Web访问响应模型(Web I/O)
单进程I/O模型:启动一个进程处理用户请求,而且一次只处理一个,多个请求被串行响应
多进程I/O模型:并行启动多个进程,每个进程响应一个连接请求
复用I/O结构:启动一个进程,同时响应N个连接请求
实现方法:多线程模型和事件驱动
多线程模型:一个进程生成N个线程,每线程响应一个连接请求
事件驱动:一个进程处理N个请求
复用的多进程I/O模型:启动M个进程,每个进程响应N个连接请求,同时接收MN个请求
一次完整的HTTP请求处理
1、建立连接:接收或拒绝连接请求
2、接收请求:接收客户端请求报文中对某资源的一次请求的过程
3、处理请求:服务器对请求报文进行解析,并获取请求的资源及请求方法等相关信息,根据方法,资源,首部和可选的主体部分对请求进行处理
元数据:请求报文首部
<method> <URL> <VERSION>
HEADERS 格式 name:value
<request body>
示例: Host: www.magedu.com 请求的主机名称 Server: Apache/2.4.7
http常用请求方式:GET POST HEAD PUT DELETE TRACE TRACE OPTIONS
eg:[root@centos7 ~]#telnet www.magedu.com 80
Trying 101.200.188.230...
Connected to www.magedu.com.
Escape character is '^]'.
GET /HTTP/1.1
<!DOCTYPE html>
<html lang="zh-CN">
4、访问资源:
服务器获取请求报文中请求的资源web服务器,即存放了web资源的服务器,负责向请求者提供对方请求的静态资源,或动态运行后生成的资源
web服务器资源路径映射方式:(a) docroot (b) alias (c) 虚拟主机docroot (d) 用户家目录docroot
5、构建响应报文:
一旦Web服务器识别除了资源,就执行请求方法中描述的动作,并返回响应报文。响应报文中 包含有响应状态码、响应首部,如果生成了响应主体的话,还包
括响应主体:
1)响应实体:如果事务处理产生了响应主体,就将内容放在响应报文中回去。响应报文中通常包括:描述了响应主体MIME类型的Content-Type首部描述了响应主体长度的Content-Length实际报文的主体
2)URL重定向:web服务构建的响应并非客户端请求的资源,而是资源另外一个访问路径
3)MIME类型: Web服务器要负责确定响应主体的MIME类型。多种配置服务器的方法可将MIME类型与资源管理起来
6、发送响应报文
7、记录日志:最后,当事务结束时,Web服务器会在日志文件中添加一个条目,来描述已执行的事务
HTTP部分:
http服务器程序: httpd apache nginx lighttpd
MPM工作模式
prefork:多进程I/O模型,每个进程响应一个请求,默认模型 一个主进程:生成和回收n个子进程,创建套接字,不响应请求
占用资源,稳定性好,兼容性强,
worker:复用的多进程I/O模型,多进程多线程,IIS使用此模型
一个主进程:生成m个子进程,每个子进程负责生个n个线程,每个线程响应一个请求,并发响应请求:mn
节约资源,支持更多用户访问,稳定性差,若一个线程出问题,它同一个进程的线程也会被影响。
event:事件驱动模型(worker模型的变种)
一个主进程:生成m个子进程,每个进程直接响应n个请求,并发响应请求:mn,有专门的线程来管理这些keep-alive类型的线程,当有真实请求时,将请
求传递给服务线程,执行完毕后,又允许释放。这样增强了高并发场景下的请求处理能力
“提高高并发,主动释放连接”
httpd功能
虚拟主机:IP PORT FQDN CGI:Common Gateway Interface,通用网关接口 反向代理 负载均衡 路径别名 用户认证机制: basic digest
[root@centos7 ~]#yum info httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Installed Packages
Name : httpd
Arch : x86_64
Version : 2.4.6
Release : 88.el7.centos
Size : 9.4 M
Repo : installed
From repo : base
Summary : Apache HTTP Server
URL : http://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
现在,我们自己创建一个页面:
[root@centos7 ~]#systemctl start httpd
[root@centos7 ~]#ss -ntl 开启服务并查看端口:80
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::80 :::
[root@centos7 ~]#vim /var/www/html/index.html 文件名为index.html
<html>
<head>
<title>html语言</title>
</head>
<body>
<img src="http://www.magedu.com/wp-content/uploads/2017/09/logo.png" >
你好
<p><a rel="nofollow" href=http://www.magedu.com>马哥教育</a>欢迎你</p>
</body>
</html>
模块文件路径:
/etc/httpd/modules
/usr/lib64/httpd/modules
主程序文件: /usr/sbin/httpd 主进程文件: /etc/httpd/run/httpd.pid
[root@centos7 ~]#cd /etc/httpd
[root@centos7 httpd]#ls
conf conf.d conf.modules.d logs modules run
[root@centos7 httpd]#ll run/
total 12
-rw-r--r--. 1 root root 8 Feb 27 13:22 authdigest_shm.6634
-rw-r--r--. 1 root root 8 Feb 27 13:24 authdigest_shm.7991
drwx------. 2 apache apache 40 Feb 27 12:22 htcacheclean
-rw-r--r--. 1 root root 5 Feb 27 13:24 httpd.pid
[root@centos7 httpd]#cat run/httpd.pid
7991
[root@centos7 httpd]#systemctl stop httpd 关停服务就打不开p.id,再开启服务,p.id会变化
[root@centos7 httpd]#cat run/httpd.pid
cat: run/httpd.pid: No such file or directory
[root@centos7 httpd]#systemctl start httpd
[root@centos7 httpd]#cat run/httpd.pid
18470
[root@centos7 httpd]#ls /var/log/httpd/
access_log 访问日志 error_log 错误日志
接着,我们安装一个httpd-manual 软件:安装后,就相当于在本机搭建了一个网站:
[root@centos7 httpd]#yum install httpd-manual (帮助文档)
[root@centos7 httpd]#systemctl restart httpd
Httpd常见配置 (注:httpd -t 检查语法专用)
首先创建一个网页:
[root@centos7 ~]#cd /var/www/html
[root@centos7 html]#ls
index.html
[root@centos7 html]#vim test1.html
www.magedu.com
[root@centos7 html]#curl http://192.168.141.200/test1.html
www.magedu.com
[root@centos7 html]#curl -I http://192.168.141.200/test1.html
HTTP/1.1 200 OK
Date: Thu, 28 Feb 2019 02:37:18 GMT
Server: Apache/2.4.6 (CentOS)
Last-Modified: Thu, 28 Feb 2019 02:31:27 GMT
ETag: "18-582eb16574d0e"
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/html; charset=UTF-8
1、显示服务器版本信息
[root@centos7 html]#vim /etc/httpd/conf/httpd.conf
servertokens prod 添加在文件底,是为了安全,不暴露版本信息
[root@centos7 html]#systemctl reload httpd
[root@centos7 html]#curl -I http://192.168.141.200/test1.html
HTTP/1.1 200 OK
Date: Thu, 28 Feb 2019 02:46:14 GMT
Server: Apache
Last-Modified: Thu, 28 Feb 2019 02:31:27 GMT
ETag: "18-582eb16574d0e"
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/html; charset=UTF-8
[root@centos7 html]#curl -I http://172.20.9.200/test1.html
HTTP/1.1 200 OK
Date: Thu, 28 Feb 2019 02:46:32 GMT
Server: Apache
Last-Modified: Thu, 28 Feb 2019 02:31:27 GMT
ETag: "18-582eb16574d0e"
Accept-Ranges: bytes
Content-Length: 24
Content-Type: text/html; charset=UTF-8 访问本机的2个IP均可以。
2、修改监听的IP和Port
Listen [IP:]PORT (1) 省略IP表示为本机所有IP (2) Listen指令至少一个,可重复出现多次 Listen 80 Listen 8080
[root@centos7 html]#vim /etc/httpd/conf/httpd.conf
Listen 192.168.141.200:80 只指定该IP可以访问。
[root@centos7 html]#systemctl reload httpd
[root@centos7 html]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 :
LISTEN 0 128 *:111 :
LISTEN 0 128 *:6000 :
LISTEN 0 5 192.168.122.1:53 :
LISTEN 0 128 *:22 :
LISTEN 0 128 127.0.0.1:631 :
LISTEN 0 100 127.0.0.1:25 :
[root@centos7 html]#systemctl restart httpd 只有重启才生效。
[root@centos7 html]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 :
LISTEN 0 128 *:111 :
LISTEN 0 128 192.168.141.200:80 :
[root@centos7 html]#vim /etc/httpd/conf/httpd.conf
Listen 192.168.141.200:8080
Listen 127.0.0.1:80 (注:listen命令不可注释掉)
[root@centos7 html]#systemctl restart httpd
[root@centos7 html]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 :
LISTEN 0 128 *:111 :
LISTEN 0 128 127.0.0.1:80 :
LISTEN 0 128 192.168.141.200:8080 :
[root@centos7 html]#curl http://192.168.141.200:8080/test1.html
www.magedu.com
3、持久连接
设置:KeepAlive On|Off KeepAliveTimeout 15
测试:telnet WEB_SERVER_IP PORT GET /URL HTTP/1.1 Host: WEB_SERVER_IP
4、动态/静态模块设置
[root@centos7 html]#cd /etc/httpd/conf.modules.d/
[root@centos7 conf.modules.d]#ls
00-base.conf 00-dav.conf 00-lua.conf 00-mpm.conf 00-proxy.conf 00-systemd.conf 01-cgi.conf
[root@centos7 httpd]#httpd -l 静态模块
Compiled in modules:
core.c
mod_so.c
http_core.c
[root@centos7 ~]#cd /var/www/html
[root@centos7 html]#ls
index.html test1.html
[root@centos7 html]#mkdir /data/www
[root@centos7 html]#cd /data/www
[root@centos7 www]#echo /data/www/index.html > index.html
[root@centos7 ~]#vim /etc/httpd/conf/httpd.conf
<Directory "/data/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
[root@centos6 ~]#curl http://192.168.141.200/
/data/www/index.html
[root@centos7 www]#mkdir news/
[root@centos7 www]#echo /data/www/news/index.html > news/index.html
[root@centos7 www]#tree
.
├── index.html
└── news
└── index.html
1 directory, 2 files
[root@centos6 ~]#curl http://192.168.141.200/news/
[root@centos6 ~]#vim /etc/hosts
192.168.141.200 www.a.com www.b.com www.c.com
[root@centos6 ~]#curl www.a.com
/data/www/index.html
[root@centos7 ~]#vim /etc/httpd/conf/httpd.conf
<Directory "/data/www">
Options indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/data/www/news">
AllowOverride none
</Directory>
[root@centos7 ~]#ls /var/log/httpd access_log error_log [root@centos7 ~]#vim /etc/httpd/conf/httpd.conf ErrorLog: The location of the error log file. 错误日志 If you do not specify an ErrorLog directive within a <VirtualHost> container, error messages relating to that virtual host will be logged here. If you do define an error logfile for a <VirtualHost> container, that host's errors will be logged there and not here. ErrorLog "logs/error_log" LogLevel: Control the number of messages logged to the error_log. Possible values include: debug, info, notice, warn, error, crit,alert, emerg. LogLevel warn
CustomLog "logs/ " common 访问日志 LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
[root@centos7 ~]#vim /etc/httpd/conf/httpd.conf LogFormat "%h %l %u %{%F %T}t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined [root@centos6 ~]#curl 192.168.141.200 /data/www/index.html
12、定义路径别名 格式:Alias /URL/ "/PATH/"
[root@centos7 html]#mkdir /data/blog/
[root@centos7 html]#echo /data/blog/index.html > /data/blog/index.html
[root@centos7 ~]#vim /etc/httpd/conf/httpd.conf
IncludeOptional conf.d/*.conf
<Directory /data/blog/>
Require all granted
</Directory>
alias /bbs/ /data/blog/
[root@centos7 blog]#cd /var/www/html
[root@centos7 html]#ls --> index.html test.html
[root@centos7 html]#mkdir admin
[root@centos7 html]#echo admin Page > admin/index.html
[root@centos7 html]#ls /etc/httpd/conf.d/ 打开存放配置文件的目录:
autoindex.conf manual.conf README userdir.conf welcome.conf
[root@centos7 html]#htpasswd -c /etc/httpd/conf.d/httpuser huge
New password:
Re-type new password:
Adding password for user huge
[root@centos7 html]#htpasswd /etc/httpd/conf.d/httpuser lige
New password:
Re-type new password:
Adding password for user lige
[root@centos7 html]#cat /etc/httpd/conf.d/httpuser
huge:$apr1$EE5M4N5B$/NttVTuXuhoj1X6Fa7aYh. 这是两个httpuser
lige:$apr1$S4Aj4WuO$gqmuNqrs3HfvlDIIfacQI1
[root@centos7 html]#vim /etc/httpd/conf.d/auth.conf 指定用户访问
<Directory /var/www/html/admin>
AuthType Basic
AuthName "he is a nice boy"
AuthUserFile "/etc/httpd/conf.d/httpuser”
Require user huge
</Directory>
[root@centos7 www]#vim /etc/httpd/conf.d/auth.conf
<directory /var/www/html/admin>
allowoverride authconfig 添加与验证相关的语句
</directory>
[root@centos7 admin]#vim /var/www/html/admin/.htaccess
<Directory /var/www/html/admin>
AuthType Basic
AuthName "he is a nice boy"
AuthUserFile "/etc/httpd/conf.d/httpuser”
Require valid-user 此处不要再加<directory>的结尾了。
实验:实现基于basic验证
创建虚拟用户
1、htpasswd -c /etc/httpd/conf.d/httpuser tom
htpasswd /etc/httpd/conf.d/httpuser jack
2、vim /etc/httpd/conf.d/auth.conf
<directory /var/www/html/admin>
allowoverride authconfig 添加与验证相关的语句
</directory>
3、vim /var/www/html/admin/.htaccess
AuthType Basic
AuthName "welcome to adminPage"
AuthUserFile "/etc/httpd/conf.d/httpuser"
Require valid-user
实验:实现用户家目录的http访问 [root@centos7 ~]#cd ~li [root@centos7 li]#cd /etc/httpd/conf.d/ [root@centos7 conf.d]#vim userdir.conf [root@centos7 conf.d]#ll /home/ total 0 drwx------. 3 li li 78 Apr 11 2018 li [root@centos7 conf.d]#vim userdir.conf 需要在配置文件中修改的东西全在下面
UserDir disabled
UserDir public_html #<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
#</Directory>
<directory /home/li/public_html>
require all granted
</directory>
该实验步骤:1、vim /etc/httpd/conf.d/userdir.conf
#UserDir disabled
UserDir public_html
2、<directory /home/wang/public_html>
authtype basic
authname "wang home"
authuserfile "/etc/httpd/conf.d/httpuser"
require user tom
</directory>
3、mkdir /home/wang/public_html
4、setfacl -m u:apache:x /home/wang/public_htm
[root@centos7 conf.d]#vim /etc/httpd/conf.d/test.conf 编辑网站的状态信息:
<Location "/status">
SetHandler server-status
</Location>
下图是详细的状态(截取部分):
实验:实现网站状态页面 步骤如下:
[root@centos7 conf.d]#vim test.conf
<Location "/status"> 定义了网站的模块信息
SetHandler server-status
<RequireAny>
Require all denied
require ip 192.168.35.6
</RequireAny>
</Location>
实际操作:[root@centos7 conf.d]#vim /etc/httpd/conf.d/test.conf
<Location "/status">
SetHandler server-status
<RequireAny>
Require all denied
Require ip 192.168.141.253 指定特定IP允许访问
</RequireAny>
</Location> 此时,我自己200的主机不能访问了:
[root@centos6 ~]#curl http://192.168.141.200/status/ 在指定的IP上就可以
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html><head>
<title>Apache Status</title>
</head><body>
Apache Server Status for 192.168.141.200 (via 192.168.141.200)
<dl><dt>Server Version: Apache/2.4.6 (CentOS)</dt>
<dt>Server MPM: prefork</dt>
<dt>Server Built: Nov 5 2018 01:47:09
</dt></dl><hr /><dl> 这样就既能观察又能保证安全。
实验:基于IP的多个虚拟主机
mkdir /data/{a,b,c}site
echo www.a.com > /data/asite/index.html
echo www.b.com > /data/bsite/index.html
echo www.c.com > /data/csite/index.html
vim /etc/httpd/conf.d/test.conf
<VirtualHost 192.168.35.7:80>
ServerName www.a.com
DocumentRoot "/data/asite"
ErrorLog "logs/a_error_log"
CustomLog "logs/a_access_log" combined
<directory /data/asite>
require all granted
</directory>
</VirtualHost>
<VirtualHost 192.168.35.8:80>
ServerName www.b.com
DocumentRoot "/data/bsite"
ErrorLog "logs/b_error_log"
CustomLog "logs/b_access_log" combined
<directory /data/bsite>
require all granted
</directory>
</VirtualHost>
<VirtualHost 192.168.35.9:80>
ServerName www.c.com
DocumentRoot "/data/csite"
ErrorLog "logs/c_error_log"
CustomLog "logs/c_access_log" combined
<directory /data/csite>
require all granted
</directory>
</VirtualHost>
[root@centos6 ~]#vim /etc/hosts
192.168.141.200 www.a.com
192.168.141.201 www.b.com
192.168.141.202 www.c.com
[root@centos6 ~]#curl www.a.com
www.a.com
[root@centos6 ~]#curl www.b.com
www.b.com
[root@centos6 ~]#curl www.c.com
www.c.com
实验:基于Port的多个虚拟主机
cat /etc/httpd/conf.d/test.conf
listen 8001
listen 8002
listen 8003
<VirtualHost *:8001>
ServerName www.a.com
DocumentRoot "/data/asite"
ErrorLog "logs/a_error_log"
CustomLog "logs/a_access_log" combined
<directory /data/asite>
require all granted
</directory>
</VirtualHost>
<VirtualHost *:8002>
ServerName www.b.com
DocumentRoot "/data/bsite"
ErrorLog "logs/b_error_log"
CustomLog "logs/b_access_log" combined
<directory /data/bsite>
require all granted
</directory>
</VirtualHost>
<VirtualHost *:8003>
ServerName www.c.com
DocumentRoot "/data/csite"
ErrorLog "logs/c_error_log"
CustomLog "logs/c_access_log" combined
<directory /data/csite>
require all granted
</directory>
</VirtualHost>
[root@centos6 ~]#curl www.a.com:8001
www.a.com
[root@centos6 ~]#curl www.a.com:8002
www.b.com
[root@centos6 ~]#curl www.a.com:8003
www.c.com
实验:实现基于FQDN (full qualified domain name 完整主机名)的多虚拟主机
[root@centos7 ~]# vim /etc/httpd/conf.d/test.conf
ErrorLog "logs/a_error_log"
CustomLog "logs/a_access_log" combined
<directory /data/asite>
require all granted
</directory>
</VirtualHost>
<VirtualHost :80>
ServerName www.b.com
DocumentRoot "/data/bsite"
ErrorLog "logs/b_error_log"
CustomLog "logs/b_access_log" combined
<directory /data/bsite>
require all granted
</directory>
</VirtualHost>
<VirtualHost :80>
ServerName www.c.com
DocumentRoot "/data/csite"
ErrorLog "logs/c_error_log"
CustomLog "logs/c_access_log" combined
<directory /data/csite>
require all granted
</directory>
</VirtualHost>
[root@centos6 ~]#curl www.a.com
www.a.com
[root@centos6 ~]#curl www.b.com
www.b.com
[root@centos6 ~]#curl www.c.com
www.c.com
https:http over ssl
SSL会话的简化过程
(1) 客户端发送可供选择的加密方式,并向服务器请求证书
(2) 服务器端发送证书以及选定的加密方式给客户端
(3) 客户端取得证书并进行证书验证
如果信任给其发证书的CA
(a) 验证证书来源的合法性;用CA的公钥解密证书上数字签名(b) 验证证书的内容的合法性:完整性验证
(c) 检查证书的有效期限(d) 检查证书是否被吊销(e) 证书中拥有者的名字,与访问的目标主机要一致
(4) 客户端生成/data/www/news/index.html临时会话密钥(对称密钥),并使用服务器端的公钥加密此数据发送给服务器,
完成密钥交换
(5) 服务用此密钥加密用户请求的资源,响应给客户端
注意:SSL是基于IP地址实现,单IP的主机仅可以使用一个https虚拟主机
实验:实现https
[root@centos7 ~]#yum search ssl 搜索出需要安装的模块
mod_ssl.x86_64 : SSL/TLS module for the Apache HTTP Server
[root@centos7 ~]#yum install mod_ssl
[root@centos7 ~]#systemctl restart httpd
[root@centos7 ~]#ss -ntl
LISTEN 0 128 :::80 :::
LISTEN 0 128 :::443 443代表现在可以去访问网站了 :::
[root@centos7 ~]#vim /etc/httpd/conf.d/ssl.conf 查看该配置文件 放置了私钥,
开始建证书:1、[root@centos7 ~]#mkdir /data/https/
[root@centos7 ~]#cd /data/https/
[root@centos7 https]#ls /etc/pki/tls/
cert.pem certs misc openssl.cnf private
[root@centos7 https]#openssl genrsa 2048 > cakey.pem
2、[root@centos7 https]#openssl req -new -x509 -key cakey.pem -out cacert.crt -days 3650
3、[root@centos7 https]#openssl req -newkey rsa:2048 -days 365 -nodes -keyout httpd.key > httpd.csr
4、[root@centos7 https]#openssl x509 -req -in httpd.csr -days 365 -CA cacert.crt -CAkey cakey.pem -set_serial 01 > httpd.crt Signature ok
subject=/C=cn/ST=beijing/L=beijing/O=magedu/OU=devops/CN=www.a.com
5、[root@centos7 https]#ll total 20
-rw-r--r--. 1 root root 1342 Mar 2 19:54 cacert.crt
-rw-r--r--. 1 root root 1679 Mar 2 19:53 cakey.pem
-rw-r--r--. 1 root root 1200 Mar 2 19:59 httpd.crt
-rw-r--r--. 1 root root 1005 Mar 2 19:57 httpd.csr
-rw-r--r--. 1 root root 1704 Mar 2 19:57 httpd.key
6、[root@centos7 https]#scp -r /data/https/ 192.168.141.200:/etc/httpd/conf.d/ssl
7、[root@centos7 conf.d]#vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
8、[root@centos7 data]#vim /etc/hosts --> 192.1681.141.200 www.a.com
9、此时需要在 [root@centos7 conf.d]#vim /etc/httpd/conf.d/ssl.conf中填入:
SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.crt
10、在Windows上的c:\windows\system\deriver\hosts修改“192.168.141.200 www.a.com”
此时即可访问https://www.a.com 弹出页面即成功。 我没有做成功,日后再做!!
http重定向https
重定向 Redirect [status] URL-path URL
status状态:1、Permanent: 返回永久重定向状态码 301 2、Temp:返回临时重定向状态码302. 此为默认值
[root@centos7 conf.d]#vim /etc/httpd/conf.d/test.conf
Redirect / http://www.baidu.com (如果访问根目录就会跳转到百度) 效果如下: 重定向前:
重定向跳转后:它跳转2次,先跳到不加密的百度网站,后跳转到https的网站
同样的,在centos6上加"-L"也可看百度:[root@centos6 ~]#curl -L http://192.168.141.200/
<!DOCTYPE html>
<!--STATUS OK--><html> <head><meta http-equiv=content-type content=text/html;charset=utf-8><meta http-equiv=X-UA-Compatible content=IE=Edge><meta content=always name=referrer><link rel=stylesheet type=text/css href=http://s1.bdstatic.com/r/www/cache/bdorz/baidu.min.css><title>百度一下,你就知道</title></head> <body
反向代理功能:
启用反向代理: ProxyPass "/" "http://www.example.com/" ProxyPa**everse "/" "http://www.example.com/"
反向代理实验:253做服务器,200做反向代理,150做客户端
[root@centos6 html]#vim /var/www/html/index.html
192.168.141.253
[root@centos6 html]#service httpd restart
[root@centos6 html]#ss -ntl
LISTEN 0 128 :::80 :::
[root@centos6 html]#curl 192.168.141.253
192.168.141.253
[root@centos7 ~]#vim /etc/httpd/conf.d/test.conf
ProxyPass "/" "http://192.168.141.253/"
ProxyPa***everse "/" "http://192.168.141.253/" 没有重启服务之前
[root@centos7 ~]#curl 192.168.141.200
<html>
<head>
<title>html语言</title>
</head>
<body>
<img src="http://www.magedu.com/wp-content/uploads/2017/09/logo.png" >
你好
<p><a rel="nofollow" href=http://www.magedu.com>马哥教育</a>欢迎你</p>
</body>
</html>
[root@centos7 ~]#systemctl restart httpd 将centos7保存重启后:
[root@centos7 ~]#curl 192.168.141.200
192.168.141.253
此时的253还认为是200在访问它,其实是150在访问它。(真正做到的多台主机一起并发做到后端转发,用Nginx )
sendfile:
硬盘 >> kernel buffer >> user buffer >> kernel socket buffer >> 协议栈
一般网络应用通过读硬盘数据,写数据到 socket 来完成网络传输,底层执行过程:
1 系统调用 read() 产生一个上下文切换:从 user mode 切换到 kernel mode,然后DMA 执行拷贝,把文件数据从硬盘读到一个 kernel buffer 里。
2 数据从 kernel buffer 拷贝到 user buffer,然后系统调用 read() 返回,这时又产生一个上下文切换:从kernel mode 切换到 user mode
3 系统调用 write() 产生一个上下文切换:从 user mode 切换到 kernel mode,然后把步骤2读到 user buffer 的数据拷贝到 kernel buffer(数据第2次拷贝到 kernel buffer),不过这次是个不同的 kernel buffer,这个 buffer和 socket 相关联。
4 系统调用 write() 返回,产生一个上下文切换:从 kernel mode 切换到 user mode(第4次切换),然后DMA从 kernel buffer 拷贝数据到协议栈(第4次拷贝)
上面4个步骤有4次上下文切换,有4次拷贝,如能减少切换次数和拷贝次数将会有效提升性能
在kernel 2.0+ 版本中,系统调用 sendfile() 就是用来简化上面步骤提升性能的。
sendfile() 不但能减少切换次数而且还能减少拷贝次数
用 sendfile() 来进行网络传输的过程:
sendfile(socket, file, len);
硬盘 >> kernel buffer (快速拷贝到kernel socket buffer) >> 协议栈
1 系统调用 sendfile() 通过 DMA 把硬盘数据拷贝到 kernel buffer,然后数据被
kernel 直接拷贝到另外一个与 socket 相关的 kernel buffer。这里没有 user
mode 和 kernel mode 之间的切换,在 kernel 中直接完成了从一个 buffer 到另一个 buffer 的拷贝
2 DMA 把数据从 kernel buffer 直接拷贝给协议栈,没有切换,也不需要数据从
user mode 拷贝到 kernel mode,因为数据就在 kernel 里
