1、ansible-playbook实现MySQL的二进制部署

准备工作

ansible 免密钥配置

ssh-keygen # 生成密钥对# 为两台被控端传输密钥，方便ansible进行管理
ssh-copy-id -i root@10.0.0.161

编辑主机清单

[root@centos-160 ansible]# vim /data/ansible/hosts
#末尾添加
[dbsrvs]
10.0.0.161

创建MySQL8角色目录

mkdir -pv /data/ansible/roles/mysql8/{defaults,files,handlers,meta,tasks,templates,vars}

files目录文件准备

[root@centos-160 mysql8]# tree files/
files/
└── mysql-8.0.23-linux-glibc2.12-x86_64.tar.xz

0 directories, 1 file

templates目录

[root@centos-160 mysql8]# tree templates/
templates/
└── my.cnf.j2

0 directories, 1 file


注意：配置文件里面如果设置了 pid-file参数，pid文件所在的文件夹owner和group需设置为mysql，默认放在data目录下可以不用额外设置（data目录默认设置为 mysql:mysql）

[root@centos-160 templates]# cat templates/my.cnf.j2
# Ansible managed

[client]
#password = your_password
port = 3306
#socket = /var/lib/mysql/mysql.sock
socket = /data/mysql/mysql.sock
default-character-set=utf8mb4

[mysql]
default-character-set=utf8mb4

[mysqld]
default_authentication_plugin = mysql_native_password
user = mysql
port = 3306
datadir = /data/mysql
#pid-file = /data/mysql/mysqld/mysqld.pid
socket = /data/mysql/mysql.sock
skip-name-resolve

general-log = 1
general_log_file = /data/mysql/mysqld.log
log-error = /data/mysql/mysql.err

...省略

# Other settings.

# * IMPORTANT: Additional settings that can override those from this file!
#   The files must end with '.cnf', otherwise they'll be ignored.
#

vars目录

[root@centos-160 mysql8]# tree vars/
vars/
└── main.yml

0 directories, 1 file

[root@centos-160 mysql8]# cat vars/main.yml 
---
mysql_version: 8.0.23
mysql_file: mysql-{{ mysql_version }}-linux-glibc2.12-x86_64.tar.xz
mysql_dir: mysql-{{ mysql_version }}-linux-glibc2.12-x86_64
mysql_root_password: 123qwe@MYSQL

tasks目录

[root@centos-160 mysql8]# tree tasks/
tasks/
├── conf.yml
├── data.yml
├── group.yml
├── install.yml
├── linkfile.yml
├── main.yml
├── path.yml
├── script.yml
├── secure.yml
├── service.yml
├── unarchive.yml
└── user.yml

main.yml 任务执行主文件

[root@centos-160 ansible]# cat roles/mysql8/tasks/main.yml 
---
- name: Install Requirements
  include: install.yml
- name: Add Group
  include: group.yml
- name: Add User
  include: user.yml
- name: Unarchive File
  include: unarchive.yml
- name: Add Link
  include: linkfile.yml
- name: Initialize with Datadir
  include: data.yml
- name: Manage Conf File
  include: conf.yml
- name: Manage Service Script
  include: script.yml
- name: Manage PATH
  include: path.yml
- name: Manage Service
  include: service.yml
- name: Set PASSWD
  include: secure.yml

install.yml 安装依赖

[root@centos-160 ansible]# cat roles/mysql8/tasks/install.yml 
---
- name: Install mysql requirements
  yum:
    name:
      - libaio
      - numactl-libs
    state: present

group.yml 创建组

[root@centos-160 ansible]# cat roles/mysql8/tasks/group.yml 
---
- name: Create Group
  group:
    name: mysql
    gid: 306
    state: present

user.yml 创建用户

[root@centos-160 ansible]# cat roles/mysql8/tasks/user.yml 
---
- name: Add User
  user:
    name: mysql
    uid: 306
    group: mysql
    shell: /sbin/nologin
    system: yes
    create_home: no
    home: /data/mysql

unarchive.yml 解压缩

[root@centos-160 ansible]# cat roles/mysql8/tasks/unarchive.yml 
---
- name: Copy tar pkgs to remote machine and unarchive
  unarchive:
    src: '{{ mysql_file }}'
    dest: /usr/local
    owner: root
    group: root

linkfile.yml 创建链接

[root@centos-160 ansible]# cat roles/mysql8/tasks/linkfile.yml 
---
- name: Add linkfile
  file:
    src: '/usr/local/{{ mysql_dir }}'
    dest: '/usr/local/mysql'
    state: link
    
#可省略如下步骤
- name: Change owner
  file:
    path: '/usr/local/mysql'
    state: directory
    recurse: yes
    owner: root
    group: root
    mode: '0755'

path.yml 设置环境变量

[root@centos-160 ansible]# cat roles/mysql8/tasks/path.yml 
---
- name: Manage PATH Variable
  copy:
    content: 'PATH=$PATH:/usr/local/mysql/bin'
    dest: '/etc/profile.d/mysql-env.sh'

- name: Active env variable
  shell:
    cmd: bash mysql-env.sh
    chdir: '/etc/profile.d/'

data.yml 初始化工作目录

[root@centos-160 ansible]# cat roles/mysql8/tasks/data.yml 
---
- name: Initialize mysql data
  shell: /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/data/mysql
  tags: init_data

conf.yml 复制配置文件模板

[root@centos-160 ansible]# cat roles/mysql8/tasks/conf.yml 
---
- name: Conf my.cnf
  template:
    src: my.cnf.j2
    dest: /etc/my.cnf

script.yml 添加服务脚本

[root@centos-160 ansible]# cat roles/mysql8/tasks/script.yml 
---
- name: Service script
  shell: /usr/bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld

service.yml 配置服务启动

[root@centos-160 ansible]# cat roles/mysql8/tasks/service.yml 
---
- name: Enabled service
  shell: /usr/sbin/chkconfig --add mysqld; /etc/init.d/mysqld start
  tags: service

secure.yml 设置密码

[root@centos-160 ansible]# cat roles/mysql8/tasks/secure.yml 
---
- name: Set password
  shell: /usr/local/mysql/bin/mysqladmin -uroot password '{{ mysql_root_password }}'

执行MySQL安装角色：role_mysql.yml

[root@centos-160 ansible]# cat role_mysql.yml 
---
- hosts: dbsrvs
 remote_user: root
 gather_facts: no

 roles:
   - mysql8

##执行安装角色
[root@centos-160 ansible]# ansible-playbook  role_mysql.yml

2、Ansible playbook实现apache批量部署,并对不同主机提供以各自IP地址为内容的index.html

准备工作

ansible免密钥配置

ssh-keygen # 生成密钥对# 为两台被控端传输密钥，方便ansible进行管理
ssh-copy-id -i root@10.0.0.161
ssh-copy-id -i root@10.0.0.162

编辑主机清单文件

[root@centos-160 ansible]# vim /data/ansible/hosts
#末尾添加
[websrvs]
10.0.0.161
10.0.0.162

创建apache-httpd角色目录

mkdir -pv /data/ansible/roles/httpd/{defaults,files,handlers,meta,tasks,templates,vars}

最终目录文件结构

[root@centos-160 ansible]# tree roles/httpd/
roles/httpd/
├── defaults
│   └── main.yml
├── files
│   └── httpd_ssl_certificate.sh
├── handlers
│   └── main.yml
├── meta
├── tasks
│   ├── certificates.yml
│   ├── group.yml
│   ├── httpd_conf.yml
│   ├── index.yml
│   ├── install.yml
│   ├── main.yml
│   ├── service.yml
│   ├── ssl_conf.yml
│   ├── status.yml
│   └── user.yml
├── templates
│   ├── httpd.conf.j2
│   ├── index.html.j2
│   ├── ssl.conf.j2
│   └── status.conf.j2
└── vars
    └── RedHat.yml

defaults目录

[root@centos-160 ansible]# tree roles/httpd/defaults/
roles/httpd/defaults/
└── main.yml

0 directories, 1 file

----
----
[root@centos-160 ansible]# cat roles/httpd/defaults/main.yml 
# roles/httpd/defaults/main.yml
---
httpd_access_log: logs/access_log
httpd_access_log_ssl: logs/ssl_access_log
httpd_document_root: '/var/www/html'
httpd_error_log: logs/error_log
httpd_error_log_ssl: logs/ssl_error_log
httpd_extended_status: 'On'
httpd_listen: 80
httpd_listen_ssl: 443
httpd_log_level: warn
httpd_log_level_ssl: warn
httpd_server_admin: root@localhost
httpd_server_root: '/etc/httpd'
httpd_server_tokens: Prod
httpd_ssl_certificate_file: localhost.crt
httpd_ssl_certificate_key_file: localhost.key
httpd_status_enable: false
httpd_status_location: '/server-status'
httpd_status_require: 'host localhost'

# SSL configuration, "Modern profile" according to:
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.34&openssl=1.1.0i&hsts=yes&profile=modern
httpd_ssl_cipher_suite: >
  'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
httpd_ssl_compression: 'off'
httpd_ssl_honor_cipher_order: 'on'
httpd_ssl_protocol: 'all -SSLv3 -TLSv1 -TLSv1.1'
httpd_ssl_session_tickets: 'off'
httpd_ssl_stapling_responder_timeout: 5
httpd_ssl_stapling_return_responder_errors: 'off'
httpd_ssl_stapling_cache: 'shmcb:/var/run/ocsp(128000)'
httpd_ssl_use_stapling: 'on'

files目录

[root@centos-160 ansible]# tree roles/httpd/files/
roles/httpd/files/
└── httpd_ssl_certificate.sh

[root@centos-160 ansible]# cat roles/httpd/files/httpd_ssl_certificate.sh 
#!/bin/bash

umask 077

if [ -f /etc/pki/tls/private/localhost.key -o -f /etc/pki/tls/certs/localhost.crt ]; then
   exit 0
fi

/usr/bin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > /etc/pki/tls/private/localhost.key 2> /dev/null

FQDN=`hostname`
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
   FQDN=localhost.localdomain
fi

cat << EOF | /usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key \
         -x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
         -out /etc/pki/tls/certs/localhost.crt 2>/dev/null
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF

handlers目录

[root@centos-160 ansible]# tree roles/httpd/handlers/
roles/httpd/handlers/
└── main.yml

0 directories, 1 file

[root@centos-160 ansible]# cat roles/httpd/handlers/main.yml 
# roles/httpd/handlers/main.yml
---
- name: restart httpd
  service:
   name: httpd
   state: restarted

tasks目录

[root@centos-160 ansible]# tree roles/httpd/tasks/
roles/httpd/tasks/
├── certificates.yml
├── group.yml
├── httpd_conf.yml
├── index.yml
├── install.yml
├── main.yml
├── service.yml
├── ssl_conf.yml
├── status.yml
└── user.yml

0 directories, 10 files

main.yml文件

[root@centos-160 ansible]# cat roles/httpd/tasks/main.yml 
---
- include_vars: "{{ item }}"
  with_first_found:
    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
    - "{{ ansible_distribution }}.yml"
    - "{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml"
    - "{{ ansible_os_family }}.yml"
    - "{{ ansible_distribution_file_variety }}-{{ ansible_distribution_major_version }}.yml"
    - "{{ ansible_distribution_file_variety }}.yml"

- name: Add Group
  include: group.yml
- name: Add User
  include: user.yml
- name: Install apache-httpd
  include: install.yml
  tags: httpd-pkgs
- name: Conf httpd.conf
  include: httpd_conf.yml
  tags: httpd_conf
- name: Conf status.conf
  include: status.yml
  tags: status.conf
- name: Install certificate files
  include: certificates.yml
  tags: ssl_conf
- name: Conf mod_ssl file
  include: ssl_conf.yml
  tags: ssl_conf
- name: Copy Index.html
  include: index.yml
  tags: index
- name: Manage service
  include: service.yml
  tags: service

group.yml文件

---
- name: Add Group
  group:
    name: apache
    gid: 48
    system: yes
    state: present

user.yml文件

[root@centos-160 ansible]# cat roles/httpd/tasks/user.yml 
---
- name: Add User
  user: 
    name: apache
    uid: 48
    group: apache
    shell: /sbin/nologin
    home: /usr/share/httpd
    system: yes
    state: present

install.yml文件

[root@centos-160 ansible]# cat roles/httpd/tasks/install.yml 
---
- name: Install Apache httpd
  package:
    name: "{{ item }}"
    state: present
  with_items: "{{ httpd_packages }}"

httpd_conf.yml文件

[root@centos-160 ansible]# cat roles/httpd/tasks/httpd_conf.yml 
---
- name: Conf httpd_conf
  template:
    src: httpd.conf.j2
    dest: "{{ httpd_config }}"
    owner: root
    group: root
    setype: httpd_config_t
    mode: "0644"
  notify: restart httpd

certificates.yml 文件

# roles/httpd/tasks/certificates.yml
# Install certificate files on the target host
---

- name: Check if default SSL certificate exists
  stat:
    path: "{{ httpd_cert_dir }}/localhost.crt"
  register: ssl_cert_file
  when: httpd_ssl_certificate_file == 'localhost.crt'

- name: Copy scripts to remote node for generate keys
  copy:
    src: httpd_ssl_certificate.sh
    dest: /etc/pki/tls/httpd_ssl_certificate.sh
  when:
    - httpd_ssl_certificate_file == 'localhost.crt'
    - not ssl_cert_file.stat.exists

- name: Generate default SSL certificate
  shell: /bin/bash /etc/pki/tls/httpd_ssl_certificate.sh
  when: >
    httpd_ssl_certificate_file == 'localhost.crt'
    and not ssl_cert_file.stat.exists

# follow 4 copy steps can be deleted
- name: Copy user defined key file
  copy:
    src: "{{ httpd_ssl_certificate_key_file }}"
    dest: "{{ httpd_key_dir }}/{{ httpd_ssl_certificate_key_file }}"
  when: httpd_ssl_certificate_key_file != 'localhost.key'

- name: Copy custom certificate file
  copy:
    src: "{{ httpd_ssl_certificate_file }}"
    dest: "{{ httpd_cert_dir }}/{{ httpd_ssl_certificate_file }}"
  when: httpd_ssl_certificate_file != 'localhost.crt'

- name: Copy custom certificate chain file
  copy:
    src: "{{ httpd_ssl_certificate_chain_file }}"
    dest: "{{ httpd_cert_dir }}/{{ httpd_ssl_certificate_chain_file }}"
  when: httpd_ssl_certificate_chain_file is defined

- name: Copy custom CA certificate file
  copy:
    src: "{{ httpd_ssl_ca_certificate_file }}"
    dest: "{{ httpd_cert_dir }}/{{ httpd_ssl_ca_certificate_file }}"
  when: httpd_ssl_ca_certificate_file is defined

status.conf.yml 文件

[root@centos-160 ansible]# cat roles/httpd/tasks/status.yml 
---
- name: Conf status file
  template:
    src: status.conf.j2
    dest: "{{ httpd_status_config }}"
    owner: root
    group: root
    setype: httpd_config_t
    mode: '0644'
  notify: restart httpd
  when: httpd_status_enable

ssl_conf.yml 文件

[root@centos-160 ansible]# cat roles/httpd/tasks/ssl_conf.yml 
---
- name: Conf ssl.conf
  template:
    src: ssl.conf.j2
    dest: "{{ httpd_ssl_config }}"
    owner: root
    group: root
    setype: httpd_config_t
    mode: "0644"
  notify: restart httpd

index.yml 文件

[root@centos-160 ansible]# cat roles/httpd/tasks/index.yml 
---
- name: Copy index.html
  template:
    src: index.html.j2
    dest: "{{ httpd_document_root }}/index.html"

service.yml 文件

[root@centos-160 ansible]# cat roles/httpd/tasks/service.yml 
---
- name: Manage httpd service
  service:
    name: httpd
    state: started
    enabled: true

templates目录

[root@centos-160 ansible]# tree roles/httpd/templates/
roles/httpd/templates/
├── httpd.conf.j2
├── index.html.j2
├── ssl.conf.j2
└── status.conf.j2

0 directories, 4 files

index.html.j2 文件

[root@centos-160 ansible]# cat roles/httpd/templates/index.html.j2 
<h1> {{ ansible_eth0.ipv4.address }} TEST </h1>

httpd.conf.j2 文件

[root@centos-160 ansible]# cat ./roles/httpd/templates/httpd.conf.j2 
# Apache HTTP server - main configuration
#
# {{ ansible_managed }}

## General configuration
ServerRoot {{ httpd_server_root }}
Listen {{ httpd_listen }}

Include conf.modules.d/*.conf

User apache
Group apache

## 'Main' server configuration
ServerAdmin {{ httpd_server_admin }}
{% if httpd_server_name is defined %}
ServerName {{ httpd_server_name }}
{% endif %}

ServerTokens {{ httpd_server_tokens }}

# Deny access to the entirety of your server's filesystem.
<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot {{ httpd_document_root }}

# Relax access to content within /var/www.
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "{{ httpd_document_root }}">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

# Load index.html if directory is requested
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

# Prevent .htaccess and .htpasswd files from being viewed by Web clients. 
<Files ".ht*">
    Require all denied
</Files>

# Logging
ErrorLog "{{ httpd_error_log }}"
LogLevel {{ httpd_log_level }}


<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "{{ httpd_access_log }}" combined
</IfModule>

# CGI
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>

EnableSendfile on

# Supplemental configuration
IncludeOptional conf.d/*.conf

# vim: ft=apache

status.conf.j2 文件

[root@centos-160 ansible]# cat roles/httpd/templates/status.conf.j2 
ExtendedStatus {{ httpd_extended_status }}

<Location "{{ httpd_status_location }}">
    SetHandler server-status
    Require {{ httpd_status_require }}
</Location>

ssl.conf.j2 文件

# Apache TLS configuration
#
# {{ ansible_managed }}

# Listen on port
Listen {{ httpd_listen_ssl }} https

## SSL Global Context
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

## SSL Virtual Host Context
<VirtualHost _default_:{{ httpd_listen_ssl }}>

SSLEngine on

ErrorLog {{ httpd_error_log_ssl }}
TransferLog {{ httpd_access_log }}
LogLevel {{ httpd_log_level_ssl }}

# Certificate files
SSLCertificateFile {{ httpd_cert_dir }}/{{ httpd_ssl_certificate_file }}
SSLCertificateKeyFile {{ httpd_key_dir }}/{{ httpd_ssl_certificate_key_file }}
{% if httpd_ssl_certificate_chain_file is defined %}
SSLCertificateChainFile {{ httpd_cert_dir }}/{{ httpd_ssl_certificate_chain_file }}
{% endif %}
{% if httpd_ssl_ca_certificate_file is defined %}
SSLCACertificateFile {{ httpd_cert_dir }}/{{ httpd_ssl_ca_certificate_file }}
{% endif %}

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

# SSL Configuration
# see https://mozilla.github.io/server-side-tls/ssl-config-generator/
SSLProtocol {{ httpd_ssl_protocol }}
SSLCipherSuite {{ httpd_ssl_cipher_suite }}
SSLHonorCipherOrder {{ httpd_ssl_honor_cipher_order }}
SSLCompression {{ httpd_ssl_compression }}
SSLSessionTickets {{ httpd_ssl_session_tickets }}

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling {{ httpd_ssl_use_stapling }}
SSLStaplingResponderTimeout {{ httpd_ssl_stapling_responder_timeout }}
SSLStaplingReturnResponderErrors {{ httpd_ssl_stapling_return_responder_errors }}
SSLStaplingCache {{ httpd_ssl_stapling_cache }}

vars目录

[root@centos-160 ansible]# tree ./roles/httpd/vars/
./roles/httpd/vars/
└── RedHat.yml

0 directories, 1 file

---
---
[root@centos-160 ansible]# cat ./roles/httpd/vars/RedHat.yml
# roles/httpd/vars/RedHat.yml
---
httpd_packages:
  - hostname  # needed for generating default certificate file
  - httpd
  - mod_ssl

httpd_config: /etc/httpd/conf/httpd.conf
httpd_ssl_config: /etc/httpd/conf.d/ssl.conf
httpd_status_config: /etc/httpd/conf.d/status.conf

httpd_cert_dir: /etc/pki/tls/certs
httpd_key_dir: /etc/pki/tls/private
[root@centos-160 ansible]#

安装及验证

##安装文件
[root@centos-160 ansible]# cat role_httpd.yml
---
- hosts: websrvs
  remote_user: root
  gather_facts: yes

  roles:
    - httpd

##验证
[root@centos-160 ansible]# curl https://10.0.0.161 -k
<h1> 10.0.0.161 TEST </h1>
[root@centos-160 ansible]# curl https://10.0.0.162 -k
<h1> 10.0.0.162 TEST </h1>
[root@centos-160 ansible]#

3、http的报文结构和状态码总结

HTTP 报文结构

参考链接：HTTP 消息 - HTTP | MDN (mozilla.org)

HTTP 消息是服务器和客户端之间交换数据的方式。有两种类型的消息︰

• 请求（requests）-- 由客户端发送用来触发一个服务器上的动作；

• 响应（responses）-- 来自服务器的应答。

HTTP 请求和响应报文结构由以下部分组成：

1. 起始行 -- 用于描述要执行的请求，或是对应的响应状态。

2. 可选的HTTP头集合 -- 指明请求或描述消息正文。

3. 空白行 -- 指示所有关于请求的元数据已经发送完毕

4. 消息主体 -- 包含请求相关数据的正文，或响应的相关文档。

请求报文和响应报文结构的具体说明如下：

• 请求报文

起始行 -- 在请求报文里亦称为请求行，包括HTTP请求方法、请求目标（通常为URL）、HTTP协议版本。
HTTP头部集合 -- 在请求报文里亦称为请求首部字段，总体可分组为通用首部字段、请求首部字段、实体首部字段。
空行
消息主体 -- 在请求报文里亦称为请求报文主体。注意并不是每一个请求报文都有消息主体。

• 响应报文

起始行 -- 在响应报文里亦称为状态行，包括HTTP协议版本、响应状态码、状态文本信息。
HTTP头部集合 -- 在响应报文里亦称为响应首部字段，总体可分组为通用首部字段、响应首部字段、实体首部字段。
空行
消息主体 -- 在响应报文里亦称为响应报文主体。

HTTP 状态码总结

状态码通常以3位数字和原因短语组成，主要分为以下5大类

100-199 信息响应
200-299 成功响应
300-399 重定向消息
400-499 客户端错误响应
500-599 服务端错误响应

常用状态码

200 OK：请求成功。
206 Partial Content：表示客户端进行了范围请求，而服务器成功执行了这部分的GET请求。
301 Moved Permanently：永久重定向。请求资源的URL已永久更改。在响应中给出了新的URL。
302 Found：临时重定向。所请求资源的URI已暂时更改。未来可能会对URI进行进一步的改变。
304 Not Modified：这是用于缓存的目的。它告诉客户端响应还没有被修改，因此客户端可以继续使用相同的缓存版本的响应。
307 Temporary Redirect：临时重定向。与302区别在于用户代理不能更改使用的HTTP方法。
400 Bad Request：认为请求存在语法错误，需修改请求。
401 Unauthorized：要求客户端必须对自身进行身份验证才能获得请求的响应。
403 Forbidden：客户端没有访问内容的权限。
404 Not Found：服务器找不到请求的资源。
500 Internal Server Error：表明服务器端在执行请求时发生了错误。
502 Bad Gateway：表示作为网关或代理角色的服务器，从上游服务器中接收到的响应是无效的。
503 Service Unavailable：表明服务器暂时处于超负载或正在进行?；?，现在无法处理请求。
504 Gateway Timeout：网关或者代理的服务器无法在规定的时间内获得想要的响应。