Your SlideShare is downloading. ×
0
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Presentation (PPT)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Presentation (PPT)

989

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
989
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Basics of the HTTP Protocol and Apache Web Server Brandon Checketts
  • 2. At first there was HTTP 0.9 <ul><li>This is as simple as it can get </li></ul><ul><li>GET http://www.somedomain.com/hello.txt </li></ul><ul><li>Hello </li></ul><ul><li>Created by Tim Berners-Lee in 1989(?) </li></ul><ul><li>The 0.9 version number was actually created after the 1.0 spec </li></ul>
  • 3. HTTP 1.0 <ul><li>The first really practical revision of the HTTP protocol </li></ul><ul><li>HTTP Request Headers and Response Headers </li></ul><ul><li>Simple caching </li></ul><ul><li>Authentication </li></ul><ul><li>Content-Type </li></ul><ul><li>Sending data via POST </li></ul><ul><li>HTTP Status codes (200, 404, etc) </li></ul>
  • 4. HTTP 1.1 (in use today) <ul><li>Includes everything from HTTP 1.0 </li></ul><ul><li>Host header is required </li></ul><ul><li>Defines more status codes, more request methods </li></ul><ul><li>Much more flexible caching available </li></ul><ul><li>Digest Authentication </li></ul>
  • 5. Sample HTTP Request / Response <ul><li>GET / HTTP/1.1 </li></ul><ul><li>Host: www.google.com </li></ul><ul><li>User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 </li></ul><ul><li>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 </li></ul><ul><li>Accept-Language: en-us,en;q=0.5 </li></ul><ul><li>Accept-Encoding: gzip,deflate </li></ul><ul><li>Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 </li></ul><ul><li>Keep-Alive: 300 </li></ul><ul><li>Connection: keep-alive </li></ul><ul><li>HTTP/1.x 200 OK </li></ul><ul><li>X-TR: 1 </li></ul><ul><li>Date: Thu, 15 Oct 2009 17:50:12 GMT </li></ul><ul><li>Expires: -1 </li></ul><ul><li>Cache-Control: private, max-age=0 </li></ul><ul><li>Content-Type: text/html; charset=UTF-8 </li></ul><ul><li>Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com </li></ul><ul><li>Set-Cookie: __utmv=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com </li></ul><ul><li>Server: gws </li></ul><ul><li>X-XSS-Protection: 0 </li></ul><ul><li>Content-Length: 9256 </li></ul>
  • 6. Headers of Interest <ul><li>Referer </li></ul><ul><ul><li>Says which page referred you to the current URL </li></ul></ul><ul><ul><li>Note the misspelling </li></ul></ul><ul><ul><li>Used in Analytics to provide a lot of useful metrics </li></ul></ul><ul><li>User Agent </li></ul><ul><ul><li>Specifies OS and Browser (often faked) </li></ul></ul><ul><li>Cookie / Set-Cookie (more on this later) </li></ul>
  • 7. HTTP Cookies <ul><li>Cookies are generally good! They provide some incredibly useful functionality. </li></ul><ul><ul><li>Server sends a Set-Cookie </li></ul></ul><ul><ul><li>Client sends back a Cookie </li></ul></ul><ul><li>Demonstrate a cookie </li></ul><ul><ul><li>http://web01.roundsphere.com/cookie_test.php </li></ul></ul><ul><ul><li>http://web01.roundsphere.com/cookie_test.php?set= 123 </li></ul></ul><ul><li>Be careful what you put in a cookie! </li></ul><ul><ul><li>Don’t store user ID’s, authentication credentials, etc </li></ul></ul>
  • 8. Using Cookies to create sessions <ul><li>Without cookies, all HTTP requests are completely independent </li></ul><ul><li>Cookies allow the server to add some persistence to multiple requests and create a session </li></ul><ul><li>Most programming languages have some built-in support for sessions. (PHPSESSID, JSESSIONID, etc) </li></ul><ul><li>Session information can be stored in file system, database, memcache, etc. </li></ul><ul><li>Don’t pass Session ID through GET requests </li></ul><ul><li>Demo some simple session examples: </li></ul><ul><ul><li>http://web01.roundsphere.com/session_test.php </li></ul></ul><ul><ul><li>http://web01.roundsphere.com/session_test.php?add </li></ul></ul><ul><ul><li>http://web01.roundsphere.com/session_test.php?reset </li></ul></ul>
  • 9. Apache
  • 10. Apache Web Server <ul><li>Apache is the most popular web server </li></ul><ul><li>Wikipedia says it powers 55% of all websites and 66% of the biggest websites </li></ul><ul><li>Derived from patches to NCSA httpd … ‘A Patchy’ Server </li></ul><ul><li>Modules provide a lot of extra functionality </li></ul><ul><ul><li>Some people complain that the modules add a lot of bloat </li></ul></ul><ul><li>High Performance, very configurable, easily available. </li></ul><ul><li>Virtual Hosts allow granular control of almost everything </li></ul><ul><ul><li>Hundreds and thousands of virtual hosts per physical host </li></ul></ul><ul><li>Worker (multi-threaded) versus Prefork (separate processes) </li></ul><ul><li>Version 2.2 is in wide use today </li></ul>
  • 11. Sample Apache VirtualHost Config <ul><li>NameVirtualHost 76.74.250.21:80 </li></ul><ul><li>&lt;VirtualHost 76.74.250.21:80&gt; </li></ul><ul><li>ServerName mydomain.com </li></ul><ul><li>ServerAlias www.mydomain.com *.mydomain.com </li></ul><ul><li>DocumentRoot /home/mydomain.com/www </li></ul><ul><li>CustomLog /home/mydomain.com/logs/access_log combined </li></ul><ul><li>CustomLog /home/mydomain.com/logs/deflate_log deflate </li></ul><ul><li>ErrorLog /home/mydomain.com/logs/error_log </li></ul><ul><li>ScriptAlias /cgi-bin/ /home/mydomain.com/cgi-bin/ </li></ul><ul><li>php_admin_flag engine on </li></ul><ul><li>php_admin_value open_basedir &amp;quot;/home/mydomain.com/&amp;quot; </li></ul><ul><li>RewriteEngine On </li></ul><ul><li>&lt;/VirtualHost&gt; </li></ul>
  • 12. Apache Modules <ul><li>Authentication (mod_auth_*) </li></ul><ul><ul><li>Via MySQL (multiple applications single password database) </li></ul></ul><ul><ul><li>http://www.brandonchecketts.com/webpasswd.demo/ </li></ul></ul><ul><li>Proxying (HTTP, AJP, load balancing) </li></ul><ul><li>Programs (mod_php, mod_python, mod_perl, passenger) </li></ul><ul><li>SSL </li></ul><ul><li>URL rewriting (mod_rewrite) </li></ul><ul><li>CGI and Fast-CGI, SCGI </li></ul><ul><li>WebDav </li></ul><ul><li>SVN </li></ul><ul><li>Practically anything </li></ul><ul><li>… .mod_security… </li></ul>
  • 13. Apache Proxying <ul><li>Load Balancing </li></ul><ul><li>&lt;Proxy balancer://mycluster&gt; BalancerMember http://192.168.1.50:80 BalancerMember http://192.168.1.51:80 </li></ul><ul><li>&lt;/Proxy&gt; </li></ul><ul><li>ProxyPass /test balancer://mycluster/ </li></ul><ul><li>Proxying Tomcat </li></ul><ul><li>ProxyPass /myapp ajp://127.0.0.1:8009/myapp/ </li></ul><ul><li>ProxyPassReverse /myapp ajp://127.0.0.1:8009/myapp/ </li></ul>
  • 14. mod_rewrite <ul><li>Used to create ‘pretty’ url’s </li></ul><ul><li>RewriteRule (.*).html /realpage.php?name=$1 </li></ul><ul><li>Redirect any non-existant request to some page: </li></ul><ul><li>RewriteEngine On </li></ul><ul><li>RewriteBase / </li></ul><ul><li>RewriteCond %{REQUEST_FILENAME} !-f </li></ul><ul><li>RewriteCond %{REQUEST_FILENAME} !-d </li></ul><ul><li>RewriteRule . /index.php [L] </li></ul>
  • 15. Useful Apache Tricks <ul><li>/server-status/ </li></ul><ul><ul><ul><li>http://sb1.roundsphere.com/server-status/ </li></ul></ul></ul><ul><li>apachectl –t –D DUMP_VHOSTS </li></ul><ul><ul><li>Shows all of the virtual hosts configured </li></ul></ul><ul><li>Debian style setup with a2ensite, a2enmod </li></ul><ul><ul><li>Symlinks to enable/disable sites and modules </li></ul></ul><ul><li>Documentation is very good </li></ul><ul><ul><li>http://httpd.apache.org/docs/2.2 </li></ul></ul>
  • 16. Apache Alternatives <ul><li>Nginx (Engine X) </li></ul><ul><ul><li>Supposed to be very good at proxying </li></ul></ul><ul><li>Lighttpd (Lighty) </li></ul>

×