Presentation (PPT)
- 1. Basics of the HTTP Protocol and Apache Web Server Brandon Checketts
- 2. At first there was HTTP 0.9 This is as simple as it can get GET http://www.somedomain.com/hello.txt Hello Created by Tim Berners-Lee in 1989(?) The 0.9 version number was actually created after the 1.0 spec
- 3. HTTP 1.0 The first really practical revision of the HTTP protocol HTTP Request Headers and Response Headers Simple caching Authentication Content-Type Sending data via POST HTTP Status codes (200, 404, etc)
- 4. HTTP 1.1 (in use today) Includes everything from HTTP 1.0 Host header is required Defines more status codes, more request methods Much more flexible caching available Digest Authentication
- 5. Sample HTTP Request / Response GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK X-TR: 1 Date: Thu, 15 Oct 2009 17:50:12 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com Server: gws X-XSS-Protection: 0 Content-Length: 9256
- 6. Headers of Interest Referer Says which page referred you to the current URL Note the misspelling Used in Analytics to provide a lot of useful metrics User Agent Specifies OS and Browser (often faked) Cookie / Set-Cookie (more on this later)
- 7. HTTP Cookies Cookies are generally good! They provide some incredibly useful functionality. Server sends a Set-Cookie Client sends back a Cookie Demonstrate a cookie http://web01.roundsphere.com/cookie_test.php http://web01.roundsphere.com/cookie_test.php?set= 123 Be careful what you put in a cookie! Don’t store user ID’s, authentication credentials, etc
- 8. Using Cookies to create sessions Without cookies, all HTTP requests are completely independent Cookies allow the server to add some persistence to multiple requests and create a session Most programming languages have some built-in support for sessions. (PHPSESSID, JSESSIONID, etc) Session information can be stored in file system, database, memcache, etc. Don’t pass Session ID through GET requests Demo some simple session examples: http://web01.roundsphere.com/session_test.php http://web01.roundsphere.com/session_test.php?add http://web01.roundsphere.com/session_test.php?reset
- 10. Apache Web Server Apache is the most popular web server Wikipedia says it powers 55% of all websites and 66% of the biggest websites Derived from patches to NCSA httpd … ‘A Patchy’ Server Modules provide a lot of extra functionality Some people complain that the modules add a lot of bloat High Performance, very configurable, easily available. Virtual Hosts allow granular control of almost everything Hundreds and thousands of virtual hosts per physical host Worker (multi-threaded) versus Prefork (separate processes) Version 2.2 is in wide use today
- 11. Sample Apache VirtualHost Config NameVirtualHost 76.74.250.21:80 <VirtualHost 76.74.250.21:80> ServerName mydomain.com ServerAlias www.mydomain.com *.mydomain.com DocumentRoot /home/mydomain.com/www CustomLog /home/mydomain.com/logs/access_log combined CustomLog /home/mydomain.com/logs/deflate_log deflate ErrorLog /home/mydomain.com/logs/error_log ScriptAlias /cgi-bin/ /home/mydomain.com/cgi-bin/ php_admin_flag engine on php_admin_value open_basedir "/home/mydomain.com/" RewriteEngine On </VirtualHost>
- 12. Apache Modules Authentication (mod_auth_*) Via MySQL (multiple applications single password database) http://www.brandonchecketts.com/webpasswd.demo/ Proxying (HTTP, AJP, load balancing) Programs (mod_php, mod_python, mod_perl, passenger) SSL URL rewriting (mod_rewrite) CGI and Fast-CGI, SCGI WebDav SVN Practically anything … .mod_security…
- 13. Apache Proxying Load Balancing <Proxy balancer://mycluster> BalancerMember http://192.168.1.50:80 BalancerMember http://192.168.1.51:80 </Proxy> ProxyPass /test balancer://mycluster/ Proxying Tomcat ProxyPass /myapp ajp://127.0.0.1:8009/myapp/ ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp/
- 14. mod_rewrite Used to create ‘pretty’ url’s RewriteRule (.*).html /realpage.php?name=$1 Redirect any non-existant request to some page: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
- 15. Useful Apache Tricks /server-status/ http://sb1.roundsphere.com/server-status/ apachectl –t –D DUMP_VHOSTS Shows all of the virtual hosts configured Debian style setup with a2ensite, a2enmod Symlinks to enable/disable sites and modules Documentation is very good http://httpd.apache.org/docs/2.2