首页 > Web开发 > 详细

http协议

时间:2019-02-07 14:31:23      阅读:221      评论:0      收藏:0      [点我收藏+]
1.http服务
  1. http: Hyper Text Transfer Protocol, 80/tcp
  2. 常用 http/1.1
    1.支持cache, MIME(支持传送多媒体文件), method
    2.POST命令和HEAD命令 头信息是 ASCII 码,后面数据可为任何格式。服务器回应时会告诉客户 端,数据是什么格式,即Content-Type字段的作用。这些数据类型总称为 MIME 多用途互联网邮件扩展,每个值包括一级类型和二级类型,预定义的 类型,也可自定义类型
    3.持久连接(persistent connection),即TCP连接默认不 关闭,可以被多个请求复用,不用声明Connection: keep-alive 。对于同一个域名,大多数浏览器允许同时建立6个持久连接
    4.管道机制(pipelining),即在同一个TCP连接里,客户端 可以同时发送多个请求,进一步改进了HTTP协议的效率
    5.支持GET、PUT、PATCH、OPTIONS、DELETE方法
    • 问题
      1.同一个TCP连接里面,所有的数据通信是按次序进行的。服务器 只能顺序处理回应,前面的回应慢,会有许多请求排队,造成" 队头堵塞"(Head-of-line blocking) ?
      为避免上述问题,两种方法:一是减少请求数,二是同时多开持 久连接。网页优化技巧,比如合并脚本和样式表、将图片嵌入 CSS代码、域名分片(domain sharding)等 ?
      2.HTTP 协议不带有状态,每次请求都必须附上所有信息。请求的 很多字段都是重复的,浪费带宽,影响速度
    • http请求基本过程
      1、建立连接
      2、接收请求
      3、处理请求
      4、访问资源
      5、构建响应报文 头部
      6、发送响应报文
      7、记录日志
  3. 方法介绍
    GET:从服务器获取一个资源
    HEAD:只从服务器获取文档的响应首部
    POST:向服务器输入数据,通常会再由网关程序继续处理 例如提交用户密码或者信息
    PUT:将请求的主体部分存储在服务器中,如上传文件
    DELETE:请求删除服务器上指定的文档
    TRACE:追踪请求到达服务器中间经过的代理服务器
    OPTIONS:请求服务器返回对指定资源支持使用的请求方法
  4. 状态码介绍
    1xx:100-101 信息提示 ?
    2xx:200-206 成功 ?
    3xx:300-305 重定向 ?
    4xx:400-415 错误类信息,客户端错误 ?
    5xx:500-505 错误类信息,服务器端错误
    200: 成功,请求数据通过响应报文的entity-body部分发送;OK ?
    301: 请求的URL指向的资源已经被删除;但在响应报文中通过首部 Location指明了资源现在所处的新位置;Moved Permanently ?
    302: 响应报文Location指明资源临时新位置 Moved Temporarily
    304:服务器上的资源未曾发生改变,使用本机缓存
    401: 需要输入账号和密码认证方能访问资源;Unauthorized ?
    403: 请求被禁止;Forbidden ?
    404: 服务器无法找到客户端请求的资源;Not Found ?
    500: 服务器内部错误;Internal Server Error ?
    502: 代理服务器从后端服务器收到了一条伪响应,如无法连接到网关;Bad Gateway ? 无法连接到调度的服务器
    503 – 服务不可用,临时服务器维护或过载,服务器无法处理请求 ?
    504 – 网关超时

2.基于httpd实现网站用户访问控制

1.安装httpd服务
2.准备好主页


[root@centos7 ~]#echo ‘welcome to here!‘ > /var/www/html/index.html

3.启动服务


[root@centos7 ~]#systemctl start httpd

4.测试网页
技术分享图片
5.利用htpasswd命令生成用户和密码,注意文件要能被apache账号读取

[root@centos7 conf.d]#htpasswd -c /data/user dcrfan
New password: 
Re-type new password: 
Adding password for user dcrfan
[root@centos7 conf.d]#htpasswd  /data/user zhang
New password: 
Re-type new password: 
Adding password for user zhang
[root@centos7 ~]#chown apache /data/user

6.修改httpd配置文件

 <Directory "/var/www/html">
   Options Indexes FollowSymLinks
   AllowOverride None
   AuthType Basic   #加密类型
   AuthName "please input your name"  #提示字符串
   AuthUserFile  "/data/user"            #用户密码验证文件                                            
   Require  user  dcrfan                #允许访问用户
 </Directory>

[root@centos7 conf.d]#systemctl  restart httpd

7.测试网页
技术分享图片技术分享图片

8.其他权限控制选项
Require all granted 允许所有主机访问:
Require all denied 拒绝所有主机访问
Require host HOSTNAME:授权特定主机访问
Require not host HOSTNAME:拒绝 特定主机访问
Require ip IPADDR:授权指定来源的IP访问
Require not ip IPADDR:拒绝特定的IP访问

?/不能有失败,至少有一个成功匹配才成功,即失败优先
<RequireAll>
Require all granted
Require not ip 172.16.1.1 拒绝特定IP
</RequireAll> ?
/多个语句有一个成功,则成功,即成功优先
<RequireAny>
Require all denied
require ip 172.16.1.1 允许特定IP
</RequireAny>

3.基于httpd实现网站虚拟主机

建立测试文件主页

[root@centos7 conf.d]#mkdir /var/www/html/{a,b,c} 
[root@centos7 conf.d]#echo "a">/var/www/html/a/index.html
[root@centos7 conf.d]#echo "b">/var/www/html/b/index.html
[root@centos7 conf.d]#echo "c">/var/www/html/c/index.html

1.基于port实现虚拟主机
修改配置文件

[root@centos7 conf.d]#vim port.conf
  listen 808                                                                                                   
  listen 8080
   <virtualhost 192.168.0.109:80>
   servername www.a.com
  documentroot "/var/www/html/a"
   </virtualhost>
   <virtualhost 192.168.0.109:808>
 servername www.b.com
  documentroot "/var/www/html/b"
  </virtualhost>
 <virtualhost 192.168.0.109:8080>
 servername www.c.com                                                                                         
  documentroot "/var/www/html/c"
  </virtualhost>

重启服务并查看端口

[root@centos7 conf.d]#systemctl  restart httpd
    [root@centos7 ~]#ss -ntl
State       Recv-Q Send-Q           Local Address:Port                          Peer Address:Port              
LISTEN      0      128                          *:111                                      *:*                  
LISTEN      0      128                          *:41968                                    *:*                  
LISTEN      0      5                192.168.122.1:53                                       *:*                  
LISTEN      0      128                          *:22                                       *:*                  
LISTEN      0      128                  127.0.0.1:631                                      *:*                  
LISTEN      0      100                  127.0.0.1:25                                       *:*                  
LISTEN      0      128                         :::111                                     :::*                  
LISTEN      0      128                         :::8080                                    :::*                  
LISTEN      0      128                         :::80                                      :::*                  
LISTEN      0      128                         :::22                                      :::*                  
LISTEN      0      128                        ::1:631                                     :::*                  
LISTEN      0      100                        ::1:25                                      :::*                  
LISTEN      0      128                         :::53952                                   :::*                  
LISTEN      0      128                         :::808                                     :::*

测试文件

[root@centos7 ~]#curl 192.168.0.109
a
[root@centos7 ~]#curl 192.168.0.109:808
b
[root@centos7 ~]#curl 192.168.0.109:8080
c
~

2.基于ip实现虚拟主机
修改配置文件

<virtualhost 192.168.0.109:80>
servername www.a.com
documentroot "/var/www/html/a"
</virtualhost>
<virtualhost 192.168.0.110:80>
servername www.b.com
documentroot "/var/www/html/b"
</virtualhost>
<virtualhost 192.168.0.111:80>
servername www.c.com                                                                                             
documentroot "/var/www/html/c"
</virtualhost>

重启httpd服务

[root@centos7 conf.d]#systemctl  restart httpd

为本机临时添加ip地址

[root@centos7 ~]#ip address add 192.168.0.110/24 dev eth0
[root@centos7 ~]#ip address add 192.168.0.111/24 dev eth0

查看ip

[root@centos7 ~]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:53:4d:b3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.109/24 brd 192.168.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 192.168.0.110/24 scope global secondary eth0
       valid_lft forever preferred_lft forever
    inet 192.168.0.111/24 scope global secondary eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::47f0:15a7:5a66:13c7/64 scope link 
       valid_lft forever preferred_lft forever

测试 

 [root@centos7 ~]#curl 192.168.0.109
a
[root@centos7 ~]#curl 192.168.0.110
b
[root@centos7 ~]#curl 192.168.0.111
c

3.基于FQDN实现虚拟主机
修改配置文件并重启服务

<virtualhost *:80>
servername www.a.com
documentroot "/var/www/html/a"
</virtualhost>
<virtualhost *:80>
servername www.b.com
documentroot "/var/www/html/b"
</virtualhost>
<virtualhost *:80>                                                                                               
servername www.c.com                                                                                             
documentroot "/var/www/html/c"
</virtualhost>

修改测试客户端host文件,让其能解析这三个地址

[root@centos7 ~]#cat /etc/hosts       
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.109 www.a.com www.b.com www.c.com

测试

[root@centos7 ~]#curl www.a.com
a
[root@centos7 ~]#curl www.b.com
b
[root@centos7 ~]#curl www.c.com
c

注意:一般虚拟机不要与main主机混用;因此,要使用虚拟主机, 一般先禁用main主机
禁用方法:注释中心主机的DocumentRoot指令即可
还可以定制各自日志文件
ErrorLog "logs/host.example.com-error_log"
TransferLog "logs/host.example.com-access_log"

4.基于httpd实现网站https加密

要实现https加密需要搭建CA服务器实现加密通讯,安装mod_ssl模块,服务以443端口监听
1.在192.168.0.112搭建ca

[root@localhost ~]# (umask 066; openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
.......................................+++
.......+++
e is 65537 (0x10001)
[root@localhost ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem  -days 7200 -out /etc/pki/CA/cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:gd
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default Company Ltd]:dcrfan
Organizational Unit Name (eg, section) []:dcrfan.cn
Common Name (eg, your name or your server‘s hostname) []:dcrfan
Email Address []:
[root@localhost ~]# echo 01 > /etc/pki/CA/serial
[root@localhost ~]# touch /etc/pki/CA/index.txt

2.在192.168.0.109生成密钥

root@centos7 ~]# (umask 066; openssl genrsa -out /etc/httpd/httpd.key 2048)       
Generating RSA private key, 2048 bit long modulus
.............................................................................................+++
.............................+++
e is 65537 (0x10001)
[root@centos7 ~]# openssl req -new -key /etc/httpd/httpd.key  -out /etc/httpd/httpd.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:gd
Locality Name (eg, city) [Default City]:gz
Organization Name (eg, company) [Default Company Ltd]:dcrfan  
Organizational Unit Name (eg, section) []:dcrfan.cn
Common Name (eg, your name or your server‘s hostname) []:www.a.com #与网站域名一致
Email Address []:
Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@centos7 ~]#scp /etc/httpd/httpd.csr 192.168.0.112:/data/

3.在192.168.0.112签名证书

[root@localhost ~]# openssl ca -in /data/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 160           
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
        Serial Number: 1 (0x1)
        Validity
            Not Before: Feb  7 02:40:31 2019 GMT
            Not After : Jul 17 02:40:31 2019 GMT
        Subject:
            countryName               = cn
            stateOrProvinceName       = gd
            organizationName          = dcrfan
            organizationalUnitName    = dcrfan.cn
            commonName                = www.a.com
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Comment: 
                OpenSSL Generated Certificate
            X509v3 Subject Key Identifier: 
                48:30:32:22:C2:7F:68:A5:45:C6:99:3B:46:B5:6B:08:7F:94:86:DB
            X509v3 Authority Key Identifier: 
               keyid:29:BE:1C:83:B6:3E:49:D0:12:3F:80:A5:64:CB:17:02:8C:43:3B:1A
Certificate is to be certified until Jul 17 02:40:31 2019 GMT (160 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ~]# scp /etc/pki/CA/certs/httpd.crt /etc/pki/CA/cacert.pem  192.168.0.109:/etc/httpd/

4.安装模块


[root@centos7 ~]#yum install mod_ssl

5.修改httpd配置文件

[root@centos7 ~]#ls /etc/httpd 
cacert.pem  conf  conf.d  conf.modules.d  httpd.crt  httpd.csr  httpd.key  logs  modules  run
[root@centos7 ~]#vim /etc/httpd/conf.d/ssl.conf
   DocumentRoot   "/var/www/html/"
  ServerName   www.a.com
  SSLCertificateFile    /etc/httpd/cacert.pem   #指定ca证书位置
   SSLCertificateKeyFile  /etc/httpd/httpd.key  #指定自己的私钥位置
   SSLCACertificateFile  /etc/httpd/httpd.crt    #指定ca签名的证书位置

6.实现HSTS,让网址自动应用https

vim /etc/httpd/conf/httpd.conf 
Header always set Strict-Transport-Security "maxage=31536000"
RewriteEngine on 
RewriteRule ^(/.*)$  https://%{HTTP_HOST}$1 [redirect=302]

7.修改测试服务器/etc/hosts
192.168.0.109 www.a.com
8.测试(在浏览器添加ca证书)
技术分享图片技术分享图片技术分享图片

http协议

原文:http://blog.51cto.com/6289984/2348866
(0)
(0)
   
举报
评论 一句话评论(0
分享档案
更多>
2021年09月23日 (328)
2021年09月24日 (313)
2021年09月17日 (191)
2021年09月15日 (369)
2021年09月16日 (411)
2021年09月13日 (439)
2021年09月11日 (398)
2021年09月12日 (393)
2021年09月10日 (160)
2021年09月08日 (222)
最新文章
更多>
教程昨日排行
更多>
友情链接
汇智网   PHP教程   插件网  
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!