Upload
webhostingguy
View
5
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Basics of the Basics of the HTTP Protocol and HTTP Protocol and Apache Web ServerApache Web Server
Brandon CheckettsBrandon Checketts
At first there was HTTP At first there was HTTP 0.90.9
This is as simple as it can getThis is as simple as it can get
GET http://www.somedomain.com/hello.txtGET http://www.somedomain.com/hello.txt
HelloHello
Created by Tim Berners-Lee in 1989(?)Created by Tim Berners-Lee in 1989(?) The 0.9 version number was actually created after the 1.0 The 0.9 version number was actually created after the 1.0
specspec
HTTP 1.0HTTP 1.0
The first really practical revision of The first really practical revision of the HTTP protocolthe HTTP protocol
HTTP Request Headers and HTTP Request Headers and Response HeadersResponse Headers
Simple cachingSimple caching AuthenticationAuthentication Content-TypeContent-Type Sending data via POSTSending data via POST HTTP Status codes (200, 404, etc)HTTP Status codes (200, 404, etc)
HTTP 1.1 (in use today)HTTP 1.1 (in use today)
Includes everything from HTTP 1.0Includes everything from HTTP 1.0 Host header is requiredHost header is required Defines more status codes, more Defines more status codes, more
request methodsrequest methods Much more flexible caching Much more flexible caching
availableavailable Digest AuthenticationDigest Authentication
Sample HTTP Request / Sample HTTP Request / ResponseResponse
GET / HTTP/1.1GET / HTTP/1.1Host: www.google.comHost: www.google.comUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3Accept: Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-us,en;q=0.5Accept-Language: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Encoding: gzip,deflateAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Keep-Alive: 300Connection: keep-aliveConnection: keep-alive
HTTP/1.x 200 OKHTTP/1.x 200 OKX-TR: 1X-TR: 1Date: Thu, 15 Oct 2009 17:50:12 GMTDate: Thu, 15 Oct 2009 17:50:12 GMTExpires: -1Expires: -1Cache-Control: private, max-age=0Cache-Control: private, max-age=0Content-Type: text/html; charset=UTF-8Content-Type: text/html; charset=UTF-8Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/;
domain=www.google.comdomain=www.google.comSet-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/;
domain=.google.comdomain=.google.comServer: gwsServer: gwsX-XSS-Protection: 0X-XSS-Protection: 0Content-Length: 9256Content-Length: 9256
Headers of InterestHeaders of Interest
RefererReferer Says which page referred you to the Says which page referred you to the
current URLcurrent URL Note the misspellingNote the misspelling Used in Analytics to provide a lot of useful Used in Analytics to provide a lot of useful
metricsmetrics User AgentUser Agent
Specifies OS and Browser (often faked)Specifies OS and Browser (often faked) Cookie / Set-Cookie (more on this later)Cookie / Set-Cookie (more on this later)
HTTP CookiesHTTP Cookies
Cookies are generally good! They provide Cookies are generally good! They provide some incredibly useful functionality.some incredibly useful functionality. Server sends a Set-CookieServer sends a Set-Cookie Client sends back a CookieClient sends back a Cookie
Demonstrate a cookieDemonstrate a cookie http://web01.roundsphere.com/cookie_test.phphttp://web01.roundsphere.com/cookie_test.php http://web01.roundsphere.com/cookie_test.php?sehttp://web01.roundsphere.com/cookie_test.php?se
t=t=123123
Be careful what you put in a cookie!Be careful what you put in a cookie! Don’t store user ID’s, authentication credentials, Don’t store user ID’s, authentication credentials,
etcetc
Using Cookies to create Using Cookies to create sessionssessions
Without cookies, all HTTP requests are completely Without cookies, all HTTP requests are completely independentindependent
Cookies allow the server to add some persistence to Cookies allow the server to add some persistence to multiple requests and create a sessionmultiple requests and create a session
Most programming languages have some built-in Most programming languages have some built-in support for sessions. (PHPSESSID, JSESSIONID, etc)support for sessions. (PHPSESSID, JSESSIONID, etc)
Session information can be stored in file system, Session information can be stored in file system, database, memcache, etc.database, memcache, etc.
Don’t pass Session ID through GET requests Don’t pass Session ID through GET requests Demo some simple session examples:Demo some simple session examples:
http://web01.roundsphere.com/session_test.phphttp://web01.roundsphere.com/session_test.php http://web01.roundsphere.com/session_test.php?addhttp://web01.roundsphere.com/session_test.php?add http://web01.roundsphere.com/session_test.php?resethttp://web01.roundsphere.com/session_test.php?reset
ApacheApache
Apache Web ServerApache Web Server Apache is the most popular web server Apache is the most popular web server Wikipedia says it powers 55% of all websites and 66% of Wikipedia says it powers 55% of all websites and 66% of
the biggest websitesthe biggest websites Derived from patches to NCSA httpd … ‘A Patchy’ ServerDerived from patches to NCSA httpd … ‘A Patchy’ Server Modules provide a lot of extra functionalityModules provide a lot of extra functionality
Some people complain that the modules add a lot of bloatSome people complain that the modules add a lot of bloat High Performance, very configurable, easily available.High Performance, very configurable, easily available. Virtual Hosts allow granular control of almost everythingVirtual Hosts allow granular control of almost everything
Hundreds and thousands of virtual hosts per physical hostHundreds and thousands of virtual hosts per physical host Worker (multi-threaded) versus Prefork (separate Worker (multi-threaded) versus Prefork (separate
processes)processes) Version 2.2 is in wide use todayVersion 2.2 is in wide use today
Sample Apache VirtualHost Sample Apache VirtualHost ConfigConfig
NameVirtualHost 76.74.250.21:80NameVirtualHost 76.74.250.21:80<VirtualHost 76.74.250.21:80><VirtualHost 76.74.250.21:80> ServerName mydomain.comServerName mydomain.com ServerAlias www.mydomain.com *.mydomain.comServerAlias www.mydomain.com *.mydomain.com
DocumentRoot /home/mydomain.com/wwwDocumentRoot /home/mydomain.com/www CustomLog /home/mydomain.com/logs/access_log combinedCustomLog /home/mydomain.com/logs/access_log combined CustomLog /home/mydomain.com/logs/deflate_log deflateCustomLog /home/mydomain.com/logs/deflate_log deflate ErrorLog /home/mydomain.com/logs/error_logErrorLog /home/mydomain.com/logs/error_log ScriptAlias /cgi-bin/ /home/mydomain.com/cgi-bin/ScriptAlias /cgi-bin/ /home/mydomain.com/cgi-bin/
php_admin_flag engine onphp_admin_flag engine on php_admin_value open_basedir "/home/mydomain.com/"php_admin_value open_basedir "/home/mydomain.com/"
RewriteEngine OnRewriteEngine On</VirtualHost></VirtualHost>
Apache ModulesApache Modules Authentication Authentication (mod_auth_*)(mod_auth_*)
Via MySQL (multiple applications single password Via MySQL (multiple applications single password database)database)
http://www.brandonchecketts.com/webpasswd.demo/http://www.brandonchecketts.com/webpasswd.demo/ Proxying (HTTP, AJP, load balancing)Proxying (HTTP, AJP, load balancing) Programs (mod_php, mod_python, mod_perl, Programs (mod_php, mod_python, mod_perl,
passenger)passenger) SSLSSL URL rewriting (mod_rewrite)URL rewriting (mod_rewrite) CGI and Fast-CGI, SCGICGI and Fast-CGI, SCGI WebDavWebDav SVNSVN Practically anythingPractically anything …….mod_security….mod_security…
Apache ProxyingApache Proxying Load BalancingLoad Balancing <Proxy balancer://mycluster><Proxy balancer://mycluster> BalancerMember http://192.168.1.50:80 BalancerMember http://192.168.1.50:80 BalancerMember http://192.168.1.51:80 BalancerMember http://192.168.1.51:80
</Proxy></Proxy> ProxyPass /test balancer://mycluster/ ProxyPass /test balancer://mycluster/
Proxying TomcatProxying Tomcat ProxyPass /myapp ajp://127.0.0.1:8009/myapp/ProxyPass /myapp ajp://127.0.0.1:8009/myapp/
ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp/ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp/
mod_rewritemod_rewrite
Used to create ‘pretty’ url’sUsed to create ‘pretty’ url’sRewriteRule (.*).html /realpage.php?name=$1RewriteRule (.*).html /realpage.php?name=$1
Redirect any non-existant request to Redirect any non-existant request to some page:some page:
RewriteEngine OnRewriteEngine On
RewriteBase /RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-dRewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]RewriteRule . /index.php [L]
Useful Apache TricksUseful Apache Tricks
/server-status//server-status/ http://sb1.roundsphere.com/server-status/http://sb1.roundsphere.com/server-status/
apachectl –t –D DUMP_VHOSTSapachectl –t –D DUMP_VHOSTS Shows all of the virtual hosts configuredShows all of the virtual hosts configured
Debian style setup with a2ensite, Debian style setup with a2ensite, a2enmoda2enmod Symlinks to enable/disable sites and modulesSymlinks to enable/disable sites and modules
Documentation is very goodDocumentation is very good http://httpd.apache.org/docs/2.2http://httpd.apache.org/docs/2.2
Apache AlternativesApache Alternatives
Nginx (Engine X)Nginx (Engine X) Supposed to be very good at proxyingSupposed to be very good at proxying
Lighttpd (Lighty)Lighttpd (Lighty)