Scribd Logo
Hochladen

Willkommen bei Scribd!

  • CSE 398: System Administration

    Hochgeladen von

    smt1961
    69 Ansichten18 Seiten

    Originaltitel

    18-Web.pdf

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    69 Ansichten18 Seiten

    CSE 398: System Administration

    Hochgeladen von

    smt1961

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 18

    CSE398:SystemAdministration

    WebhostingandInternetservers

    Webhostingbasics

    HTTPserverinstallation

    Virtualinterfaces

    Cachingandproxyservers

    FTPservers

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Webhostingbasics

    Needaserver,(typically)listeningonport80

    acceptingrequestsfordocsandtransmittingthem

    maydynamicallygeneratedocsaswellasusefiles

    URLs:Uniformresourcelocators

    Spring2004

    Protocol

    Hostname

    TCP/IPport(optional)

    Directory(optional)

    Filename

    http://www.apache.org:80/foundation/FAQ.html

    CSE398:SystemAdministration

    2004BrianD.Davison

    Commonprotocols
    Protocol What it does

    Example

    http

    Accesses a remote file via HTTP

    http://admin.com/index.html

    https

    Accesses a remote file via HTTP/SSL

    https://admin.com/order.shtml

    ftp

    Accesses a remote file via FTP

    ftp://ftp.xor.com/adduser.tar.gz

    mailto

    Sends email to a designated address

    mailto:sa-book@admin.com

    news

    Access Usenet newsgroups

    news:alt.cooking

    telnet

    Logs in to a remote computer

    telnet://spot.acme.com

    ldap

    Access es LDAP directory services

    ldap://ldap.bigfoot.com:389/cn=Herb

    file

    Accesses a local file (no Internet)

    file://etc/syslog.conf

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    HTTPmessages

    SampleHTTPrequestheaders:
    GET /somedir/page.html HTTP/1.1
    Host: www.someschool.edu
    User-agent: Mozilla/4.0
    Connection: close

    SampleHTTPresponseheaders:
    HTTP/1.1 200 OK
    Date: Thu, 06 Aug 1998 12:00:15 GMT
    Server: Apache/1.3.0 (Unix)
    Last-Modified: Mon, 22 Jun 1998 ...
    Content-Length: 6821
    Content-Type: text/html

    Canusetelnetasclienttoseethem

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    CGI

    TheCommonGatewayInterface(CGI)
    providesonewaytogeneratecontent
    dynamically

    Othermethodsarealsopossible

    Executesauserprogramtogenerateoutput

    Spring2004

    Suchprogramsaresecurityrisks

    UsuallyprocesssomeinputfromWebinterface

    CSE398:SystemAdministration

    2004BrianD.Davison

    Apache

    Apacherunstwothirdsoftheworld'
    swebservers
    (Netcraft,March2004)

    Apache2(includedinmodernreleases)

    Supportsmultiprocessandmultthreadedoperation

    SupportsSSL/TLSencryption

    Supportsproxyoperation

    Supportsvirtualhosting

    Supportssysloglogging,buttypicallydoesn'
    tuseit

    http://httpd.apache.org/fordocumentation

    Configurationisin/etc/httpd/conf

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Apacheconfiguration
    KeepAlive Off
    MaxKeepAliveRequests 100
    KeepAliveTimeout 15
    <IfModule prefork.c>
    StartServers
    8
    MinSpareServers
    5
    MaxSpareServers
    20
    MaxClients
    150
    MaxRequestsPerChild 1000
    </IfModule>
    Listen 80
    DocumentRoot "/var/www/html"
    <Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>

    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    LoadModule
    [...]

    access_module modules/mod_access.so
    auth_module modules/mod_auth.so
    auth_dbm_module modules/mod_auth_dbm.so
    log_config_module modules/mod_log_config.so
    env_module modules/mod_env.so
    expires_module modules/mod_expires.so
    headers_module modules/mod_headers.so
    status_module modules/mod_status.so
    autoindex_module modules/mod_autoindex.so
    dir_module modules/mod_dir.so
    speling_module modules/mod_speling.so
    userdir_module modules/mod_userdir.so
    alias_module modules/mod_alias.so
    rewrite_module modules/mod_rewrite.so

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


    CustomLog logs/access_log combined
    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Userhomedirectories
    <IfModule mod_userdir.c>
    #
    UserDir disable
    UserDir public_html
    </IfModule>
    <Directory /home/*/public_html>
    AllowOverride All
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    <Limit GET POST OPTIONS>
    Order allow,deny
    Allow from all
    </Limit>
    </Directory>
    AccessFileName .htaccess
    <Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    </Files>

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Apacheproxysupport
    #<IfModule mod_proxy.c>
    ProxyRequests On
    <Proxy *>
    Order deny,allow
    Deny from all
    Allow from .lehigh.edu
    </Proxy>
    # Enable/disable the handling of HTTP/1.1 "Via:" headers.
    # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
    # Set to one of: Off | On | Full | Block
    #
    ProxyVia On
    # To enable the cache as well, edit and uncomment the following lines:
    # (no cacheing without CacheRoot)
    #
    CacheRoot "/etc/httpd/proxy"
    CacheSize 5
    [...]
    #</IfModule>

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Apachevirtualhosting
    NameVirtualHost 128.180.120.32
    <VirtualHost 128.180.120.32:80>
    ServerName monitors.eecs.lehigh.edu
    ServerAlias monitors.eecs
    ServerAdmin sysadmin@eecs.lehigh.edu
    DocumentRoot /export/www/monitors.eecs.lehigh.edu/html
    <Directory "/export/www/monitors.eecs.lehigh.edu/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    </Directory>
    ScriptAlias /cgi-bin/ "/export/www/monitors.eecs.lehigh.edu/cgi-bin/"
    <Directory "/export/www/monitors.eecs.lehigh.edu/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    # Allow from lehigh.edu
    Allow from all
    Deny from all
    </Directory>
    ErrorLog logs/monitors.eecs.lehigh.edu-error_log
    CustomLog logs/monitors.eecs.lehigh.edu-access_log common
    </VirtualHost>
    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    VirtualInterfaces

    Sometimesyouwantaninterfacetosupportmultiple
    IPaddresses,e.g.:

    virtualhostingusingIP(notnamebased)

    sshorSSLsupport

    InLinux,virtualinterfaceshavenames
    interface:instance,e.g.:
    #ifconfigeth0:0128.180.121.223netmask255.255.252.0

    Tomakepermanent,createseparateinterfacefilein
    /etc/sysconfig/networkscripts(e.g.,ifcfgeth0:0)

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    DebuggingHTTP

    Foraneasywaytoseeactualrequestand
    responseheaders,use

    http://www.webcaching.com/showheaders.html

    Forserver/CGIproblems,studyallapache
    logs,andexaminefile/directorypermissions

    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    FTPservers

    AnonymousFTPisstillcommon

    NonanonymousFTPisasecurityconcern(sameastelnet
    usernamesandpasswordsincleartext)

    Tolimitthesecurityconcerns,ftpdrunsinachrooted
    space(~ftp)andsoneedstohaveitsown

    /etcentrieslike/etc/passwdand/etc/group

    /bin

    /lib

    Donotmakeanyftpdirectoriesworldwritable!

    Spring2004

    Yourmachinebecomesafreefileserver
    CSE398:SystemAdministration

    2004BrianD.Davison

    Webcaches(proxyserver)
    Goal:satisfyclientrequestwithoutinvolvingoriginserver

    Usersetsbrowserto
    accessWebviacache
    BrowsersendsallHTTP
    requeststocache

    Spring2004

    Ifobjectincache:
    cachereturnsobject
    Elsecacherequests
    objectfromorigin
    server,thenreturns
    objecttoclient

    origin
    server
    HT

    TP
    req
    ues
    H
    client TT
    t
    Pre
    spo
    nse
    est
    u
    q
    re
    P
    T
    nse
    T
    o
    H
    esp
    r

    TP
    T
    H

    client

    CSE398:SystemAdministration

    Proxy
    server

    t
    ues
    q
    e
    r
    T P
    T
    nse
    H
    o
    p
    res
    P
    T
    HT

    origin
    server

    2004BrianD.Davison

    MoreaboutWebcaching

    Cacheactsasbothclientand
    server
    Cachecandouptodate
    checkusingIfmodified
    sinceHTTPheader

    Issue:shouldcachetake
    riskanddelivercached
    objectwithoutchecking?
    Heuristicsareused.

    Typicallycacheisinstalledby
    ISP(university,company,
    residentialISP)

    Spring2004

    WhyWebcaching?

    Reduceresponsetimefor
    clientrequest.
    Reducetrafficonan
    institutionsaccesslink.
    Internetdensewithcaches
    enablespoorcontent
    providerstoeffectively
    delivercontent(thatis,it
    reducestheloadonWeb
    servers).

    CSE398:SystemAdministration

    2004BrianD.Davison

    Cachingexample(1)
    Assumptions

    averageobjectsize=100,000bits

    avg.requestratefrominstitutions
    browsertooriginserver=15/sec

    delayfrominstitutionalrouterto
    anyoriginserverandbackto
    router=2sec
    Consequences
    utilizationonLAN=15%

    utilizationonaccesslink=100%

    totaldelay=Internetdelay+access
    delay+LANdelay
    =2sec+minutes+milliseconds

    origin
    servers
    public
    Internet

    1.5Mbps
    accesslink

    Spring2004

    institutional
    network

    CSE398:SystemAdministration

    10MbpsLAN

    2004BrianD.Davison

    Cachingexample(2)
    Possiblesolution

    increasebandwidthofaccesslink
    to,say,10Mbps
    Consequences

    utilizationonLAN=15%
    utilizationonaccesslink=15%
    Totaldelay=Internetdelay+access
    delay+LANdelay

    =2sec+msecs+msecs

    oftenacostlyupgrade

    Spring2004

    origin
    servers
    public
    Internet

    10Mbps
    accesslink
    institutional
    network

    CSE398:SystemAdministration

    10MbpsLAN

    2004BrianD.Davison

    Cachingexample(3)
    Installcache

    origin
    servers

    supposehitrateis.4

    Consequence
    40%requestswillbesatisfiedalmost
    immediately

    60%requestssatisfiedbyorigin
    server

    utilizationofaccesslinkreducedto
    60%,resultinginnegligibledelays
    (say10msec)

    totaldelay=Internetdelay+
    accessdelay+LANdelay
    =.6*2sec+.6*.01secs+
    milliseconds<1.3secs

    public
    Internet

    1.5Mbps
    accesslink
    institutional
    network

    10MbpsLAN

    institutional
    cache
    Spring2004

    CSE398:SystemAdministration

    2004BrianD.Davison

    Das könnte Ihnen auch gefallen