第十二周作业

栏目: 服务器 · Apache · 发布时间: 6年前

内容简介:第十二周作业

1、 请描述一次完整的http请求处理过程;

HTTP:超文本传输协议

完整的 http请求过程

1)、建立TCP/IP连接:经过3次握手,建立连接或拒绝。

2)、浏览器向服务器发送HTTP请求。

3)、浏览器发送请求头信息。

4)、服务器应答:服务器接受请求后,会回送应答。

5)、服务器发送应答头信息。

6)、服务器向浏览器发送数据。

7)、服务器关闭TCP连接。

2、httpd所支持的处理模型有哪些,他们的分别使用于哪些环境。

1)prefork :多进程模型,每个进程响应一个请求;一个主进程负责生成n个子进程,子进程也成为工作进程,每个子进程处理一个用户请求;即便没有用户请求,也会预先生成多个空闲进程,随时等待请求到达;最大不会超过1024个;

优点:成熟稳定,兼容所有新老模块。

缺点:一个进程相对占用更多的系统资源,消耗更多的内存。而且,它并不擅长处理高并发请求,理论上不会超过1024个,在大并发场景下,它会将请求放进队列中,一直等到有可用进程,请求才会被处理。

      2)worker :多线程模型,每个线程响应一个请求;一个主进程生成多个子进程,每个子进程负责生成多个线程,每个线程响应一个请求;如有m个进程,每个进程有n个线程,则可处理的请求个数为:m*n

优点:占据更少的内存,高并发下表现更优秀。

缺点:

(1)线程的管理要比进程复杂得多。线程之间很多资源是共享的,所以它没有prefork模型那种一个进程服务一个服务请求那么安全稳定;

(2)worker是一个线程服务一个请求,在请求没有完成之前,该线程是与它服务的请求绑定的。worker需要大量的创建进程生成线程,销毁线程,杀死进程的过程;

(3)由于 linux 不是真线程的操作系统,所以worker在linux上的表现与prefork相比并没有明显优势。

3) e vent :事件驱动模型,是基于信号驱动I/O 通知机制,每个线程响应n个请求;

优点:并发能力强,并且解决了worker模型下由于线程与请求绑定而导致的线程资源浪费的问题;

缺点:2.4之前的版本仅为测试用,只有2.4之后event才可在生产使用。

3、 源码编译安装LAMP环境(基于wordpress程序),并写出详细的安装、配置、测试过程。

系统环境:CentOS7 

编译安装Maridb

1、解压到/usr/local目录下,并创建连接

[root@CentOS7 ~]# tar xf mariadb-5.5.46-linux-x86_64.tar.gz -C /usr/local/

[root@CentOS7 ~]# cd /usr/local

[root@CentOS7 local]# ln -sv mariadb-5.5.46-linux-x86_64/ mysql

“mysql” -> “mariadb-5.5.46-linux-x86_64/”

2、创建用户组mysql,修改目录/usr/local/mysql权限

[root@CentOS7 local]# cd mysql

[root@CentOS7 mysql]# chown -R root.mysql ./*

3、创建数据目录并修改权限

[root@CentOS7 /]# mkdir -p /mydata/data

[root@CentOS7 /]# chown -R mysql.mysql /mydata/data

4、创建配置文件

[root@CentOS7 mysql]# cp support-files/my-large.cnf /etc/my.cnf

[root@CentOS7 support-files]# vim /etc/my.cnf

[mysqld]

datadir = /mydata/data

innodb_file_per_table = ON

skip_name_resolve = O N

5、创建启动脚本

[root@CentOS7 support-files]# cp mysql.server /etc/rc.d/init.d/mysqld

[root@CentOS7 support-files]# chmod +x /etc/rc.d/init.d/mysqld

6、初始化数据库

[root@CentOS7 support-files]# cd /usr//local/mysql/

[root@CentOS7 mysql]# scripts/mysql_install_db –user=mysql –datadir=/mydata/data

7、启动数据库

[root@CentOS7 mysql]# /etc/init.d/mysqld start

Starting MySQL SUCCESS!

编译安装Apache

依赖的开发环境:Development Tools 和 Server Platform Development

依赖的包:pcre-devel arp-devel apr-util-devel openssl-devel

注:

CentOS6还依赖:

Apr1.4+和apr-util-1.4+以上的版本

1、安装所需包

[root@CentOS7 ~]# yum groupinstall “Development Tools”  “Server Platform Development” -y

[root@CentOS7 ~]# yum install arp-devel apr-util-devel openssl-devel pcre-devel

2、编译安装Apache

[root@CentOS7 ~]# tar xf httpd-2.4.9.tar.bz2

[root@CentOS7 ~]# cd httpd-2.4.9/

[root@CentOS7 httpd-2.4.9]# ./configure –prefix=/usr/local/apache –sysconfdir=/etc/httpd –enable-so –enable-ssl –enable-cgi –enable-rewrite –enable-zlib –with-pcre –with-apr=/usr –with-apr-util=/usr  –enable-modules=most –enable-mpms-shared=all –with-mpm=prefork

[root@CentOS7 httpd-2.4.9]# make -j 2 && make install

3、修改环境变量

[root@CentOS7 httpd-2.4.9]#  vim /etc/profile.d/httpd.sh

export PATH=/usr/local/apache/bin:$PATH

[root@CentOS7 httpd-2.4.9]# . /etc/profile.d/httpd.sh

4、启动httpd服务

注:出现以下错误。修改 /etc/httpd/ httpd.conf文件。

ServerName www.example.com:80 取消注释,使其生效

[root@CentOS7 httpd-2.4.9]# apachectl start

AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 180.168.41.175. Set the ‘ServerName’ directive globally to suppress this message

编译安装php

1、安装依赖包

[root@CentOS7 ~]#yum install libxml2-devel libmcrypt-devel bzip2-devel

2、编译安装php

[root@CentOS7 ~]# tar xf php-5.4.26.tar.bz2 

[root@CentOS7 ~]# cd php-5.4.26

[root@CentOS7 php-5.4.26]# ./configure –prefix=/usr/local/php –with-mysql=/usr/local/mysql –with-openssl –with-mysqli=/usr/local/mysql/bin/mysql_config –enable-mbstring –with-png-dir –with-jpeg-dir –with-freetype-dir –with-zlib –with-libxml-dir=/usr –enable-xml –enable-sockets –with-apxs2=/usr/local/apache/bin/apxs –with-mcrypt –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-bz2

[root@CentOS7 php-5.4.26]# make -j 4 && make install

3、修改httpd配置文件,添加支持php

[root@CentOS7 httpd]# vim httpd.conf

252 <IfModule dir_module>

253     DirectoryIndex  index.php  index.html

254 </IfModule>

382     AddType application/x-httpd-php .php

4、创建 php 配置文件

[root@CentOS7 php-5.4.26]# cp php.ini-production /etc/php.ini

5、建立php测试文档,并重启Apache服务

[root@CentOS7 php-5.4.26]# vim /usr/local/apache/htdocs/index.php

this is php test.

<?php

phpinfo();

?>

[root@CentOS7 php-5.4.26]# apachectl restart

第十二周作业

6、测试php与mariadb的联动

[root@CentOS7 httpd-2.4.9]# vim /usr/local/apache/htdocs/index.php

<?php

$conn = mysql_connect(‘127.0.0.1′,’root’,”);

if ($conn)

echo “OK”;

else

echo “Failure”;

?>

第十二周作业

安装wordpress

[root@CentOS7 wordpress]# cp wordpress-4.7.4-zh_CN.zip /usr/local/apache/htdocs/

1、数据库中创建用户

[root@CentOS7 wordpress]# mysql

MariaDB [(none)]> CREATE DATABASE wpdb;

MariaDB [(none)]> GRANT ALL ON wpdb.* TO wpuser@’172.16.%.%’ IDENTIFIED BY ‘wppass’;

MariaDB [(none)]> FLUSH PRIVILEGES;

2、将WordPress安装解压到主页目录下/usr/local/apache/htdocs/

root@CentOS7 wordpress]# cp wordpress-4.7.4-zh_CN.zip /usr/local/apache/htdocs/

[root@CentOS7 wordpress]# cd /usr/local/apache/htdocs/

[root@CentOS7 wordpress]# unzip wordpress-4.7.4-zh_CN.zip

3、修改WordPress配置文件

[root@CentOS7 wordpress]# cd wordpress/

[root@CentOS7 wordpress]# cp wp-config-sample.php wp-config.php

[root@CentOS7 wordpress]# vim wp-config.php

/** MySQL数据库用户名 */

define(‘DB_USER’, ‘wpuser’);

/** MySQL数据库密码 */

define(‘DB_PASSWORD’, ‘wppass’);

/** MySQL主机 */

define(‘DB_HOST’, ‘192.168.0.108’);

[root@CentOS7 wordpress]# apachectl restart

5、通过页面进行安装

第十二周作业

第十二周作业

4、建立httpd服务器(基于编译的方式进行),要求:

提供两个基于名称的虚拟主机:

(a)www1.stuX.com,页面文件目录为/web/vhosts/www1;错误日志为/var/log/httpd/www1.err,访问日志为/var/log/httpd/www1.access;

(b)www2.stuX.com,页面文件目录为/web/vhosts/www2;错误日志为/var/log/httpd/www2.err,访问日志为/var/log/httpd/www2.access;

(c)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主机名;

(d)通过www1.stuX.com/server-status输出httpd工作状态相关信息,且只允许提供帐号密码才能访问(status:status);

1、创建目录与文件

[root@CentOS7 ~]# mkdir -p /web/vhosts/www1

[root@CentOS7 ~]# mkdir -p /var/log/httpd

[root@CentOS7 ~]# mkdir -p /web/vhosts/www2

[root@CentOS7~]#echo”www1.stuX.com” >/web/vhosts/www1/index.html

[root@CentOS7~]#echo”www2.stuX.com” >/web/vhosts/www2/index.htm

2、在/etc/httpd/extra/目录下创建配置文件

[root@CentOS7 extra]# vim /etc/httpd/extra/vhost.conf

<VirtualHost *:80>

ServerName www1.stuX.com

DocumentRoot “/web/vhosts/www1”

<Directory “/web/vhosts/www1”>

Options None

AllowOverride None

Require all granted

</Directory>

ErrorLog “/var/log/httpd/www1.err”

CustomLog “/var/log/httpd/www1.access” common

#启动server-status页面并限制用户访问

<Location /server-status>

SetHandler server-status

AuthType Basic

AuthName “Admin Realm,show something”

AuthUserFile “/etc/httpd/.htpasswd”

Require user tom

</Location>

</VirtualHost>

<VirtualHost *:80>

ServerName www2.stuX.com

DocumentRoot “/web/vhosts/www2”

<Directory “/web/vhosts/www2”>

Options None

AllowOverride None

Require all granted

</Directory>

ErrorLog “/var/log/httpd/www2.err”

CustomLog “/var/log/httpd/www2.access” common

</VirtualHost>                                               

3、创建可查看状态页的用户

[root@CentOS7 extra]# htpasswd -c -m /etc/httpd/.htpasswd tom

New password: 

Re-type new password: 

Adding password for user tom

4、修改httpd的主配置文件,导入创建的文件

[root@CentOS7 httpd]# vim /etc/httpd/httpd.conf

Include /etc/httpd/extra/vhost.conf

5、修改hosts文件,重启Apache服务

[root@CentOS7 httpd]# vim  /etc/hosts

192.168.0.109 www1.stuX.com www2.stuX.com

[root@CentOS7 httpd]# apachectl restart

6、测试

第十二周作业

第十二周作业

5、为第4题中的第2个虚拟主机提供https服务,使得用户可以通过https安全的访问此web站点;

(1)要求使用证书认证,证书中要求使用的国家(CN)、州(HA)、城市(ZZ)和组织(MageEdu);

(2)设置部门为Ops,主机名为www2.stuX.com,邮件为admin@stuX.com;

环境:

Web服务器:192.168.0.109  CentOS7

CA主机:192.168.0.110   CentOS7

在CA主机

1、CA主机创建自签证书

[root@CentOS7 ~]# cd /etc/pki/CA

[root@CentOS7 CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)

Generating RSA private key, 2048 bit long modulus

………………………………………………………………………………..+++

……………………………………………………………………………………………………………………………………………………+++

e is 65537 (0x10001)

[root@CentOS7 CA]# openssl req -new -x509 -key private/cakeynew.pem -out cacert.pem -days 365

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HA

Locality Name (eg, city) [Default City]:ZZ

Organization Name (eg, company) [Default Company Ltd]:MageEdu

Organizational Unit Name (eg, section) []:Ops

Common Name (eg, your name or your server’s hostname) []:www2.stuX.com

Email Address []:admin@stuX.com

[root@CentOS7 CA]# touch serial index.txt

[root@CentOS7 CA]# echo 01 > serial

Web服务器上

2、服务器生成证书请求,并发给CA主机

[root@CentOS7 extra]# cd /etc/httpd/

[root@CentOS7 httpd]# mkdir ssl

[root@CentOS7 httpd]# cd ssl

[root@CentOS7 ssl]# (umask 077 ;openssl genrsa -out httpd.key 1024)

Generating RSA private key, 1024 bit long modulus

.++++++

………..++++++

e is 65537 (0x10001)

[root@CentOS7 ssl]# openssl req -new -key httpd.key -out httpd.csr -days 365

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:HA

Locality Name (eg, city) [Default City]:ZZ

Organization Name (eg, company) [Default Company Ltd]:MageEdu

Organizational Unit Name (eg, section) []:Ops

Common Name (eg, your name or your server’s hostname) []:www2.stu2.com

Email Address []:admin@stu2.com

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@CentOS7 ssl]# scp httpd.csr root@192.168.0.110:/tmp

The authenticity of host ‘192.168.0.110 (192.168.0.110)’ can’t be established.

ECDSA key fingerprint is b6:53:54:63:50:3c:99:f3:5c:f1:94:da:60:29:50:b9.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘192.168.0.110’ (ECDSA) to the list of known hosts.

root@192.168.0.110’s password: 

httpd.csr                                   

注:scp出现报错,使用ssh-keygen -R 主机IP

[root@CentOS7 ssl]# scp httpd.csr root@192.168.0.110:/tmp

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

58:f2:c5:cf:d2:90:7d:4f:a0:1f:a8:e0:ee:6d:d6:41.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending RSA key in /root/.ssh/known_hosts:1

RSA host key for 192.168.0.110 has changed and you have requested strict checking.

Host key verification failed.

lost connection

[root@CentOS7 ssl]# ssh-keygen -R 192.168.0.110

3、CA主机签署,并发送

[root@CentOS7 CA]# openssl ca -in /tmp/httpd.csr -out certs/httpdnew.crt -days 365

Using configuration from /etc/pki/tls/openssl.cnf

Check that the request matches the signature

Signature ok

Certificate Details:

Serial Number: 1 (0x1)

Validity

Not Before: May 15 06:16:31 2017 GMT

Not After : May 15 06:16:31 2018 GMT

Subject:

countryName               = CN

stateOrProvinceName       = HA

organizationName          = MageEdu

organizationalUnitName    = Ops

commonName                = www2.stu2.com

emailAddress              = admin@stu2.com

X509v3 extensions:

X509v3 Basic Constraints: 

CA:FALSE

Netscape Comment: 

OpenSSL Generated Certificate

X509v3 Subject Key Identifier: 

DD:5E:C4:8E:48:6C:EF:14:A0:EF:1F:80:2A:AF:CC:00:97:C8:23:1E

X509v3 Authority Key Identifier: 

keyid:18:C2:6D:B5:63:A4:9C:A0:33:08:79:D1:02:62:37:92:51:D3:EF:09

[root@CentOS7 CA]# scp certs/httpdnew.crt root@192.168.0.109:/etc/httpd/ssl/

[root@CentOS7 ssl]# ls

httpd.csr  httpd.key  httpdnew.crt

4、服务器安装mod_ssl模块

[root@CentOS7 ssl]# yum -y install mod_ssl

5、修改配置文件

[root@CentOS7 extra]# vim /etc/httpd/conf.d/httpd-ssl.conf

DocumentRoot “/web/vhosts/www2”

SSLCertificateFile “/etc/httpd/ssl/httpdnew.crt”

SSLCertificateKeyFile “/etc/httpd/ssl/httpd.key”

[root@CentOS7 httpd]# vim httpd.conf

LoadModule slotmem_shm_module modules/mod_slotmem_shm.so

LoadModule ssl_module modules/mod_ssl.so

6、重启服务

[root@CentOS7 httpd]# systemtl restart httpd.service

6、在LAMP架构中,请分别以php编译成httpd模块形式和php以fpm工作为独立守护进程的方式来支持httpd,列出详细的过程。

本例只有php-fpm的相关配置,其他见第三题。

1、安装httpd 、mariadb.server 、php-fpm 、php-mysql

[root@CentOS7 ~]# yum install -y httpd mariadb.server php-fpm php-mysql

2、修改php-fpm的配置文件

[root@CentOS7 ~]# vim /etc/php-fpm.d/www.conf

listen = 0.0.0.0:9000

3、创建fcgi的配置文件

[root@CentOS7 ~]# vim /etc/httpd/conf.d/fcgi.conf

DirectoryIndex index.php  设置主页

ProxyRequests off  关闭正向代理

ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1

.php后 缀的URL请求转发给php-fpm

4、开启php-fpm与httpd服务

[root@CentOS7 ~]# systemctl start httpd.service    

[root@CentOS7 ~]# systemctl start php-fpm.service      

5 、测试      

第十二周作业


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Web缓存

Web缓存

Duane Wessels / 清华大学 / 2002-11 / 99.00元

When I first sta一起来看看 《Web缓存》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

在线进制转换器
在线进制转换器

各进制数互转换器

图片转BASE64编码
图片转BASE64编码

在线图片转Base64编码工具