http, php, nginx串講

這不是講http協議的
不少的東西是知其意而忘其形?, 趁着過年這段時間把不少的知識都review下, 把形找回來, 寫代碼並非所有

tools

request

telnet
curl
chrome
postman

capture

fiddler/wireshark

http

http屬於應用層的協議
http是無狀態的(cookie和session的做用就體現出來了)

cookie and session

我這裏畫了一張圖
https://www.processon.com/vie...

下面是個人php.ini的部分配置

session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.save_path=F:\www\tmp\session

注意session.name = PHPSESSID

URL

http://www.test.com:80/index.php/kill?d=1&a=x 以這個爲例

description	value	commet
scheme	http	http表明使用http協議/https
host	www.test.com
port	80	http默認80/https默認443
uri	/index.php/kill?d=1&a=x
args	d=1&a=x	就是query_string

chrome demo

我使用虛擬機的, 把虛擬機的80端口映射到本機的8000端口, so下面的host是127.0.0.1:8000

完整的是在chrome裏面打開http://127.0.0.1:8000/index/index/test2

request

GET /index/index/test2 HTTP/1.1
Host: 127.0.0.1:8000
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Cookie: XDEBUG_SESSION=PHPSTORM

response

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2017 02:29:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.22
Proxy-Connection: keep-alive

body

test

curl demo

[xsu@localhost ~]$ curl -v "http://127.0.0.1/index/index/test2"
* About to connect() to 127.0.0.1 port 80 (#0)
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /index/index/test2 HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 23 Jan 2017 02:20:23 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< X-Powered-By: PHP/5.6.22
<
* Connection #0 to host 127.0.0.1 left intact
test

telnet demo

[xsu@localhost ~]$ telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
^]
telnet>
GET /index/index/test2 HTTP/1.1
Host: 127.0.0.1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2017 02:14:36 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.22

4
test
0

Transfer-Encoding: chunkedchunked 表示是分段, test前面的4表示接下來的數據的長度, 這是一個16進制的數, test下一段的長度爲0 , 即表示結束

request

由3部分組成:

request method, uri, protocol version

1. GET /index.php/index/index/test HTTP/1.1

request method	curd
get	r, read
post	u, update
put	c, create
delete	d, delete

request header

只說幾個有趣的, 其餘的本身看詳細的http協議, 或者chrome調試臺的request header

• User-Agent
  全部的瀏覽器都是 Mozilla/5.0 開頭的, 當時久我都驚呆了, 至於爲何看知乎

• Accept-Language
  在chrome地址欄裏面打開chrome://settings/languages, 把英文拖到 最上面, 打開www.swoole.com, 再把中文拖到最上面, 再打開www.swoole.com

困惑了我很久, 我以前打開不少網站, 打開的老是默認打開英文版的網站, 後來不當心review了下http協議, 恍然大悟?

• X-Forward-For
  能夠用來僞造ip來源, 刷單, 限制ip的地方

在配置nginx的時候要注意, 和獲取client ip的時候要注意, 不要相信用戶的輸入, 特別是http_xxx, 太容易僞造了

• X-Request-With

區分是正常的請求仍是ajax請求的, ajax請求通常都帶有這個請求頭, 固然能夠直接定義

request body

post的數據就是放到裏面

response

protocol version, response status, description

HTTP/1.1 200 OK

response header

Server: nginx
Date: Mon, 23 Jan 2017 02:29:09 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.22
Proxy-Connection: keep-alive

response body

就是咱們看到的html實體, 或者ajax返回的字符串

PHP

大概說下php裏面$_SERVER

php的文件內容爲

ksort($_SERVER);
print_r($_SERVER);

request -> view-source:http://127.0.0.1:8000/index.php/index/index/test?a=1&d=x

返回的數據爲(服務器用的是nginx, apache的相似)

Array
(
    [CONTENT_LENGTH] => 
    [CONTENT_TYPE] => 
    [DOCUMENT_ROOT] => /home/wwwroot/tp5/public
    [DOCUMENT_URI] => /index.php
    [FCGI_ROLE] => RESPONDER
    [GATEWAY_INTERFACE] => CGI/1.1
    [HOME] => /home/www
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp
    [HTTP_ACCEPT_ENCODING] => gzip, deflate, adch, br
    [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
    [HTTP_CONNECTION] => keep-alive
    [HTTP_COOKIE] => XDEBUG_SESSION=PHPSTORM
    [HTTP_DNT] => 1
    [HTTP_HOST] => 127.0.0.1:8000
    [HTTP_UPGRADE_INSECURE_REQUESTS] => 1
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
    [PATH_INFO] => /index/index/test
    [PHP_SELF] => /index/index/test
    [QUERY_STRING] => a=1&d=x
    [REDIRECT_STATUS] => 200
    [REMOTE_ADDR] => 10.0.2.2
    [REMOTE_PORT] => 62835
    [REQUEST_METHOD] => GET
    [REQUEST_SCHEME] => http
    [REQUEST_TIME] => 1485139559
    [REQUEST_TIME_FLOAT] => 1485139559.6806
    [REQUEST_URI] => /index.php/index/index/test?a=1&d=x
    [SCRIPT_FILENAME] => /home/wwwroot/tp5/public/index.php
    [SCRIPT_NAME] => /index.php
    [SERVER_ADDR] => 10.0.2.15
    [SERVER_NAME] => www.test.com
    [SERVER_PORT] => 80
    [SERVER_PROTOCOL] => HTTP/1.1
    [SERVER_SOFTWARE] => nginx/1.10.0
    [USER] => www
)

大概能夠分爲如下(#1表)

分類	描述
HTTP開頭	request header
REQUEST開頭	request method, protocol
SERVER開頭	服務器的相關信息
REMOTE開頭	客戶端的相關信息
SCRIPT,DOCUMENT開頭	腳本相關的名稱, 路徑
路由, 參數相關	path_info, query_string
其餘

nginx

cgi, fastcgi, php-fpm

cgi 　-> 公共網關接口, 與語言無關, 規定要傳哪些數據(看#1表), 經過重定向語言的stdin, stdout來實現, 可是cgi很慢, 看下使用cgi的php執行流程
webserver 收到 parse php請求 -> 啓動PHPCGI -> PHPCGI解析php.ini, 初始化運行環境 -> 處理請求, 以cgi規定格式返回 -> 退出PHPCGI -> webserver 返回數據
問題 : 每次都要啓動phpcgi, 和初始化環境
fastcgi -> cgi的改進方案, 啓動一個master進程, 解析配置文件, 初始化運行環境, 再fork多個worker來處理php請求, 返回數據, 他是要管理一個進程池來處理請求
php-fpm -> 是實現了fastcgi協議的 php fastcgi 進程管理器, 而且能夠平滑重啓(新的worker使用新的配置, 老的worker執行完就能夠自動退出了),

nginx一般都是使用php-fpm, 通訊有兩種方式, socket和9000端口

params

看下fastcgi的重寫

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
 fastcgi_param PATH_INFO       $path_info;

以$開頭的是nginx ngx_http_core_module 提供的變量, 具體可參看http://nginx.org/en/docs/http/ngx_http_core_module.html#variables

fastcgi_param這條指令就是對php中的$_SERVER賦值

fiddler

這個軟件抓包使用很簡單, 可能不知足需求, 固然須要更加專業wireshark, 可使用自定義腳本, 這個功能就本身想象了, 而且這個軟件我也只會簡單的抓包, 複雜的不會, 不敢寫

爲何能抓包?

打開Internet屬性 -> 鏈接 -> 局域網設置 -> 高級

你的http和https都使用了代理的, 你的全部的請求都會轉發到代理, 由代理處理, 因此能抓包

你把手機的代理地址, 設置爲fiddler自動配置的ip地址和端口, 也能夠抓手機的包

http斷點

打斷點, 加參數, 就像調試本地程序同樣

這裏可能須要用到filter過濾一下, 能夠按 host, 進程, 請求頭過濾, 高興就好

postman

有空再寫, 回家過年了,