HTTP协议压缩、加密、重定向及反向代理、源码编译httpd- 2.4.39
HTTP的压缩
1、使⽤mod_deflate模块压缩页⾯优化传输速度
Lo a dMo dule defla te_m o dule mo dules/m o d_defla te.so SetOutputFilter
te_mo
DEFLATE
SetOutputFilter DEFLATE
# R estric t c o m pr essio n to these MIME types
AddOutputFilter ByType DEFLATE text/pla in(纯⽂本)
AddOutputFilter ByType DEFLATE text/html
AddOutputFilter ByType DEFLATE a pplic a tio n/xhtml+xml
xhtm l+xm l
AddOutputFilter ByType DEFLATE text/xml
AddOutputFilter ByType DEFLATE a pplic a tio n/xm l
xml
AddOutputFilter ByType DEFLATE a pplic a tio n/x-ja va sc ript
AddOutputFilter ByType DEFLATE text/ja va sc r ipt
AddOutputFilter ByType DEFLATE text/c ss
Defla teCo m pr essio nLevel 9(压缩等级为9)
HTTPS实现
1、实现https 安全⽹站
安装mod_ssl模块,然后重启httpd服务
2、利⽤私有CA实现HTTPS
(1)建⽴CA
进⼊/etc/pk i/CA/⽂件夹中
(uma sk 077;o penssl genr sa -o ut priva te/c a k ey.pem 4096)
包塑轴承
(um a penssl genrsa ey.pem 4096)
o penssl r eq -new -x509 -k ey /etc/pk i/CA/pr iva te/c a k ey.pem -o ut
priva ey.pem -o
/etc/pk i/CA/c a c er t.pem -da ys 3650 <<EOF
t.pem -da
CN
平面涡卷弹簧
beijing
喷墨打印机墨盒
beijingpvc文件袋
ma
m a gedu
devo ps
c a.ma gedu.c o m
a dmin@ma gedu.c o m
EOF
to uc h /etc/pk i/
ec ho 01 > /etc/pk i/CA/seria l
(2)申请证书
mk dir /
m k dir /etc/httpd/c o nf.d/ssl
c d /etc/httpd/c o nf.d/ssl
(uma sk 066;o penssl genr sa -o ut httpd.k ey 1024 )
(um a penssl genrsa
o penssl r eq -new -k ey httpd.k ey -o ut httpd.c sr彩钢板机房
sc p /etc/httpd/c o nf.d/ssl/httpd.c sr CAServer:/etc/pk i/CA
(3)颁发证书
o penssl c a -in /etc/pk i/CA/httpd.c sr -o ut /etc/pk i/CA/c erts/httpd.c r t -
rt -da ys 100
sc p /etc/pk i/CA/c er ts/httpd.c rt 192.168.37.7:/etc/httpd/c o nf.d/ssl/
erts/
sc p /etc/pk i/CA/c a c ert.pem 192.168.37.7:/etc/httpd/c o nf.d/ssl
(4)修改配置⽂件/etc/httpd/c o nf.d/ssl.c o nf
SSLCertific a teFile /etc/httpd/c o nf.d/ssl/httpd.c rt
SSLCer tific
SSLCer tific
SSLCertific a teKeyFile /etc/httpd/c o nf.d/ssl/httpd.k ey
SSLCACer tific a teFile /etc/httpd/c o nf.d/ssl/c a c ert.pem
防辐射布HTTP重定向为HTTPS
1、基于虚拟主机重定向(修改/etc/httpd/conf.f)
2、不基于虚拟主机重定向(HSTS)
vim /etc/httpd/c o nf/httpd.c o nf
vim /
H ea der a lw a ys set Stric t-Tr a nspo rt-Sec urity "m a x-a ge=31536000"(H STS
der a t-Tra
的缓存时间)
R ew r iteEngine o n
riteEngine o
riteR OST}$1 [r edirec
R ew r iteR ule ^(/.*)$ %{H TTP_H OST}$1 [redirec t=302]
反向代理
1、启⽤反向代理
Pr o xyPa ss "/" "w a mple.c o m/"
Pr o xyPa ssR ever se "/" "w a mple.c o m/"
m/
2、特定U R L反向代理
Pr o xyPa ss "/im a ges" "w a m ple.c o m/"
mple.c m/
Pr o xyPa ssR ever se "/im a ges" w a mple.c o m/
ima
⽰例:
<Vir tua lH o st *>
<Virtua
ServerN a m e w w w.m a gedu.c o m
Server N
Pr o xyPa ss / lo c a lho st:8080/
Pr o xyPa ssR ever se / lo c a lho st:8080/
</Virtua lH o st>
Vir tua
⾯ http协议常⽤的状态码
200: 成功,请求数据通过响应报⽂的entity-bo dy部分发送;OK 301: 请求的U R L指向的资源已经被删除;但在响应报⽂中通过⾸部Lo c a tio n指明了资源现在所处的新位置;Mo ved Perma nently
ved Perm a
302: 响应报⽂Lo c a tio n指明资源临时新位置 Mo ved Tempo ra rily
304: 客户端发出了条件式请求,但服务器上的资源未曾发⽣改变,则通过响应此响应状态码通知客户端;N o t Mo dified 401: 需要输⼊账号和密码认证⽅能访问资源;U na utho rized
403: 请求被禁⽌;Fo rbidden
404: 服务器⽆法到客户端请求的资源;N o t Fo und
500: 服务器内部错误;Interna l Server Erro r
500: 服务器内部错误;Inter na
502: 代理服务器从后端服务器收到了⼀条伪响应,如⽆法连接到⽹关;Ba d Ga tew a y 503: 服务不可⽤,临时服务器维护或过载,服务器⽆法处理请求
豫公网安备41160202000603
站长QQ:729038198
关于我们
投诉建议