Implementation of web services through kernel httpd
Editor: Ideal
First, introduction
Starting with Linux2.4.13, a testive option in Networking Options - "[] kernel httpd acceleration (experimental", what is khttpd? It is a web server in a Linux environment. The difference between KHTTPD and other web servers is that it is in the kernel of the Linux as part of the kernel (can be seen as a device driver). KHTTPD only processes the static (static file) web page, and all the requests for non-static content are processed to the normal WEB server running in the user space, such as Apache, Zeus, etc., and these runs in user space The web server does not need any modifications. The processing of HTTP requests for static web pages is not a very complex process, but this is a very important part of the web service, because most of the graphics in the website are static, and there are still many HTML files static. A conventional web server is very simple for the HTTP request processing of the static page, just a simple operation of copying "files to the network". If these operations are completed in the kernel, they will become very efficient. For example, the NFS server that completes similar functions is also in the kernel. By implementing Web request processing acceleration in the kernel, the usual web server - such as Apache, can focus on handling those dynamic web requests. Note: Here Apache refers to any web server.
Second, get started
1) Compile and load the module 2) Configuring the module by / proc / sys / net / kHttpd if needed 3) Echo 1> / proc / sys / net / khttpd / start Uninstall: Echo 1> / Proc / Sys / Net / khttpd / stopecho 1> / proc / sys / net / khttpd / unload rmmod khttpd
Third, configuration
1. Operating mode There are two recommended operating modes: 1) "Apache" is the main web server, khttpd is a secondary web server clientport -> 80Serverport -> 8080 (or wherever) 2) khttpd is the main web server, "apache" is Assisted Web Server Clientport -> 8080 (or wherever) Serverport -> 802, configuring KHTTPD first need to configure it before starting kHTTPD. This is made through the / proc file system, so automatic configuration can be implemented in the script. Most parameters can only be set before kHTTPD is not started. The following parameters can be configured: 1) KHTTPD listening service request port 2) "Apache" listening port (in "localhost" interface) 3) Web Document Root Directory (DocumentRoot) 4) Dynamic content The string included in the request (Optional) [By default, "CGI-BIN"] The DocumentRoot specified here must guarantee and run the DocumentRoot in the web server running in the user space, because KHTTPD may redirect any request to the user space Web server Treatment. A typical script (first mode of operation) #! / Bin / shmodprobe khttpdecho 80> / proc / sys / net / khttpd / clientportporto 8080> / proc / sys / net / khttpd / serverportecho / var / www> / proc / Sys / net / khttpd / documentrootecho php3> / proc / sys / net / khttpd / dynamicecho shtml> / proc / sys / net / khttpd / dynamicecho 1> / proc / sys / net / khttpd / start for the second mode of operation, Its typical scripts are as follows: #! / Bin / shmodprobe khttpdecho 8080> / proc / sys / net / khttpd / clientportecho 80> / proc / sys / net / khttpd / serverportecho / var / www> / proc / sys / net / khttpd / documentrootecho php3> / proc / sys / net / khttpd / dynamicecho shtml> / proc / sys / net / khttpd / dynamicecho 1> / proc / sys / net / khttpd / start In this case, you first need to modify Apache Configuration: Port 80 is modified to Port 80803, stop khttpd to modify the configuration, first you need to stop khttpd: #echo 1> / proc / sys / net / khttpd / stop If you want to uninstall the module, stop khttpd, run: Echo 1> / proc / sys / net / khttpd / unload If you feel that this process is too slow (above the command you need to wait for the remote connection first to close), you can send HUP signals to the server after stopping it, which will cause the server thread to immediately stop. Note: If these processes are not stopped, they will be restarted immediately. Fourth, restriction
The security model of KHTTPD is very stringent because there is a user-space web server to handle complicated situations: KHTTPD will only process the request: 1) URL "?" 2) URL starts with "/" 3) URL specified file existence 4) The permissions of this file are all user-readable (*) 5) files are not a directory, not executable, no STICKY position bit (*) 6) URL does not contain any illegal strings ,, "..", "CGI-BIN", etc. (*) 7) file MIME type is known (*) Here, the condition of the label * is configured by / proc / sys / net / khttpd. The request to meet any of the conditions will be processed to the web server that is transferred to the user space. , Five, parameters
The following parameters can be configured by / proc / sys / net / khttpd: Variable Name default enlightenment Serverport 8080 khttpd listening service port clientport 80 user space Web server listening port Threads 2 server thread quantity, for small web It should be a corresponding one for each CPU. For large websites (active files are not saved in the RAM), its value should be that each CPU corresponds to the 2DocumentRoot / Var / WWW web content where START 0 is set to 1 to start khttpd (this Bit may be "automatically set to 0) STOP 0 to stop kHTTPD (this bit may be" automatically set to 0) unload 0 Set to 1 to prepare to uninstall the khttpd module SLOPPYMIME 0 if 1, then The MIME type is automatically set to Text / HTML. If 0 Unknown MIMI type file will process the minimum limit required by the user space (its value reference "Man 2 STAT") Perm_FORBID DIR Sticky file is prohibited Limit mask (its value refer to "Man 2 STAT") Dynamic CGI-BIN .. Dynamic content request URL contains substrings MAXCONNECT 1000 current maximum connection
Six, more information
More information about the KHTTPD architecture, refer to http://www.fenrus.demon.nl
