一個請求，會由一個主進程預先生成幾個進程來隨時響應，進程響應相對于較耗資源，所以并不適合大并發的請求處理，各個進程的故障并不互相影響，這應該最穩定的處理模型。
– worker: 多進程多線程模型，線程處理請求，會由一個主進程生成幾個進程，進程生成線程來處理并發請求，同個進程里可以共享資源，所以整體來說worker模型比prefork的資源消耗少，但是都在一個進程的線程處理請求，線程的故障會影響整個進程，所以并不是很穩定。
– event: 事件驅動模型，是基于事件驅動的進程來工作的，一個進程可以響應多個請求，也是預先生成多個進程，但是采用專用的進程來監聽套接字保持連接，因為監聽套接字和保持TCP連接所需要的資源極小一個進程就可以處理大量的這種請求。

3、源碼編譯安裝LAMP環境（基于wordpress程序），并寫出詳細的安裝、配置、測試過程。

安裝環境Centos 6
1、httpd-2.4
編譯安裝步驟：
        （1）apr-1.4+
            ./configure –prefix=/usr/local/apr
            make && make install
        （2）apr-util-1.4+
            ./configure –prefix=/usr/local/apr-util
            make && make install
        （3）httpd-2.4
            ./configure
            –prefix=/usr/local/httpd2.4
            –sysconfig=/etc/httpd24  
            –enable-so                          
            –enable-ssl                         
            –enable-cgi                          
            –enable-rewrite                      
            –with-zlib                           
            –with-pcre                           
            –with-apr=/usr/local/apr 
            –with-apr-util=/usr/local/apr-util/
            –enable-modules=most               
            –enable-mpms-shared=all              
            –with-mpm=prefork                     
            make && make install
            
2、mariadb-10.1.22
        (1) cmake-2.8.8
        ./configure && make && make install
        (2) mariadb
        cmake . -LH  預編譯下
        cmake .
        -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
        -DMYSQL_DATADIR=/data/mysql \
        -DSYSCONFIGDIR=/etc \
        -DWITH_INNOBASE_STORAGE_ENGINE=1 \
        -DWITH_ARCHIVE_STORAGE_ENGINE=1 \
        -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
        -DWITH_READLINE=1 \
        -DWITH_SSL=system \
        -DWITH_ZLIB=system \
        -DWITH_LIBWRAP=0 \
        -DMYSQL_UNIX_ADDR=/tmp/mysql.sock \
        -DDEFAULT_CHARSET=utf8 \
        -DDEFAULT_COLLATION=utf8_general_ci
        
        make && make install
        
        初始化數據
        ./mysql_db_install –basedir=/usr/local/mysql –datadir=/data/mysql –user=mysql
        
        加載庫和頭文件
        vim /etc/ld.so.conf.d/mariadb.conf
        /usr/local/mariadb
        
        ln -s /usr/local/mariadb/include /usr/include/mysql
3、php-7.1.3
        ./configure –prefix=/usr/local/php \
        –sysconfdir=/usr/local/php/etc \
        –with-curl \
        –with-freetype-dir \
        –with-gd \
        –with-gettext \
        –with-iconv-dir \
        –with-kerberos \
        –with-libdir=lib64 \
        –with-libxml-dir \
        –with-mysqli \
        –with-openssl \
        –with-pcre-regex \
        –with-pdo-mysql=/usr/local/mariadb \
        –with-pdo-sqlite \
        –with-pear \
        –with-png-dir \
        –with-xmlrpc \
        –with-xsl \
        –with-zlib \
        –with-apxs2=/usr/local/http2.4/bin/apxs \
        –enable-bcmath \
        –enable-libxml \
        –enable-inline-optimization \
        –enable-gd-native-ttf \
        –enable-mbregex \
        –enable-mbstring \
        –enable-opcache \
        –enable-pcntl \
        –enable-shmop \
        –enable-soap \
        –enable-sockets \
        –enable-sysvsem \
        –enable-xml \
        –enable-zip
        
        make && make install
    

配置httpd.conf

加載模塊 LoadModule php7_module        modules/libphp7.so

添加MIME AddType application/x-httpd-php  .php
               AddType application/x-httpd-php-source  .phps

               DirectoryIndex  index.php  index.html

配置虛擬主機

               打開 # Virtual hosts
                       Include conf/extra/httpd-vhosts.conf

<VirtualHost *:80>
    DocumentRoot “/www”
    ServerName www.jusene.com
    DirectoryIndex  index.php
    ErrorLog “logs/dummy-host.example.com-error_log”
    CustomLog “logs/dummy-host.example.com-access_log” common
    <Directory ‘/www’>
    Options None
    AllowOverride None
    RequireAll all granted
    </Directory>
</VirtualHost>

測試php：

vim /www/index.php

<?php

    phpinfo();

?>

測試mysql

<?

$con=mysqli_connect(‘127.0.0.1′,’bbs’,’bbs’);

if($con){

print ‘ok’;

}

else {

print ‘fail’;

}

?>

下載wordpress的安裝包，將它解壓到/www上我們就可以按照步驟安裝wordpress了。

4、建立httpd服務器(基于編譯的方式進行)，要求：

提供兩個基于名稱的虛擬主機:

– (a)www1.stuX.com，頁面文件目錄為/web/vhosts/www1；錯誤日志為/var/log/httpd/www1.err，訪問日志為/var/log/httpd/www1.access；
– (b)www2.stuX.com，頁面文件目錄為/web/vhosts/www2；錯誤日志為/var/log/httpd/www2.err，訪問日志為/var/log/httpd/www2.access；
– (c)為兩個虛擬主機建立各自的主頁文件index.html，內容分別為其對應的主機名；
– (d)通過www1.stuX.com/server-status輸出httpd工作狀態相關信息，且只允許提供帳號密碼才能訪問(status:status)；

<VirtualHost *:80>
    DocumentRoot “/web/vhosts/www1”
    ServerName www1.stuX.com
    ErrorLog “/var/log/httpd/www1.err”
    CustomLog “/var/log/httpd/www1.access” common
    <Directory ‘/web/vhosts/www1’>
    Options None
    AllowOverride None
    RequireAll all granted
    </Directory>
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot “/www/vhosts/www2”
    ServerName www2.stuX.com
    ErrorLog “/var/log/httpd/www2.err”
    CustomLog “/var/log/httpd/www2.access” common
    <Directory ‘/www/vhosts/www2’>
    Options None
    AllowOverride None
    RequireAll all granted
    </Directory>
</VirtualHost>

加載模塊 
LoadModule status_module modules/mod_status.so      <Location /server-status> 
SetHandler server-status
AuthType Basic
AuthName "status page"
AuthUserFile "/usr/local/httpd2.4/conf/.htpasswd"
Require valid-user
</Location>

5、為第4題中的第2個虛擬主機提供https服務，使得用戶可以通過https安全的訪問此web站點；
 
–  (1)要求使用證書認證，證書中要求使用的國家(CN)、州(HA)、城市(ZZ)和組織(MageEdu)；
–  (2)設置部門為Ops，主機名為www2.stuX.com，郵件為admin@stuX.com；

私有ca也建在同一臺主機：

[root@node2 ssl]# (umask 077;openssl genrsa -out httpd.key 2048)
Generating RSA private key, 2048 bit long modulus
………………………………+++
.+++
e is 65537 (0x10001)
[root@node2 ssl]# ls
httpd.key
[root@node2 ssl]# openssl req -new -key httpd.key -out httpd.csr -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [Default Company Ltd]:MageEdu
Organizational Unit Name (eg, section) []:Ops
Common Name (eg, your name or your server’s hostname) []:www2.stuX.com
Email Address []:admin@stuX.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:            
[root@node2 ssl]# openssl ca -in httpd.csr -out httpd.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Feb 26 18:53:32 2017 GMT
            Not After : Feb 26 18:53:32 2018 GMT
        Subject:
            countryName               = CN
            stateOrProvinceName       = HA
            organizationName          = MageEdu
            organizationalUnitName    = Ops
            commonName                = www2.stuX.com
            emailAddress              = admin@stuX.com
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Comment:
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
                FC:CA:DE:D8:79:17:B3:12:16:50:FD:27:B2:76:7F:84:AE:F6:8F:65
            X509v3 Authority Key Identifier:
                keyid:FD:CD:68:2D:2C:BF:71:2E:C7:91:AB:6F:60:20:29:65:2A:6F:82:88

Certificate is to be certified until Feb 26 18:53:32 2018 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@node2 ssl]# ls
httpd.crt  httpd.csr  httpd.key
[root@node2 ssl]#

加載配置

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

修改配置

DocumentRoot
ServerName
SSLCertificateFile
SSLCertificateKeyFile

6、在LAMP架構中，請分別以php編譯成httpd模塊形式和php以fpm工作為獨立守護進程的方式來支持httpd，列出詳細的過程。”

上面的編譯為將php編譯成httpd模塊來實現的。結下來我們將它編譯稱fastcgi的方式來進行實現。

php-7.1.3
        ./configure –prefix=/usr/local/php \
        –sysconfdir=/usr/local/php/etc \
        –with-curl \
        –with-freetype-dir \
        –with-gd \
        –with-gettext \
        –with-iconv-dir \
        –with-kerberos \
        –with-libdir=lib64 \
        –with-libxml-dir \
        –with-mysqli \
        –with-openssl \
        –with-pcre-regex \
        –with-pdo-mysql=/usr/local/mariadb \
        –with-pdo-sqlite \
        –with-pear \
        –with-png-dir \
        –with-xmlrpc \
        –with-xsl \
        –with-zlib \
        –enable-fpm \
        –enable-bcmath \
        –enable-libxml \
        –enable-inline-optimization \
        –enable-gd-native-ttf \
        –enable-mbregex \
        –enable-mbstring \
        –enable-opcache \
        –enable-pcntl \
        –enable-shmop \
        –enable-soap \
        –enable-sockets \
        –enable-sysvsem \
        –enable-xml \
        –enable-zip
        
        make && make install

vim /etc/httpd.conf