SlideShare a Scribd company logo

Presentation (PPT)

Download as PPT, PDF
W
webhostingguy

The document summarizes the basics of HTTP protocols and the Apache web server. It discusses the evolution of HTTP from versions 0.9 to 1.1 and key aspects of each version. It then provides an overview of the Apache web server, describing its popularity, module-based architecture, and common configurations like virtual hosts.

Related slideshows

High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web Sites
 
Squidinstallation
SquidinstallationSquidinstallation
Squidinstallation
 
instaling
instalinginstaling
instaling
 
1 of 16
Basics of the HTTP Protocol and Apache Web Server Brandon Checketts
At first there was HTTP 0.9 This is as simple as it can get GET http://www.somedomain.com/hello.txt Hello Created by Tim Berners-Lee in 1989(?) The 0.9 version number was actually created after the 1.0 spec
HTTP 1.0 The first really practical revision of the HTTP protocol HTTP Request Headers and Response Headers Simple caching Authentication Content-Type Sending data via POST HTTP Status codes (200, 404, etc)
HTTP 1.1 (in use today) Includes everything from HTTP 1.0 Host header is required Defines more status codes, more request methods Much more flexible caching available Digest Authentication
Sample HTTP Request / Response GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK X-TR: 1 Date: Thu, 15 Oct 2009 17:50:12 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com Server: gws X-XSS-Protection: 0 Content-Length: 9256
Headers of Interest Referer Says which page referred you to the current URL Note the misspelling Used in Analytics to provide a lot of useful metrics User Agent Specifies OS and Browser (often faked) Cookie / Set-Cookie (more on this later)
HTTP Cookies Cookies are generally good! They provide some incredibly useful functionality. Server sends a Set-Cookie Client sends back a Cookie Demonstrate a cookie http://web01.roundsphere.com/cookie_test.php http://web01.roundsphere.com/cookie_test.php?set= 123 Be careful what you put in a cookie! Don’t store user ID’s, authentication credentials, etc
Using Cookies to create sessions Without cookies, all HTTP requests are completely independent Cookies allow the server to add some persistence to multiple requests and create a session Most programming languages have some built-in support for sessions. (PHPSESSID, JSESSIONID, etc) Session information can be stored in file system, database, memcache, etc. Don’t pass Session ID through GET requests Demo some simple session examples: http://web01.roundsphere.com/session_test.php http://web01.roundsphere.com/session_test.php?add http://web01.roundsphere.com/session_test.php?reset
Apache
Apache Web Server Apache is the most popular web server Wikipedia says it powers 55% of all websites and 66% of the biggest websites Derived from patches to NCSA httpd … ‘A Patchy’ Server Modules provide a lot of extra functionality Some people complain that the modules add a lot of bloat High Performance, very configurable, easily available. Virtual Hosts allow granular control of almost everything Hundreds and thousands of virtual hosts per physical host Worker (multi-threaded) versus Prefork (separate processes) Version 2.2 is in wide use today
Sample Apache VirtualHost Config NameVirtualHost 76.74.250.21:80 <VirtualHost 76.74.250.21:80> ServerName mydomain.com ServerAlias www.mydomain.com *.mydomain.com DocumentRoot /home/mydomain.com/www CustomLog /home/mydomain.com/logs/access_log combined CustomLog /home/mydomain.com/logs/deflate_log deflate ErrorLog /home/mydomain.com/logs/error_log ScriptAlias /cgi-bin/ /home/mydomain.com/cgi-bin/ php_admin_flag engine on php_admin_value open_basedir &quot;/home/mydomain.com/&quot; RewriteEngine On </VirtualHost>
Apache Modules Authentication (mod_auth_*) Via MySQL (multiple applications single password database) http://www.brandonchecketts.com/webpasswd.demo/ Proxying (HTTP, AJP, load balancing) Programs (mod_php, mod_python, mod_perl, passenger) SSL URL rewriting (mod_rewrite) CGI and Fast-CGI, SCGI WebDav SVN Practically anything … .mod_security…
Apache Proxying Load Balancing <Proxy balancer://mycluster> BalancerMember http://192.168.1.50:80 BalancerMember http://192.168.1.51:80 </Proxy> ProxyPass /test balancer://mycluster/ Proxying Tomcat ProxyPass /myapp ajp://127.0.0.1:8009/myapp/ ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp/
mod_rewrite Used to create ‘pretty’ url’s RewriteRule (.*).html /realpage.php?name=$1 Redirect any non-existant request to some page: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
Useful Apache Tricks /server-status/ http://sb1.roundsphere.com/server-status/ apachectl –t –D DUMP_VHOSTS Shows all of the virtual hosts configured Debian style setup with a2ensite, a2enmod Symlinks to enable/disable sites and modules Documentation is very good http://httpd.apache.org/docs/2.2
Apache Alternatives Nginx (Engine X) Supposed to be very good at proxying Lighttpd (Lighty)

More Related Content

Presentation (PPT)

  • 1. Basics of the HTTP Protocol and Apache Web Server Brandon Checketts
  • 2. At first there was HTTP 0.9 This is as simple as it can get GET http://www.somedomain.com/hello.txt Hello Created by Tim Berners-Lee in 1989(?) The 0.9 version number was actually created after the 1.0 spec
  • 3. HTTP 1.0 The first really practical revision of the HTTP protocol HTTP Request Headers and Response Headers Simple caching Authentication Content-Type Sending data via POST HTTP Status codes (200, 404, etc)
  • 4. HTTP 1.1 (in use today) Includes everything from HTTP 1.0 Host header is required Defines more status codes, more request methods Much more flexible caching available Digest Authentication
  • 5. Sample HTTP Request / Response GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK X-TR: 1 Date: Thu, 15 Oct 2009 17:50:12 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com Server: gws X-XSS-Protection: 0 Content-Length: 9256
  • 6. Headers of Interest Referer Says which page referred you to the current URL Note the misspelling Used in Analytics to provide a lot of useful metrics User Agent Specifies OS and Browser (often faked) Cookie / Set-Cookie (more on this later)
  • 7. HTTP Cookies Cookies are generally good! They provide some incredibly useful functionality. Server sends a Set-Cookie Client sends back a Cookie Demonstrate a cookie http://web01.roundsphere.com/cookie_test.php http://web01.roundsphere.com/cookie_test.php?set= 123 Be careful what you put in a cookie! Don’t store user ID’s, authentication credentials, etc
  • 8. Using Cookies to create sessions Without cookies, all HTTP requests are completely independent Cookies allow the server to add some persistence to multiple requests and create a session Most programming languages have some built-in support for sessions. (PHPSESSID, JSESSIONID, etc) Session information can be stored in file system, database, memcache, etc. Don’t pass Session ID through GET requests Demo some simple session examples: http://web01.roundsphere.com/session_test.php http://web01.roundsphere.com/session_test.php?add http://web01.roundsphere.com/session_test.php?reset
  • 10. Apache Web Server Apache is the most popular web server Wikipedia says it powers 55% of all websites and 66% of the biggest websites Derived from patches to NCSA httpd … ‘A Patchy’ Server Modules provide a lot of extra functionality Some people complain that the modules add a lot of bloat High Performance, very configurable, easily available. Virtual Hosts allow granular control of almost everything Hundreds and thousands of virtual hosts per physical host Worker (multi-threaded) versus Prefork (separate processes) Version 2.2 is in wide use today
  • 11. Sample Apache VirtualHost Config NameVirtualHost 76.74.250.21:80 <VirtualHost 76.74.250.21:80> ServerName mydomain.com ServerAlias www.mydomain.com *.mydomain.com DocumentRoot /home/mydomain.com/www CustomLog /home/mydomain.com/logs/access_log combined CustomLog /home/mydomain.com/logs/deflate_log deflate ErrorLog /home/mydomain.com/logs/error_log ScriptAlias /cgi-bin/ /home/mydomain.com/cgi-bin/ php_admin_flag engine on php_admin_value open_basedir &quot;/home/mydomain.com/&quot; RewriteEngine On </VirtualHost>
  • 12. Apache Modules Authentication (mod_auth_*) Via MySQL (multiple applications single password database) http://www.brandonchecketts.com/webpasswd.demo/ Proxying (HTTP, AJP, load balancing) Programs (mod_php, mod_python, mod_perl, passenger) SSL URL rewriting (mod_rewrite) CGI and Fast-CGI, SCGI WebDav SVN Practically anything … .mod_security…
  • 13. Apache Proxying Load Balancing <Proxy balancer://mycluster> BalancerMember http://192.168.1.50:80 BalancerMember http://192.168.1.51:80 </Proxy> ProxyPass /test balancer://mycluster/ Proxying Tomcat ProxyPass /myapp ajp://127.0.0.1:8009/myapp/ ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp/
  • 14. mod_rewrite Used to create ‘pretty’ url’s RewriteRule (.*).html /realpage.php?name=$1 Redirect any non-existant request to some page: RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]
  • 15. Useful Apache Tricks /server-status/ http://sb1.roundsphere.com/server-status/ apachectl –t –D DUMP_VHOSTS Shows all of the virtual hosts configured Debian style setup with a2ensite, a2enmod Symlinks to enable/disable sites and modules Documentation is very good http://httpd.apache.org/docs/2.2
  • 16. Apache Alternatives Nginx (Engine X) Supposed to be very good at proxying Lighttpd (Lighty)