Web server --Apache
- Apache is the transmission of hypertext medium, Html , Hypertext refers to the inside pages contain pictures, links and even music, programs and other non-text elements. Hypertext transfer protocol called the hypertext transfer protocol, HTTP . http using a Uniform Resource Locator URL to establish a connection and transfer data. URI of the , uniform resource identifier, but more broadly, include the URL of .
- Apache Overview and operating mode
Overview: the world's first use of the web server software that can run on almost any computer platform. Fast and reliable, simple API expansion will compile a variety of interpreter to the server. Multi-processor environment is not suitable for consumption than multi-threaded process.
Process flow: daemon -> Worker Process -> spawn threads (to process the request)
The client connects to a random port Apache 's 80 port, the server processes the request processing thread open, matching the user's request is dynamic or static:
Static : server directly return the page to the client ( HTML )
Dynamic : need parser server to find PHP pages processed back to the client. (Need to connect to the database)
Apache operating modes: 3 stabilities of MPM mode ( MPM : multiprocessing module) are:
prefork、worker、event。
prefork mode of operation:
Apache Before you start, you advance fork several sub-processes, and then wait for a request comes in, the reason for doing so. In order to reduce the frequency of process creation and destruction overhead. Each child process only one thread at a time, can only handle one request.
Advantages: mature and stable, compatible with all old and new modules. At the same time you do not need to worry about thread safety issues.
Cons: a process consumes relatively more system resources, consume more memory, but not good at dealing with high concurrent requests.
worker operating modes:
Use multi-process and multi-threaded mixed mode. It also pre- fork a number of child processes (a small number), then each child process created some threads, including a listening thread. The listener thread listens access request and passes it to the service threading and responses. Compared threaded process lighter, consume fewer resources. Because the thread is usually shared memory space of the parent process, so take up less resources. In high concurrency scenarios, compared prefork more threads available processing power will be stronger.
Advantages: takes up less memory, high concurrency better performance.
Disadvantages: must consider the security thread, a thread dies, all threads on the child's death where the entire thread
event modes of operation:
And worker mode similar, the biggest difference is that, to solve the Keep-Alive (early http application resources need to be kept TCP connection and disconnection, a waste of resources. So with the Keep-Alive , the Keep-Alive set keepalive_timeout , will http daemon sends a complete response after waiting a keepalive_timeout time, over time will not open, but a long wait to use it may be more a waste of resources) prolonged occupation of thread waste problem, there is a dedicated thread to manage these keep- alive type of reinforcing thread request processing capability under high concurrency.
View: HTTP -V | grep -i "Server MPM"
Targeting: specified at compile-time option --with-mpm = xxx
Detailed configuration 3.Apache
Start the configuration:
1. Install
[root@apache ~]# yum install -y httpd httpd-manual
[root@apache ~]# rpm -ql httpd
/etc/httpd/conf.d/autoindex.conf
/etc/httpd/conf.d/userdir.conf
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf.modules.d
/etc/httpd/conf.modules.d/00-base.conf
/etc/httpd/conf.modules.d/00-dav.conf
/etc/httpd/conf.modules.d/00-lua.conf
/etc/httpd/conf.modules.d/00-mpm.conf
/etc/httpd/conf.modules.d/00-proxy.conf
/etc/httpd/conf.modules.d/00-systemd.conf
/etc/httpd/conf.modules.d/01-cgi.conf
Sub-profiles
/etc/httpd/conf/httpd.conf
The main configuration file
Journal
/var/log/httpd/
Error Log: Record apache-server through which the error
Access logs: record which clients accessed the current web-server
/etc/logrotate.d/httpd
Log Rotation
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
## reload apache configuration files
## correct output and error all documents into a black hole
Previous ## || command fails, execute the command back
&& previous command is successful, execute subsequent commands
## true always return a true value
Interview questions: Why do this operation?
After the log file rotation, the old file inode has not changed, if you do not reload the configuration file, new log still write the old log file rotation failure.
endscript
}
/usr/lib64/httpd/modules
## apache module
/usr/share/doc/httpd-2.4.6
## Configuration Help
/ Var / www
## page catalog published
[root@apache ~]# systemctl start httpd
Browser Access: http://172.16.0.31/manual/
[root@apache ~]# grep "apache" /etc/passwd
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
2. Interpretation profile
[root@apache /etc/httpd/conf]# vim httpd.conf
## directory container, define a virtual access path
<Directory /> ## "" no wrap, which is the virtual path
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
## define a default access path
<Directory "/ var / www"> ## "" wrap, the entity path
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
## directory container configuration options
#Indexes support index
#FollowSymLinks supports soft links
AllowOverride None
## whether to use verification
#None said they did not use
Require all granted
## Access Control List, which allows the client to access the machine apache
#all granted allows all clients to access
</Directory>
(1) After installation, start direct access results, error test page
[root@apache /etc/httpd/conf.d]# vim welcome.conf
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /.noindex.html
</LocationMatch>
<Directory /usr/share/httpd/noindex>
AllowOverride None
Require all granted
</Directory>
## test page, there is no direct return 403 error
Alias /.noindex.html /usr/share/httpd/noindex/index.html
Page ## visit was /.noindex.html
# Cd / var / www / html /
[Root @ apache / var / www / html] # ls
[root@apache /var/www/html]# echo "test" > index.html
[root@apache /var/www/html]# cp /etc/passwd .
[root@apache /var/www/html]# cp /etc/group .
# In case there is a default test page, other files can not be accessed
[root@apache /var/www/html]# rm -f index.html
[Root @ apache / var / www / html] # ls
group passwd
[root@apache /etc/httpd/conf.d]# vim welcome.conf
## All comments configuration of this file
[root@apache /etc/httpd/conf.d]# systemctl restart httpd
(2)Indexes
Show page publishing files in a directory
[root@apache /etc/httpd/conf]# vim httpd.conf
#Options Indexes FollowSymLinks
Options Indexes
[root@apache /etc/httpd/conf]# systemctl restart httpd
(3)FollowSymLinks
In the show catalog page, supports soft links
[root@apache /var/www/html]# ln -s /etc/fstab .
[root@apache /var/www/html]# ll
total 8
lrwxrwxrwx 1 root root 10 Aug 14 14:35 fstab -> /etc/fstab
-rw-r--r-- 1 root root 481 Aug 14 14:10 group
-rw-r--r-- 1 root root 1031 Aug 14 14:10 passwd
[root@apache /etc/httpd/conf]# vim httpd.conf
Options Indexes FollowSymLinks
[root@apache /etc/httpd/conf]# systemctl restart httpd
(4) Access Verification
[root@apache /etc/httpd/conf]# vim httpd.conf
AllowOverride All ## inside the container in the directory
AccessFileName .htaccess ## in a directory outside of the container
<Files ".ht *"> ## file container, constraint ".ht" begins with .ht file named
Require all denied ## refused to be accessible to everyone
</Files>
[root@apache /var/www/html]# vim .htaccess
AuthName "access-test" ## verified name
AuthType Basic ## types of authentication, basic authentication
AuthUserFile "/var/www/html/.htpasswd" ## legitimate users to save files
Require valid-user ## only legitimate users can access
[root@apache /var/www/html]# htpasswd -c /var/www/html/.htpasswd h1
-c create a user file
New password:
Re-type new password:
Adding password for user h1
[root@apache /var/www/html]# cat .htpasswd
h1:$apr1$qO3Rhva5$3RgNncMHN2npNWt7CDQVW.
[root@apache /var/www/html]# htpasswd /var/www/html/.htpasswd h2
New password:
Re-type new password:
Adding password for user h2
[root@apache /var/www/html]# cat .htpasswd
h1:$apr1$qO3Rhva5$3RgNncMHN2npNWt7CDQVW.
h2:$apr1$gSEFk0Ia$vLtp05wisooWhrMEfIZZ60
[root@apache /etc/httpd/conf]# systemctl restart httpd
(5) Access Control
Require all granted ## allows all clients to access
Require all denied ## to reject all client access
Whitelist: which clients allowed to access the machine's web-server
Application in the background site web-server, allowing only access to the company's business staff.
Require all denied
require ip ip address list
[root@apache /etc/httpd/conf]# vim httpd.conf
Require all denied
Require ip 172.16.0.230AuthName "access-test" ## verified name
The type of authentication AuthType Basic ##
[root@apache /etc/httpd/conf]# systemctl restart httpd
Blacklist: Which clients denied access to the machine's web-server
In the foreground application site web-server, allowing all users from the Internet, refused to unauthorized access.
How to confirm that the user is illegal?
Analysis of access logs of apache.
<RequireAll>
require not ip ip address list
Require all granted
</RequireAll>
[root@apache /etc/httpd/conf]# vim httpd.conf
<RequireAll>
Require not ip 172.16.0.230
Require all granted
</RequireAll>
[root@apache /etc/httpd/conf]# systemctl restart httpd
--------------------------------------------------------
## to define the default file name of the test page
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
## access log
## defined access log format
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
172.16.0.230 - - [10/Jun/2019:18:44:48 +0800] "GET / HTTP/1.1" 200 690 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0)"
172.16.0.230 client IP
- - two placeholders
[10 / Jun / 2019: 18: 44: 48 +0800] Access time, time zone
GET / HTTP / 1.1 access methods, protocols
200 status code
-------------------
web-server status codes:
1xx message
2xx successful visit
200 OK
3xx Redirection
4xx Client Error
5xx Server Error
-------------------
690 server to the client how much file transfer, byte
Followed by client information
TypesConfig /etc/mime.types
## web-server on the browser supports file formats