Mago Architecture Week 1 Coursework

1. Draw a picture to explain the process of a web request. Involving tcp/ip, dns, nginx, wsgi.

Simplified version of the process

1 DNS
2 CDN
3 TCP
4 Web server processing
1) Establish a connection
2) Receive the request
3) Process requests GET, POST and other methods
4) Get resources
5) Build a response message
6) Send the response
7) Logging
5 The browser receives the response message and renders the page

Detailed version

  1. The browser resolves the domain name to the corresponding IP address through DNS
  2. According to this IP address, find the corresponding server on the Internet and establish a Socket connection
  3. The client server sends HTTP protocol requests to request document resources in the server
  4. On the server side, there is actually complex business logic: there may be multiple servers, and which server is directed to process the request, which requires a load balancing device to evenly distribute the requests of all users
  5. There is also whether the requested data is stored in a distributed cache or a static file, or in a database;
  6. When the data is returned to the browser, the browser will initiate another request when it parses the data and finds that there are still some static resources (such as css, js or pictures), and these requests may be on the CDN, and the CDN server will process this again user's request.
  7. Client disconnected from server. The HTML document is interpreted by the client, and the graphical result is rendered on the client screen.

This is how an HTTP transaction is implemented. It looks very simple, but the principle is actually quite responsible. It should be noted that the communication between the client and the server is a non-persistent connection, that is, when the server sends a response, it disconnects from the client and waits for the next request.

But it should be noted that starting from HTTP 1.1, the server can maintain a long connection with the client, and it does not necessarily disconnect after the request is completed, depending on the operation of the server.

2. Compile and install nginx, and explain the common parameters in detail.

Since the scripts used in the work are installed here, I will briefly describe them.
config,make -j cpu make install

Commonly used parameters are explained here so I won’t list them one by one.

3. Complete the dynamic and static separation deployment lamp based on nginx. php to backend php-fpm, static/ in nginx local.

3.1 Configure nginx to achieve dynamic and static separation of reverse proxy

[root@centos8 ~]#vi /apps/nginx/conf/conf.d/pc.conf 
 location / {
   proxy_pass http://10.0.0.28;
   index index.html;
 }
 location ~ \.php$ {
   root /data/php;
   fastcgi_pass   10.0.0.18:9000;
   fastcgi_index index.php;
    #fastcgi_param SCRIPT_FILENAME /data/php$fastcgi_script_name;
   fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
   include       fastcgi_params;
 } 

3.2 Prepare the backend httpd server

#Install the httpd service on the backend server 10.0.0.28
[root@centos8 ~]#dnf -y install httpd
[root@centos8 ~]#systemctl enable --now httpd
[root@centos8 ~]#mkdir /var/www/html/images
[root@centos8 ~]#wget -O /var/www/html/images/magedu.jpg 
http://www.magedu.com/wp-content/uploads/2019/05/2019052306372726.jpg

4. nginx uses rewrite to complete the full-stack ssl configuration.

hsts browser jumps to https inside

[root@centos8 ~]#vim /apps/nginx/conf/conf.d/pc.conf
server {
 listen 80;
 listen 443 ssl;
 ssl_certificate /apps/nginx/conf/conf.d/www.magedu.org.crt;
 ssl_certificate_key /apps/nginx/conf/conf.d/www.magedu.org.key;
 ssl_session_cache shared:sslcache:20m;
 ssl_session_timeout 10m;
 server_name www.magedu.org;
 error_log /apps/nginx/logs/magedu.org_error.log notice;  
 access_log /apps/nginx/logs/magedu.org_access.log main;
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"
always;
 location / {
   root /data/nginx/html/pc;
   if ( $scheme = http ) {
         rewrite ^/(.*)$ https://www.magedu.org/$1 redirect;                   
                            
   }
 }
[root@centos8 ~]#systemctl restart nginx
[root@centos7 ~]#curl -ikL https://www.magedu.org
HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Thu, 08 Oct 2020 15:29:56 GMT
Content-Type: text/html
Content-Length: 7
Last-Modified: Sat, 26 Sep 2020 01:18:32 GMT
Connection: keep-alive
ETag: "5f6e96e8-7"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
pc web

JD.com’s request to visit the website within one hour is directly redirected in the browser, and after one hour, the http request is still sent to the server and the server returns https

5. (Optional) If you are interested, you can complete acme to complete automatic SSL issuance.

refer to
https://www.yoyoask.com/?p=9313

6. Monitor nginx status and web site health status through zabbix.


7. Briefly describe the plan for later study.

1. In terms of theory, I usually record the experience that Lao Wang talked about and then summarize it by myself, and review it a week before the interview
2. In terms of practical operation, my own experience is still enough, and most of them have to be gone through in order to save time.
3. Prepare some high-EQ speech skills for the interview, so that the interviewer looks more familiar with himself.

Tags: Linux Nginx shell server architecture

Posted by decypher on Sun, 08 Jan 2023 23:42:39 +1030