Http协议

于 2024-10-14 17:32:25 发布
阅读量818 收藏 5
点赞数 13
CC 4.0 BY-SA版权
文章标签: http 网络协议 linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Menimeky/article/details/142920663

一次完整的http请求处理过程

1、建立连接:
        接收或拒绝连接请求

2、接收请求:
        接收客户端请求报文中对某资源的一次请求的过程
     
     Web访问响应模型( Web I/O)
        单进程I/O模型: 
            启动一个进程处理用户请求,而且一次只处理一个,多个请求被串行响应
            
        多进程I/O模型: 
            并行启动多个进程,每个进程响应一个连接请求
        
        复用I/O结构:
            启动一个进程,同时响应N个连接请求
        
        复用的多进程I/O模型:
            启动M个进程,每个进程响应N个连接请求,同时接收M*N个请求
        
3、处理请求:
        服务器对请求报文进行解析,并获取请求的资源及请求方法等相关信息,根据方法,资源,首部和可选的主体部分对请求进行处理
                                                      
        元数据:请求报文首部                                  
        <method> <URL> <VERSION>                    
        HEADERS 格式 name:value                       
        <request body>                              
        示例:                                         
        Host: www.xxx.com 请求的主机名称                
        Server: Apache/2.4.7                        
        
        HTTP常用请求Method: 
            GET、POST、HEAD、PUT、DELETE、TRACE、OPTIONS
        
4、访问资源:
        服务器获取请求报文中请求的资源web服务器,即存放了web资源的服务器,
        负责向请求者提供对方请求的静态资源,或动态运行后生成的资源
        
        资源放置于本地文件系统特定的路径: DocRoot
        DocRoot  /var/www/html
        /var/www/html/images/logo.jpg
        http://www.xxx.com/images/logo.jpg
        web服务器资源路径映射方式:
        (a) docroot
        (b) alias
        (c) 虚拟主机docroot
        (d) 用户家目录docroot

5、构建响应报文
        一旦Web服务器识别除了资源,就执行请求方法中描述的动作,并返回响应
        报文。响应报文中 包含有响应状态码、响应首部,如果生成了响应主体的话,还包
        括响应主体
        
        1)响应实体:
        如果事务处理产生了响应主体,就将内容放在响应报文中回送过去。
        
        响应报文中通常包括:
        描述了响应主体MIME类型的Content-Type首部
        
        描述了响应主体长度的Content-Length
        
        实际报文的主体内容
        
        2) URL重定向: web服务构建的响应并非客户端请求的资源,而是资源另外一
        个访问路径
        永久重定向: http://www.360buy.com
        临时重定向: http://www.taobao.com
        
        3) MIME类型:
        Web服务器要负责确定响应主体的MIME类型。多种配置服务器的方法可将MIME类型与资源管理起来
        
        魔法分类: Apache web服务器可以扫描每个资源的内容,并将其与一个已知模
        式表(被称为魔法文件)进行匹配,以决定每个文件的MIME类型。这样做可能比较
        慢,但很方便,尤其是文件没有标准扩展名时
        
        显式分类:可以对Web服务器进行配置,使其不考虑文件的扩展名或内容,强
        制特定文件或目录内容拥有某个MIME类型
        
        类型协商: 有些Web服务器经过配置,可以以多种文档格式来存储资源。在这
        种情况下,可以配置Web服务器,使其可以通过与用户的协商来决定使用哪种格
        式(及相关的MIME类型)"最好"
        
6、发送响应报文

        Web服务器通过连接发送数据时也会面临与接收数据一样的问题。服务器
        可能有很多条到各个客户端的连接, 有些是空闲的,有些在向服务器发送数据,还
        有一些在向客户端回送响应数据。服务器要记录连接的状态,还要特别注意对持久
        连接的处理。对非持久连接而言,服务器应该在发送了整条报文之后,关闭自己这
        一端的连接。对持久连接来说,连接可能仍保持打开状态,在这种情况下, 服务器
        要正确地计算Content-Length首部,不然客户端就无法知道响应什么时候结束了

7、日志记录

        最后,当事务结束时, Web服务器会在日志文件中添加一个条目,来描述
    已执行的事务         

MPM工作模式

  1.    prefork:多进程I/O模型,每个进程响应一个请求,默认模型          
    1. 一个主进程:生成和回收n个子进程,创建套接字,不响应请求
    2. 多个子进程:工作work进程,每个子进程处理一个请求;系统初始时,预先生
      成多个空闲进程,等待请求,最大不超过1024个   
  2. worker:复用的多进程I/O模型,多进程多线程, IIS使用此模型
    1.  一个主进程:生成m个子进程,每个子进程负责生成n个线程,每个线程响应一
      个请求,并发响应请求: m*n  
  3. event:事件驱动模型( worker模型的变种)
    1. 一个主进程:生成m个子进程,每个子进程负责生个n个线程,每个线程响应一
      个请求,并发响应请求: m*n,有专门的监控线程来管理这些keep-alive类型的
      线程,当有真实请求时,将请求传递给服务线程,执行完毕后,又允许释放。这
      样增强了高并发场景下的请求处理能力

显示httpd服务相关配置

grep -v "^[ ]*#" /etc/httpd/conf/httpd.conf


1、显示服务器版本信息

ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
ServerTokens Prod[uctOnly] : Server: Apache
ServerTokens Major: Server: Apache/2
ServerTokens Minor: Server: Apache/2.0
ServerTokens Min[imal]: Server: Apache/2.0.41
ServerTokens OS: Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified): Server: Apache/2.0.41 (Unix)

PHP/4.2.2 MyMod/1.2

This setting applies to the entire server and cannot be enabled or disabled
on a virtualhost-by-virtualhost basis.

After version 2.0.44, this directive also controls the information presented
by the ServerSignature directive.


建议使用: ServerTokens Prod

查看网站返回的状态码

curl -I http://172.25.0.200

HTTP/1.1 200 OK
Date: Sun, 28 Jan 2024 14:47:45 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Sun, 28 Jan 2024 14:47:15 GMT
ETag: "16-610029aee71db"
Accept-Ranges: bytes
Content-Length: 22
Content-Type: text/html; charset=UTF-8

vim /etc/httpd/conf.d/test.conf
#添加下列语句是屏蔽具体版本,重启httpd服务
ServerTokens Prod

systemctl restart httpd
curl -I http://172.25.0.200

HTTP/1.1 200 OK
Date: Sun, 28 Jan 2024 15:10:30 GMT
Server: Apache
Last-Modified: Sun, 28 Jan 2024 14:47:15 GMT
ETag: "16-610029aee71db"
Accept-Ranges: bytes
Content-Length: 22
Content-Type: text/html; charset=UTF-8


2.修改监听的IP和Port

Listen [IP:]PORT
(1) 省略IP表示为本机所有IP
(2) Listen指令至少一个,可重复出现多次
Listen 80
Listen 8080
示例:

vim /etc/httpd/conf/httpd.conf

Listen 172.25.0.200:8080
Lsten 80

3、持久连接
Persistent Connection:连接建立,每个资源获取完成后不会断开连
接,而是继续等待其它的请求完成,默认关闭持久连接
断开条件:时间限制:以秒为单位, 默认5s, httpd-2.4 支持毫秒级
副作用:对并发访问量大的服务器,持久连接会使有些请求得不到响应
折衷:使用较短的持久连接时间
设置: KeepAlive On|Off
KeepAliveTimeout 15
测试: telnet WEB_SERVER_IP PORT
GET /URL HTTP/1.1
Host: WEB_SERVER_IP

httpd 加载模块配置文件路径 /etc/httpd/conf.modules.d
pstree -p|grep httpd  

实验:实现家目录的共享

vim /etc/httpd/conf.d/userdir.conf
<IfModule mod_userdir.c>
    #UserDir disabled
    UserDir public_html
</IfModule>

#
# Control access to UserDir directories.  The following is an example
# for a site where these directories are restricted to read-only.
#
#<Directory "/home/*/public_html">
#    AllowOverride FileInfo AuthConfig Limit Indexes
#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
#    Require method GET POST OPTIONS
#</Directory>

<directory /home/wang/public_html>
AuthType Basic
AuthName "wanghome Page"
AuthUserFile "/etc/httpd/conf.d/.httpuser"
Require valid-user
</directory>

mkdir /home/wang/public_html 
setfacl -m u:apache:x /home/wang

echo "Wanghome" > /home/wang/public_html/index.html

http://172.25.0.200/~wang/

实验:实现状态页面                 

vim /etc/httpd/conf.d/test.conf
<Location "/status">
SetHandler server-status
<requireany>
require all denied 
require ip 172.25.0.0/24
</requireany>                                                                                                                                   
</Location>

实验:基于IP的多虚拟主机

vim /etc/httpd/conf.d/test.conf

<virtualhost 172.25.0.201:80>
documentroot /data/asite
CustomLog "logs/asite_access_log" combined
<Directory "/data/asite">
    Require all granted
</Directory>
</virtualhost>

<virtualhost 172.25.0.202:80>
documentroot /data/bsite
CustomLog "logs/bsite_access_log" combined
<Directory "/data/bsite">
    Require all granted
</Directory>
</virtualhost>

<virtualhost 172.25.0.203:80>
documentroot /data/csite
CustomLog "logs/csite_access_log" combined
<Directory "/data/csite">
    Require all granted
</Directory>
</virtualhost>

vim /etc/hosts
172.25.0.201  www.a.com  
172.25.0.202  www.b.com 
172.25.0.203  www.c.com

实验:基于port的多虚拟主机

vim /etc/httpd/conf.d/test.conf

listen 81
listen 82
listen 83

<virtualhost *:81>
documentroot /data/asite
<Directory "/data/asite">
    Require all granted
</Directory>
</virtualhost>

<virtualhost *:82>
documentroot /data/bsite
<Directory "/data/bsite">
    Require all granted
</Directory>
</virtualhost>

<virtualhost *:83>
documentroot /data/csite
<Directory "/data/csite">
    Require all granted
</Directory>
</virtualhost>

vim /etc/hosts
172.25.0.200 www.a.com  www.b.com www.c.com

实验: 基于主机头的多虚拟主机

vim /etc/httpd/conf.d/test.conf

<virtualhost *:80>  
documentroot /data/asite
servername www.a.com
<Directory "/data/asite">
    Require all granted
</Directory>
</virtualhost>

<virtualhost *:80>
documentroot /data/bsite
servername www.b.com
<Directory "/data/bsite">
    Require all granted
</Directory>
</virtualhost>

<virtualhost *:80>
documentroot /data/csite
servername www.c.com
<Directory "/data/csite">
    Require all granted
</Directory>
</virtualhost>

实验:压缩

vim /etc/httpd/conf.d/test.conf	
<virtualhost *:80>
documentroot /data/csite
servername www.c.com
<Directory "/data/csite">
    Require all granted
</Directory>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
DeflateCompressionLevel 9
</virtualhost>

curl -I www.a.com/m.txt
HTTP/1.1 200 OK
Date: Mon, 19 Feb 2024 16:20:39 GMT
Server: Apache
Last-Modified: Mon, 19 Feb 2024 14:49:42 GMT
ETag: "2c00b-611bd34381c44"
Accept-Ranges: bytes
Content-Length: 180235
Vary: Accept-Encoding
Content-Type: text/plain; charset=UTF-8

curl -I --compressed www.a.com/m.txt
HTTP/1.1 200 OK
Date: Mon, 19 Feb 2024 16:27:36 GMT
Server: Apache
Last-Modified: Mon, 19 Feb 2024 14:49:42 GMT
ETag: "2c00b-611bd34381c44-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 12339
Content-Type: text/plain; charset=UTF-8

实验:实现https 安全网站

yum install mod_ssl  #安装ssl模块
systemctl restart httpd 
openssl x509 -in /etc/pki/tls/certs/localhost.crt  -noout -text  

ab -c10 -n 100 http://www.a.com/m.txt
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking www.a.com (be patient).....done


Server Software:        Apache/2.4.6
Server Hostname:        www.a.com
Server Port:            80

Document Path:          /m.txt
Document Length:        48777 bytes

Concurrency Level:      10
Time taken for tests:   0.080 seconds
Complete requests:      100
Failed requests:        0
Write errors:           0
Total transferred:      4906300 bytes
HTML transferred:       4877700 bytes
Requests per second:    1242.98 [#/sec] (mean)
Time per request:       8.045 [ms] (mean)
Time per request:       0.805 [ms] (mean, across all concurrent requests)
Transfer rate:          59554.87 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   0.9      0       4
Processing:     4    7   1.1      7      10
Waiting:        2    5   1.1      6       7
Total:          5    7   1.0      7      10
WARNING: The median and mean for the initial connection time are not within a normal deviation
        These results are probably not that reliable.

Percentage of the requests served within a certain time (ms)
  50%      7
  66%      8
  75%      8
  80%      8
  90%      9
  95%      9
  98%     10
  99%     10
 100%     10 (longest request)


ab -c10 -n 100 https://www.a.com/m.txt
This is ApacheBench, Version 2.3 <$Revision: 1430300 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking www.a.com (be patient).....done


Server Software:        Apache/2.4.6
Server Hostname:        www.a.com
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,2048,256

Document Path:          /m.txt
Document Length:        48777 bytes

Concurrency Level:      10
Time taken for tests:   0.298 seconds
Complete requests:      100
Failed requests:        0
Write errors:           0
Total transferred:      4906300 bytes
HTML transferred:       4877700 bytes
Requests per second:    335.72 [#/sec] (mean)
Time per request:       29.787 [ms] (mean)
Time per request:       2.979 [ms] (mean, across all concurrent requests)
Transfer rate:          16085.23 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        5   22   6.2     23      38
Processing:     1    5   3.1      4      15
Waiting:        0    3   2.7      2      13
Total:         13   27   6.9     29      40

Percentage of the requests served within a certain time (ms)
  50%     29
  66%     31
  75%     33
  80%     34
  90%     35
  95%     38
  98%     40
  99%     40
 100%     40 (longest request)

实验:利用私有CA,实现HTTPS

1 建立CA

生成CA私钥
cd /etc/pki/CA/
(umask 077;openssl genrsa -out private/cakey.pem 4096)

CA自签名根证书
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 <<EOF
CN
sichuan
chengdu
apep
devops
ca.apep.com
admin@apep.com
EOF

touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial

#2 申请证书
mkdir /etc/httpd/conf.d/ssl
cd /etc/httpd/conf.d/ssl
生成私钥
(umask 066;openssl genrsa -out httpd.key 1024 )
通过私钥生成证书申请文件
openssl req -new -key httpd.key  -out httpd.csr 
cp /etc/httpd/conf.d/ssl/httpd.csr  CAServer:/etc/pki/CA

3 颁发证书

通过申请文件生成证书
openssl ca -in /etc/pki/CA/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 100

拷贝http证书和根证书
cp /etc/pki/CA/certs/httpd.crt  /etc/httpd/conf.d/ssl/
cp /etc/pki/CA/cacert.pem  /etc/httpd/conf.d/ssl

添加证书所在路径
4 vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem 

openssl s_client -connect www.apep.com:443

实验:实现http到https的重定向

vim /etc/httpd/conf/httpd.conf

DocumentRoot "/var/www/html" 
#直接在这层结构启用rewriteEngine
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=302]

[root@harbor01 ~]# curl -I http://www.apep.com
HTTP/1.1 302 Found
Date: Wed, 21 Feb 2024 06:06:14 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
Location: https://www.apep.com/
Content-Type: text/html; charset=iso-8859-1
https://httpd.apache.org/docs/2.4/install.html

下载源代码并解压缩: 
httpd-2.4.58.tar.bz2
apr-1.7.4.tar.bz2
apr-util-1.6.3.tar.bz2

1 合并源码文件
tar xvf apr-1.7.4.tar.bz2 
tar xvf apr-util-1.6.3.tar.bz2 
tar xvf httpd-2.4.58.tar.bz2 
mv  apr-1.7.0 httpd-2.4.58/srclib/apr
mv  apr-util-1.6.1 httpd-2.4.58/srclib/apr-util

2 安装相关的包
yum install gcc prce-devel openssl-devel expat-devel -y

3 编译安装
cd httpd-2.4.58/

./configure \
--prefix=/app/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork

make -j 4 && make install

4 创建专用用户
useradd -s /sbin/nologin -r apache

5 指定运行httpd的用户
vim /app/httpd24/conf/httpd
user apache
group apache

6 配置帮助
vim /etc/man_db.conf
MANDATORY_MANPATH           /app/httpd24/man

7 环境变量
echo 'PATH=/app/httpd24/bin:$PATH' > /etc/profile.d/httpd24.sh


8 创建service unit文件(CentOS 7 以上版本)

vim /usr/lib/systemd/system/httpd24.service
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
#EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/app/httpd24/bin/apachectl start
#ExecStart=/app/httpd24/bin/httpd $OPTIONS -k start
ExecReload=/app/httpd24/bin/apachectl graceful
#ExecReload=/app/httpd24/bin/httpd $OPTIONS -k graceful
ExecStop=/app/httpd24/bin/apachectl stop
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target

9 开机启动&启动服务
systemctl enable httpd24.service
systemctl start httpd24.service

systemctl status httpd24.service 

● httpd24.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd24.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2024-03-06 10:51:05 EST; 5min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 1098 ExecStart=/app/httpd24/bin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 1218 (httpd)
   CGroup: /system.slice/httpd24.service
           ├─1218 /app/httpd24/bin/httpd -k start
           ├─1265 /app/httpd24/bin/httpd -k start
           ├─1266 /app/httpd24/bin/httpd -k start
           ├─1267 /app/httpd24/bin/httpd -k start
           ├─1268 /app/httpd24/bin/httpd -k start
           └─1269 /app/httpd24/bin/httpd -k start

Mar 06 10:51:04 keepalived-01 systemd[1]: Starting The Apache HTTP Server...
Mar 06 10:51:05 keepalived-01 apachectl[1098]: AH00557: httpd: apr_sockaddr_info_get() failed fo...-01
Mar 06 10:51:05 keepalived-01 apachectl[1098]: AH00558: httpd: Could not reliably determine the ...age
Mar 06 10:51:05 keepalived-01 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.

实验:实现wordpress个人博客系统

两台主机,
一台A apache+php,一台B mariadb

1 A 
yum install httpd php php-mysql 
systemctl start httpd 

2 A
tar xvf wordpress-4.9.24.tar.gz -C /var/www/html/
setfacl -Rm u:apache:rwx /var/www/html/wordpress 

3 B 
yum install mariadb-server
mysql> create database wpdb;
mysql> grant all on wpdb.* to wpuser@'172.25.0.%' identified by 'centos';

4 访问http://A/wordpress网页,更具WordPress提示配置网站

实验:CentOS7编译php-xcache加速访问

php的加速器:基于PHP的特殊扩展机制如opcode缓存扩展也可以将opcode
缓存于php的共享内存中,从而可以让同一段代码的后续重复执行时跳过编译
阶段以提高性能。这些加速器并非真正提高了opcode的运行速度,而仅是通过
分析opcode后并将它们重新排列以达到快速执行的目的

 XCache
快速而且稳定的PHP opcode缓存,经过严格测试且被大量用于生产环境。项
目地址: http://xcache.lighttpd.net/,收录EPEL源

github:https://github.com/lighttpd/xcache/tree/3.2

编译安装
yum -y install php-devel

下载并解压缩xcache-3.2.0.tar.bz2

查看README和INSTALL

Installtion:

    $ phpize --clean && phpize
    $ ./configure --help
    $ CFLAGS='your cflags' ./configure --enable-xcache --enable...
    $ make
    $ su
    # make install
	(update php.ini, restart php)

Reinstall:

	$ mv config.nice conf
	$ make distclean && phpize --clean && phpize
	$ mv conf config.nice
	$ ./config.nice
	$ make
	$ su
	# make install
	(update php.ini, restart php)

Update php.ini:
	$ su
	# cat xcache.ini >> /etc/php.ini
	# $EDITOR /etc/php.ini
	
 cp xcache.ini /etc/php.d/

 systemctl restart httpd.service

对比前后Requests per second:    170 [#/sec] (mean)

ab -c10 -n 100 http://172.25.0.11/wordpress

This is ApacheBench, Version 2.3 <$Revision: 1903618 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 172.25.0.11 (be patient).....done


Server Software:        Apache/2.4.6
Server Hostname:        172.25.0.11
Server Port:            80

Document Path:          /wordpress
Document Length:        237 bytes

Concurrency Level:      10
Time taken for tests:   0.056 seconds
Complete requests:      100
Failed requests:        0
Non-2xx responses:      100
Total transferred:      47600 bytes
HTML transferred:       23700 bytes
Requests per second:    1783.14 [#/sec] (mean)
Time per request:       5.608 [ms] (mean)
Time per request:       0.561 [ms] (mean, across all concurrent requests)
Transfer rate:          828.88 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   0.8      1       3
Processing:     1    4   1.8      4       7
Waiting:        1    3   1.5      3       6
Total:          1    5   1.3      5       8

Percentage of the requests served within a certain time (ms)
  50%      5
  66%      6
  75%      6
  80%      7
  90%      7
  95%      7
  98%      8
  99%      8
 100%      8 (longest request)

实验:CentOS 7利用yum安装基于PHP-FPM模式的LAMP

安装php-fpm http
	yum -y install php-fpm httpd
	rpm -ql php-fpm

getent passwd apache


#查看Httpd mod_fcgi模块是否加载
cat  /etc/httpd/conf.modules.d/00-proxy.conf|grep fcgi
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so


 
fcgi服务配置文件: /etc/php-fpm.conf, /etc/php-fpm.d/*.conf
官方文档: http://php.net/manual/zh/install.fpm.configuration.php
连接池: pm = static|dynamic
				 static:固定数量的子进程; pm.max_children
				 dynamic:子进程数量以动态模式管理,默认值
				 pm.max_children = 50
				 pm.start_servers =5
				 pm.min_spare_servers =5
				 pm.max_spare_servers =35
				 pm.max_requests = 500 每个进程可以处理的请求数
				 
		确保运行php-fpm进程的用户对session目录有读写权限
				 mkdir /var/lib/php/session
				 chown apache.apache /var/lib/php/session

配置php-fpm配置文件
cat /etc/php-fpm.d/www.conf|grep -v "^;" 
#只贴了修改的配置行
listen.owner = apache
listen.group = apache
pm.status_path = /status
ping.response = pong


#配置httpd,添加/etc/httpd/conf.d/fcgi.conf配置文件

vim /etc/php-fpm.d/www.conf
DirectoryIndex index.php
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1

实验:基于UDS模式的php-fpm 的LAMP

二台主机
一台apache+php-fpm
一台mariadb-server

1 编译安装httpd-2.4.58
useradd -s /sbin/nologin apache 
vim /usr/lib/systemd/system/httpd24.service
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)

[Service]
Type=forking
#EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/app/httpd24/bin/apachectl start
#ExecStart=/app/httpd24/bin/httpd $OPTIONS -k start
ExecReload=/app/httpd24/bin/apachectl graceful
#ExecReload=/app/httpd24/bin/httpd $OPTIONS -k graceful
ExecStop=/app/httpd24/bin/apachectl stop
KillSignal=SIGCONT
PrivateTmp=true

[Install]
WantedBy=multi-user.target


2 修改httpd配置文件
#参看: http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html
vim /app/httpd24/conf/httpd.conf 
user apache
group apache 
LoadModule proxy_module modules/mod_proxy.so 
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
ProxyRequests Off
ProxyPassMatch "^/(.*\.php(/.*)?)$" "unix:/var/run/php5-fpm.sock|fcgi://localhost/app/httpd24/htdocs/"
#下面是启用端口模式
#ProxyPassMatch "^/.*\.php(/.*)?$" "fcgi://localhost:9000/app/httpd24/htdocs" 

3 安装php-fpm、php-mysql
yum install php-fpm php-mysql 

4 启用UDS模式
vim /etc/php-fpm.d/www.conf
;listen = 127.0.0.1:9000
listen=/var/run/php5-fpm.sock
listen.owner = apache
listen.group = apache
listen.mode = 0666

systemctl restart httpd php-fpm

实验:编译安装LAMP,实现多虚拟主机,

环境:两台主机

一个虚拟主机        blog.magedu.com

一个虚拟主机         forum.magedu.com 
一台apache+php-fpm  
一台mariadb 

软件版本:
apr-1.7.0.tar.bz2  
apr-util-1.6.1.tar.bz2
httpd-2.4.39.tar.bz2

php-7.3.7.tar.xz  
Discuz_X3.3_SC_UTF8.zip      
wordpress-5.2.2.tar.gz

mariadb-10.2.25-linux-x86_64.tar.gz

1 实现mariadb
mysql>create database wordpress;
mysql>create database discuz;
mysql>grant all on wordpress.* to wordpress@'172.25.0.%' identified by 'redhat';
mysql>grant all on discuz.* to discuz@'172.25.0.%' identified by 'redhat';


2 实现编译安装httpd
1)安装相关的包
yum install gcc prce-devel openssl-devel expat-devel -y
2)编译安装
for p in *.bz2 ;do tar xvf $p;done
mv apr-1.7.0 httpd-2.4.39/srclib/apr
mv apr-util-1.6.1 httpd-2.4.39/srclib/apr-util

useradd -r -s /sbin/nologin apache
cd httpd-2.4.39/

./configure \
--prefix=/app/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork

make -j 4 && make install

环境变量和启动
echo 'PATH=/app/httpd24/bin:$PATH' > /etc/profile.d/httpd24.sh
. /etc/profile.d/httpd24.sh


LoadModule proxy_module modules/mod_proxy.so 
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
DirectoryIndex index.php index.html   
User apache
Group apache
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
ProxyRequests Off

<virtualhost *:80>
servername blog.magedu.com
documentroot /data/wordpress
<directory /data/wordpress>
require all granted
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/wordpress/$1
</virtualhost>


<virtualhost *:80>
servername forum.magedu.com
documentroot /data/discuz
<directory /data/discuz>
require all granted
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/data/discuz/$1
</virtualhost>    

mkdir /data/{wordpress,discuz}

setfacl -Rm u:apache:rwx /data/{wordpress,discuz}


3 实现编译安装php
1) yum install libxml2-devel bzip2-devel libmcrypt-devel
2)
tar xvf php-7.3.7.tar.xz 
cd php-7.3.7/
./configure --prefix=/app/php \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-openssl \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--enable-mbstring \
--enable-xml \
--enable-sockets \
--enable-fpm \
--enable-maintainer-zts \
--disable-fileinfo


make && make install

cp php.ini-production /etc/php.ini
cp  sapi/fpm/init.d.php-fpm  /etc/init.d/php-fpm 
chmod +x /etc/init.d/php-fpm
cd /app/php/etc
cp php-fpm.conf.default php-fpm.conf
cd php-fpm.d/
cp www.conf.default www.conf
vim www.conf
user = apache
group = apache

service php-fpm start

4 /etc/hosts
blog.magedu.com forum.magedu.com


屏蔽登录失败次数超过10次的IP
lastb |awk '/ssh/{print $3}'|sort |uniq -c|sort -nr|while read count ip;do if [ $count  -gt 10 ];then iptables -A INPUT -s $ip -j REJECT ;fi;done
lastb |awk '/ssh/{ip[$3]++}END{for(i in ip){if(ip[i]>10){system("iptables -A INPUT -s "i" -j REJECT")}}}'

Frieza_M
关注
ServerTokens
doodlesomething
08-27 972
这是在暑假期间看《鸟哥的四方
HTTP协议
weixin_45599288的博客
03-21 7545
http协议概念 URL http协议格式 http请求 抓包 http响应 http方法 http的状态码 http常见的Header https 实现一个简单的http服务器
httpd常见配置
wayees的博客
04-17 414
ServerRoot "/etc/httpd" ##httpd服务器的根目录 [root@localhost httpd]# pwd /etc/httpd [root@localhost httpd]# ll total 12 drwxr-xr-x 2 root root 4096 Apr 15 23:33 conf ##配置文件 drwxr-xr-x 2 root root 4096 Apr 15 22:00 conf.d ##用户自定义配置文件,以*.co
Apache常见配置及问题_servertokens prod,2024软件测试大厂高频面试题
2401_84240431的博客
04-13 1021
外链图片转存中…(img-avr05Ae8-1712953748786)][外链图片转存中…(img-HAIECFyF-1712953748787)][外链图片转存中…(img-Z49ZORx8-1712953748788)][外链图片转存中…(img-Dylov3Y4-1712953748789)][外链图片转存中…(img-DLZX8L7K-1712953748789)]
apache常用的配置指令:ServerTokens
weixin_33724059的博客
02-21 1065
ServerTokens 指令 说明 配置"Server:"应答头 语法 ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full 默认值 ServerTokens Full 作用域 server config 状态 核心(C) 模块 core 这个指令控制了服务器回应给客户端的"Server:...
HTTP协议及其各个版本详解
m0_63526467的博客
08-11 2378
HTTP协议及其各个版本详解
HTTP协议 & HTTPS协议 & MQTT协议介绍
最新发布
玄奕子的博客
09-07 2361
HTTP协议 & HTTPS协议 & MQTT协议介绍
【网络】HTTP协议——应用层协议、URL、HTTP协议格式、HTTP的方法、HTTP的状态码、HTTP常见Header
Crocodile1006的博客
07-31 1513
Linux网络、应用层、HTTP协议、URL、urlencode和urdecode、HTTP协议格式、HTTP的方法、HTTP的状态码、HTTP常见Header
HTTP协议详解:从零开始的Web通信之旅
m0_68483928的博客
07-22 2636
HTTP是超文本传输协议,其定义了客户端和服务器端之间的文件传输规范,HTTP默认使用80端口,这个端口是指服务器端的端口,客户端使用的端口是动态分配的。当我们没有指定端口访问的时候,浏览器会默认帮我们添加80端口。我们也可以自己制定访问的端口比如
禁止显示或发送Apache版本号(设置ServerTokens
海阳之新's blog
12-03 1286
默认地,服务器HTTP响应头会包含apache和php版本号。像下面的,这是有危害的,因为这会让黑客通过知道详细的版本号而发起已知该版本的漏洞攻击。 1.Server: Apache/2.2.17 (Unix) PHP/5.3.5 为了阻止这个,需要在httpd.conf设置ServerTokens为Prod,这会在响应头中显示“Server:Apache”而不包含任何的版本信息。 1.#
【笔记】httpd 配置详解
gshzh的博客
05-27 3204
常用配置指令说明 1. ServerRoot: 服务器的基础目录,一般来说它将包含conf/和logs/子目录,其它配置文件的相对路径即基于此目录。默认为安装目录,不需更改。 语法:ServerRoot directory-path 如: ServerRoot "/usr/local/apache-2.2.6" 注意,此指令中的路径最后不要加 / 。 2. Listen: 指定服务器监听的IP和端口。默认情况下Apache会在所有IP地址上监听...
Apache的配置
williamsir的专栏
01-18 1405
Apache的配置由httpd.conf文件配置,因此下面的配置指令都是在httpd.conf文件中修改。 主站点的配置(基本配置) (1) 基本配置:ServerRoot "/mnt/software/apache2" #你的apache软件安装的位置。其它指定的目录如果没有指定绝对路径,则目录是相对于该目录。 PidFile logs/httpd.pid #
隐藏服务器基本信息,隐藏Apache的服务器配置信息
weixin_31559919的博客
08-13 849
>ServerTokens ProductOnly 和 ServerSignature Off 微调 Apache 的返回信息apache 的 httpd.conf 有两个配置可以控制是否显示服务器信息给用户ServerTokensServerSignature默认条件下会把apache版本 系统 模块都显示出来 (HTTP 返回头)还有如果列举目录的话 会显示域名信息(文件列表正文)(ht...
Nginx 隐藏服务器名称和版本号
热门推荐
Leopard_89的专栏
03-02 1万+
初学nginx,遇到了server_tokens命令,该命令的作用是显示或隐藏掉版本号。 例如server_tokens off; 隐藏版本号。浏览器访问时抓包,查看HTTP响应的Server头没有版本号。 既然版本号可以隐藏,那可不可以隐藏或修改nginx服务器的名称呢?答案是可以,修改或隐藏服务器名称需要修改源码nginx.h,nginx.h在src/core/目录下 。具体操作如
apache中ServerTokens参数设置详解
weixin_33769207的博客
06-04 5163
该参数设置http头部返回的apache版本信息,可用的值和含义如下:#仅软件名称,例如:apache ServerTokensProd包括主版本号,例如:apache/2 ServerTokensMajor#包括次版本号,例如:apache/2.0 ServerTokensMinor#仅apache的完整版本号,例如:apache/2.0.54 ServerToken...
VB编程实现HTTP协议详解
在本文档中,作者何道德分享了如何使用Visual Basic (VB) 语言来实现HTTP协议的基本操作。主要内容包括创建一个HTTP请求,用于GET和POST方法,并且特别关注了如何处理文件上传。以下将详细介绍几个关键知识点: 1. ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值