1、請描述一次完整的http請求處理過程;
2、httpd所支持的處理模型有哪些,他們的分別使用於哪些環境。
3、源碼編譯安裝LAMP環境(基於wordpress程序),並寫出詳細的安裝、配置、測試過程。
4、建立httpd服務器(基於編譯的方式進行),要求:
提供兩個基於名稱的虛擬主機:
(a)www1.stuX.com,頁面文件目錄爲/web/vhosts/www1;錯誤日誌爲/var/log/httpd/www1.err,訪問日誌爲/var/log/httpd/www1.access;
(b)www2.stuX.com,頁面文件目錄爲/web/vhosts/www2;錯誤日誌爲/var/log/httpd/www2.err,訪問日誌爲/var/log/httpd/www2.access;
(c)爲兩個虛擬主機建立各自的主頁文件index.html,內容分別爲其對應的主機名;
(d)通過www1.stuX.com/server-status輸出httpd工作狀態相關信息,且只允許提供帳號密碼才能訪問(status:status);
5、爲第4題中的第2個虛擬主機提供https服務,使得用戶可以通過https安全的訪問此web站點;
(1)要求使用證書認證,證書中要求使用的國家(CN)、州(HA)、城市(ZZ)和組織(MageEdu);
(2)設置部門爲Ops,主機名爲www2.stuX.com,郵件爲[email protected];
6、在LAMP架構中,請分別以php編譯成httpd模塊形式和php以fpm工作爲獨立守護進程的方式來支持httpd,列出詳細的過程。
1.一次完整的http請求處理過程:
(1)建立或處理連接:接收請求或拒絕請求;
(2)接收請求:接收來自於網絡上的主機請求報文中對某特定資源的一次請求的過程;
(3)處理請求:對請求報文進行解析,獲取客戶端請求的資源及請求方法等相關信息;
(4)訪問資源:獲取請求報文中請求的資源;
(5)構建響應報文:
(6)發送響應報文:
(7)記錄日誌:
2.httpd所支持的處理模型有哪些,他們的分別使用於哪些環境。
prefork:多進程模型,每個進程響應一個請求;
一個主進程:負責生成子進程及回收子進程;負責創建套接字;負責接收請求,並將其派發給某子進程進行處理;
n個子進程:每個子進程處理一個請求;
工作模型:會預先生成幾個空閒進程,隨時等待用於響應用戶請求;最大空閒和最小空閒
worker:多進程多線程模型,每線程處理一個用戶請求;
一個主進程:負責生成子進程;負責創建套接字;負責接收請求,並將其派發給某子進程進行處理;
多個子進程:每個子進程負責生成多個線程;
每個線程:負責響應用戶請求;
併發響應數量:m*n
m:子進程數量
n:每個子進程所能創建的最大線程數量;
event:事件驅動模型,多進程模型,每個進程響應多個請求;
一個主進程 :負責生成子進程;負責創建套接字;負責接收請求,並將其派發給某子進程進行處理;
子進程:基於事件驅動機制直接響應多個請求;
3.源碼編譯安裝LAMP環境(基於wordpress程序),並寫出詳細的安裝、配置、測試過程。
以centos6.5環境安裝httpd2.4.9,php5.4.26,通用二進制mariadb5.5.36,具體安裝如下:
(1).編譯安裝httpd2.4.9
安裝httpd-2.4,依賴於apr-1.4+,apr-util-1.4+, [apr-iconv], apr: apacheportable runtime
首先安裝開發環境包組:DevelopmentTools, Server Platform Development 開發程序包:pcre-devel
[root@localhost~]# yum groupinstall 服務器平臺開發 開發工具
[root@localhostdylan]# tar -xjvf apr-1.5.0.tar.bz2
[root@localhostdylan]# cd apr-1.5.0
[[email protected]]# ./configure --prefix=/usr/local/apr
[[email protected]]# make && make install ###安裝apr-1.5.0
[root@localhostdylan]# tar -xjvf apr-util-1.5.3.tar.bz2
[root@localhostdylan]# cd apr-util-1.5.3
[[email protected]]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
[[email protected]]# make && make install ###安裝apr-util-1.5.3
###解壓httpd
[root@localhostdylan]# tar -xjvf httpd-2.4.9.tar.bz2
[root@localhostdylan]# cd httpd-2.4.9
###安裝必備包
[[email protected]]# yum install openssl openssl-devle pcre pcre-devel -y
[[email protected]]# ./configure --prefix=/usr/local/apache24--sysconfdir=/etc/httpd24 --enable-so--enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre--with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util--enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
[[email protected]]# make && make install ###安裝httpd-2.4.9
###編譯安裝完成後把apachectl命令路徑加入PATH中
[root@localhost/]# vim /etc/profile.d/httpd.sh
exportPATH=/usr/local/apache24/bin:$PATH ###添加環境變量
(2).通用二進制格式安裝mariadb-5.5.36-linux-x86_64.tar.gz
首先準備數據目錄:
[root@localhost/]# mkdir -pv /mydata/data
[root@localhost/]# groupadd -r -g 306 mysql ###添加mysql組
[root@localhost/]# useradd -r -g 306 -u 306 mysql ###添加mysql用戶
[root@localhost/]# chown -R mysql.mysql /mydata/data/
安裝配置
[root@localhost/]# tar xf mariadb-5.5.36-linux-x86_64.tar.gz -C /usr/local/ ###解壓至/usr/local目錄
[root@localhost/]# cd /usr/local/
[root@localhostlocal]# ln -sv mariadb-5.5.36-linux-x86_64/ mysql ###鏈接至mysql目錄
[root@localhostlocal]# cd /usr/local/mysql/
[root@localhostmysql]# chown -R root:mysql ./* ###更改屬主屬組
[root@localhostmysql]# scripts/mysql_install_db --user=mysql --datadir=/mydata/data ###創建數據
[root@localhostmysql]# cp support-files/my-large.cnf /etc/mysql/my.cnf ###複製配置文件
[root@localhostmysql]# vim /etc/mysql/my.cnf ###在mysqld配置段中添加
datadir= /mydata/data
skip_name_resolve= ON
innodb_file_per_table= ON
[root@localhostmysql]# cp support-files/mysql.server /etc/init.d/mysqld ###複製服務啓動配置文件
[root@localhostmysql]# chkconfig --add mysqld ###添加mysqld服務
[root@localhostmysql]# chkconfig mysqld on ###服務自啓動、
####輸出mysql頭文件至系統頭文件路徑/usr/include;
[root@localhostmysql]# ln -sv /usr/local/mysql/include /usr/include/mysqld
"/usr/include/mysqld"-> "/usr/local/mysql/include"
###輸出mysql庫文件給系統庫查找路徑
[root@localhostmysql]# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
[root@localhostmysql]# ldconfig ###系統重載入系統庫
[root@localhost~]# ldconfig -p |grep mysql ###查看mysql庫文件讀取
libmysqld.so.18(libc6,x86-64) => /usr/local/mysql/lib/libmysqld.so.18
libmysqld.so(libc6,x86-64) => /usr/local/mysql/lib/libmysqld.so
libmysqlclient_r.so.16(libc6,x86-64) => /usr/lib64/mysql/libmysqlclient_r.so.16
libmysqlclient.so.18(libc6,x86-64) => /usr/local/mysql/lib/libmysqlclient.so.18
libmysqlclient.so.16(libc6,x86-64) => /usr/lib64/mysql/libmysqlclient.so.16
libmysqlclient.so(libc6,x86-64) => /usr/local/mysql/lib/libmysqlclient.so
###修改PATH環境變量
[root@localhostmysql]# vim /etc/profile.d/mysql.sh
exportPATH=/usr/local/mysql/bin:$PATH
[root@localhostmysql]# . /etc/profile.d/mysql.sh ###重讀配置文件
[root@localhostbin]# mysql_secure_installation ###mysql安全加固 ###運行此命令進行設置
(3).編譯安裝php-5.4.26.tar.bz2
[root@localhostdylan]# yum install libxml2-devel libmcrypt-devel bzip2-devel -y
[root@localhostdylan]# tar xf php-5.4.26.tar.bz2
[root@localhostdylan]# cd php-5.4.26
[[email protected]]# ./configure --prefix=/usr/local/php --with-mysql=/usr/local/mysql--with-openssl --with-mysqli=/usr/local/mysql/bin/mysql_config--enable-mbstring --with-png-dir --with-jpeg-dir --with-freetype-dir--with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets--with-apxs2=/usr/local/apache24/bin/apxs --with-mcrypt--with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2
[[email protected]]# make && make install
[[email protected]]# cp php.ini-production /etc/php.ini ###複製php配置文件
[[email protected]]# cd /etc/httpd24
[root@localhosthttpd24]# cp httpd.conf{,.backup}
###使httpd能夠識別php動態資源並能夠提交給httpd的php模塊(引擎),需要編輯httpd的配置文件
[root@localhosthttpd24]# vim httpd.conf
AddTypeapplication/x-compress .Z
AddTypeapplication/x-gzip .gz .tgz
AddTypeapplication/x-httpd-php .php ###添加此項,識別以php結尾的文件
<IfModuledir_module>
DirectoryIndex index.php index.html ###DirectoryIndex添加index.php,可識別此類爲主頁
</IfModule>
(4)安裝wordpress-4.7.4-zh_CN.tar.gz
[root@localhostdylan]# tar -xf wordpress-4.7.4-zh_CN.tar.gz -C /usr/local/apache24/htdocs/
[root@localhosthtdocs]# cd /usr/local/apache24/htdocs/wordpress/
[root@localhostwordpress]# cp wp-config-sample.php wp-config.php ###複製配置文件
[root@localhostwordpress]# mysql -uroot -p123456
MariaDB[(none)]> create database wpdb; ###創建wpdb數據庫
QueryOK, 1 row affected (0.06 sec)
MariaDB[(none)]> grant all on wpdb.* to "wp"@"192.168.%.%"identified by "wordpress"; ###授權用戶
QueryOK, 0 rows affected (0.04 sec)
define('DB_NAME','wpdb');
[root@localhostwordpress]# vim wp-config.php ###編輯配置信息
/**WordPress數據庫的名稱 */
define('DB_NAME','wpdb');
/**MySQL數據庫用戶名 */
define('DB_USER','wp');
/**MySQL數據庫密碼 */
define('DB_PASSWORD','wordpress');
/**MySQL主機 */
define('DB_HOST','192.168.0.113');
[root@localhostwordpress]# apachectl restart
打開頁面顯示
填入信息後顯示
至此,安裝完成。
4、建立httpd服務器(基於編譯的方式進行),要求: 提供兩個基於名稱的虛擬主機:
(a)www1.stuX.com,頁面文件目錄爲/web/vhosts/www1;錯誤日誌爲/var/log/httpd/www1.err,訪問日誌爲/var/log/httpd/www1.access;
(b)www2.stuX.com,頁面文件目錄爲/web/vhosts/www2;錯誤日誌爲/var/log/httpd/www2.err,訪問日誌爲/var/log/httpd/www2.access;
(c)爲兩個虛擬主機建立各自的主頁文件index.html,內容分別爲其對應的主機名;
(d)通過www1.stuX.com/server-status輸出httpd工作狀態相關信息,且只允許提供帳號密碼才能訪問(status:status);
[root@localhost ~]# mkdir -pv/web/vhosts/{www1,www2} ###創建文件目錄
[root@localhost ~]# mkdir -pv/var/log/httpd
[root@localhost ~]# echo"<h1>www1.stuX.com</h1>" > /web/vhosts/www1/index.html ###主頁文件內容
[root@localhost ~]# echo"<h1>www2.stuX.com</h1>" > /web/vhosts/www2/index.html
[root@localhost ~]# vim/etc/httpd24/httpd.conf
#DocumentRoot"/usr/local/apache24/htdocs" ###註釋中心主機
Include /etc/httpd24/extra/vhost.conf ###添加配置文件
[root@localhost ~]# vim/etc/httpd24/extra/vhost.conf ###配置虛擬主機
<VirtualHost 192.168.0.113:80>
ServerNamewww1.stux.com
DocumentRoot"/web/vhosts/www1"
ErrorLog"/var/log/httpd/www1.err"
CustomLog"/var/log/httpd/www1.access" combined
<Directory"/web/vhosts/www1">
OptionsNone
AllowOverrideNone
Requireall granted
</Directory>
<Location/server-status>
SetHandlerserver-status
AuthTypeBasic
AuthName"Enter username and password"
AuthUserFile"/etc/httpd24/.htpasswd"
Requireuser status
</Location>
</VirtualHost>
<VirtualHost 192.168.0.113:80>
ServerNamewww2.stux.com
DocumentRoot"/web/vhosts/www2"
ErrorLog"/var/log/httpd/www2.err"
CustomLog"/var/log/httpd/www2.access" combined
<Directory"/web/vhosts/www2">
OptionsNone
AllowOverrideNone
Requireall granted
</Directory>
</VirtualHost>
[root@localhost ~]# htpasswd -c -m/etc/httpd24/.htpasswd status ###生成認證文件,第一次加-c
New password:
Re-type new password:
Adding password for user status
[root@localhost ~]# httpd –t ###測試配置文件
Syntax OK
[root@localhost ~]# apachectl restart ###重啓服務
測試:
需配置hosts文件 添加192.168.0.113 www1.stux.com
192.168.0.113 www2.stux.com
測試status
總結:編譯安裝的2.4虛擬主機配置文件與2.2有所區別
對於基於IP的訪問控制做了修改,不再支持使用order, allow, deny這些機制,而是統一使用require進行
基於主機名的虛擬主機不再需要NameVirtualHost指令
注意:任意目錄下的頁面只有顯式授權才能被訪問;
5、爲第4題中的第2個虛擬主機提供https服務,使得用戶可以通過https安全的訪問此web站點;
(1)要求使用證書認證,證書中要求使用的國家(CN)、州(HA)、城市(ZZ)和組織(MageEdu);
(2)設置部門爲Ops,主機名爲www2.stuX.com,郵件爲[email protected];
###測試用,CA與httpd位於同一主機
###首先,創建私有CA,在服務器創建證書籤署請求以及CA簽證
[root@localhost ~]# rpm -q openssl
openssl-1.0.1e-57.el6.x86_64
[root@localhost ~]# (umask 077;opensslgenrsa -out /etc/pki/CA/private/cakey.pem 4096) ###創建私鑰
Generating RSA private key, 4096 bit longmodulus
..........................................................................................
...................................................................................................................++...++
e is 65537 (0x10001)
[root@localhost ~]# openssl req -new -x509-key /etc/pki/CA/private/cakey.pem -out /etc/pk ###生成自簽證書
i/CA/cacert.pem -days 3650You are about tobe asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [DefaultCompany Ltd]:MageEdu
Organizational Unit Name (eg, section)[]:Ops
Common Name (eg, your name or your server'shostname) []:ca.stuX.com
Email Address []:[email protected]
[root@localhost ~]# touch/etc/pki/CA/index.txt ###爲CA提供輔助文件
[root@localhost ~]# echo 01>/etc/pki/CA/serial
[root@localhost ~]# mkdir /etc/httpd24/ssl
[root@localhost ~]# cd /etc/httpd24/ssl/
[root@localhost ssl]# (umask 077;opensslgenrsa -out /etc/httpd24/ssl/httpd.key 2048) ###httpd主機生成私鑰
Generating RSA private key, 2048 bit longmodulus
.........+++
.................+++
e is 65537 (0x10001)
###httpd生成證書籤署請求
[root@localhost ssl]# openssl req -new -key/etc/httpd24/ssl/httpd.key -out /etc/httpd24/ssl/httpd.csr -days 365
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter is what iscalled a Distinguished Name or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', the field will be leftblank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HA
Locality Name (eg, city) [Default City]:ZZ
Organization Name (eg, company) [DefaultCompany Ltd]:MageEdu
Organizational Unit Name (eg, section)[]:Ops
Common Name (eg, your name or your server'shostname) []:www2.stuX.com
Email Address []:[email protected]
Please enter the following 'extra'attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
###因同屬一臺主機測試,故直接簽署證書
[root@localhost ssl]# openssl ca -in/etc/httpd24/ssl/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 365Usingconfiguration from /etc/pki/tls/openssl.cnf
Check that the request matches thesignature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jun 26 08:04:53 2017 GMT
Not After : Jun 26 08:04:53 2018 GMT
Subject:
countryName = CN
stateOrProvinceName = HA
organizationName =MageEdu
organizationalUnitName = Ops
commonName =www2.stuX.com
emailAddress [email protected]
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
9B:20:A6:09:86:E1:F2:05:94:D7:ED:33:57:D2:A1:FE:95:C9:3F:47
X509v3 Authority Key Identifier:
keyid:85:26:25:F4:82:7C:86:25:B1:73:B0:C5:57:24:41:86:81:2A:24:FA
Certificate is to be certified until Jun 2608:04:53 2018 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified,commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost ssl]# cp/etc/pki/CA/certs/httpd.crt /etc/httpd24/ssl/ ###將證書發給httpd
###配置httpd支持使用ssl及使用的證書
[root@localhost ssl]# vim/etc/httpd24/httpd.conf ###編輯httpd配置文件
Include /etc/httpd24/extra/httpd-ssl.conf ###啓用ssl配置文件,去掉#
LoadModule ssl_module modules/mod_ssl.so ###啓用ssl模快,去掉#
[root@localhost ssl]# vim/etc/httpd24/extra/httpd-ssl.conf ###編輯ssl配置文件
<VirtualHost _default_:443>
DocumentRoot "/web/vhosts/www2"
ServerName www2.stuX.com
ServerAdmin [email protected]
ErrorLog"/var/log/httpd/www2.ssl.err"
SSLEngine on
SSLCertificateFile"/etc/httpd24/ssl/httpd.crt" ###證書路徑
SSLCertificateKeyFile"/etc/httpd24/ssl/httpd.key" ###私鑰路徑
<Directory"/web/vhosts/www2">
OPtions None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
TransferLog"/var/log/httpd/www2.ssl.access"
[root@localhost ssl]# httpd -t ###測試出現錯誤
AH00526: Syntax error on line 73 of/etc/httpd24/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache notsupported (known names: ). Maybe you need to lo
ad the appropriate socache module(mod_socache_shmcb?).
[root@localhost ssl]# vim/etc/httpd24/httpd.conf
LoadModule socache_shmcb_modulemodules/mod_socache_shmcb.so ###啓用此模塊,去掉#
[root@localhost ssl]# httpd -t
Syntax OK
[root@localhost ssl]# apachectl restart
測試
[root@localhost ~]# vim /etc/host ###編輯hosts文件添加httpd主機Ip
192.168.0.113 www2.stuX.com
[root@localhost ~]# openssl s_client-connect www2.stuX.com:443
6、在LAMP架構中,請分別以php編譯成httpd模塊形式和php以fpm工作爲獨立守護進程的方式來支持httpd,列出詳細的過程。(下一篇博客詳細介紹)