.. _curl: curl命令简析 ############ 常见用法:: -v: 调试时用 -i: 全部显示 -I: 只显示头部 -r: 断点续传指定传输范围 用法: curl [选项...] curl中数据为json时, 最好都用双引号,里面用 ``\"`` 进行转义 各类method请求:: //GET method curl www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK //POST method:: curl -d "birthyear=1905&press=OK" www.hotmail.com/when/junk.cgi //新的POST method(将本地的文件用POST上传到服务器):: curl -F upload=@localfilename -F press=OK URL //使用PUT:: curl -T uploadfile www.uploadhttp.com/receive.cgi curl -X PUT -d "field1=value1&field2=value2" http://testzgapi4.taojoy.com.cn // 请求指定并显示请求内容,常用于请求可执行文件,并执行 curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sudo sh -s 有关认证(参数中指定用户名而空着密码,curl可以交互式的让用户输入密码):: curl -U proxyuser:proxypassword http://curl.haxx.se referer 引用:: -e, --referer 如: curl -e Url1 Url2 指定用户端:: curl -A "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" URL // ipad safari curl -A "Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53" // iphone 5c weixin "Mozilla/5.0 (iPhone; CPU iPhone OS 8_1_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12B440 MicroMessenger/6.0.2 NetType/WIFI" // 华为 微信 "Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; HUAWEI G716-L070 Build/HuaweiG716-L070) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 MicroMessenger/6.0.0.54_r849063.501 NetType/WIFI" // 华为 内置浏览器 "Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; HuaweiG716-L070_LTE Build/HuaweiG716-L070_LTE) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30" COOKIES:: curl -b cookies.txt -c newcookies.txt www.cookiesite.com 加密HTTP:: curl https://that.secure.server.com json請求的語法:: curl http://192.168.10.102:8000/tongji/baseinfo -H "Accept:application/json" curl http://192.168.10.102:8022/tongji/baseinfo -H "Accept:application/json" -d "rid=\"rid\"&sim=\"sim\"&mac=\"mac\"&imei=\"imei\"&device=\"device\"\&&resolution=\"resolution\"&os=\"android\"&&osversion=\"osversion\"&×tamp=\"431432143214\"" multipart/form-data 类型请求:: // 这种是正式的 // http.content_type: multipart/form-data; boundary=----------------------------8ed7c16ae35a // 多个form间用boundary关联,多个form使用同一个boundary curl -v http://127.0.0.1:9090/addservice -include --form key=1122-3434 --form destName=hello.test.unit --form upload=@/tmp/localfile // 指定boundary的例子@undo curl -X POST -H "Content-Type: multipart/form-data; boundary=----------------------------4ebf00fbcf09" -d $'------------------------------4ebf00fbcf09\r\nContent-Disposition: form-data; name="example"\r\n\r\ntest\r\n------------------------------4ebf00fbcf09--\r\n' http://localhost:3000/test //指定文件类型@undo curl -H "Content-Type: multipart/related" \ --form "data=@example.jpg;type=image/jpeg" http://localhost:3000/test // 指定为multipart/form但没有 curl -v -XPOST -H 'Content-Type: multipart/form-data' http://192.168.35.141:9090/addservice?key=1122-3434&destName=hello.test.unit&zkidc=qa 翻墙相关:: // -x, --proxy <[protocol://][user:password@]proxyhost[:port]> // 默认为http协议 curl -x socks5://192.168.14.40:6500 "http://www.youtube.com" // 要注意dns混乱问题 实例:: // -L: --location, 如果有301等跳转的话,自动访问新location // -O: --remote-name, 下载后的文件名同远程文件相同 curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-ssl-x86_64-3.4.9.tgz websocket ========= :: curl -i -N -H "Connection: Upgrade" -H "Upgrade: websocket" -H "Host: echo.websocket.org" -H "Origin: https://www.websocket.org" https://echo.websocket.org curl --include \ --no-buffer \ --header "Connection: Upgrade" \ --header "Upgrade: websocket" \ --header "Host: example.com:80" \ --header "Origin: http://example.com:80" \ --header "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \ --header "Sec-WebSocket-Version: 13" \ http://example.com:80/ 选项 ==== 通用:: (H) 指只适用于http/https (F)指只适用于ftp -a/--append Append to target file when uploading -A/--user-agent User-Agent to send to server --anyauth Pick "any" authentication method -b/--cookie Cookie string or file to read cookies from -d, --data 时间相关:: -m/--max-time 整个过程中要花费的最长时间(秒), 防止因网络慢或链接失效(参考:--connect-timeout). --connect-timeout 允许到 -I/--head (HTTP/FTP/FILE)只获取http头!当使用FTP or FILE文件,curl只显示文件大小和最后修改时间 -s/--silent 静默模式!不显示进度条和错误显示! -o/--output 把输入改为写入到指定文件(默认是stdout): curl http://{one,two}.site.com -o "file_#1.txt" curl http://{site,host}.host[1-5].com -o "#1_#2" -O/--remote-name Write output to a local file named like the remote file we get. (Only the file part of the remote file is used, the path is cut off.):: curl -O http:///.tar.gz -L/--location (HTTP/HTTPS) If the server reports that the requested page has moved to a different location (indicated with a Location: header and a 3XX response code), this option will make curl redo the request on the new place.(php等动态语言的文件需要加L才能下载下来) 证书相关:: --cacert 设定ca证书,证书必须是PEM格式,可以包含多个CA证书. 自动查找名为curl-ca-bundle.crt的文件(当前目录、curl.exe文件对应目录、PATH目录) --capath -k 或 --insecure 安全选项: 不验证证书有效性 用途: 通常用于连接到一个使用自签名证书的服务器或者测试环境 断点续传:: -C, --continue-at -r, --range (HTTP FTP SFTP FILE) Retrieve a byte range (i.e a partial document) from a HTTP/1.1, FTP or SFTP server or a local FILE. Ranges can be specified in a number of ways. .. warning:: 为啥有的时候要对url地址加入到双引号中? 实例:: % default: "text/html" curl -i http://localhost:8080 curl -i -H "Accept: application/json" http://localhost:8080 curl -i -H "Accept: text/plain" http://localhost:8080 curl -i -H "Accept: text/css" http://localhost:8080 HTTP/2 ====== :: nghttp -v http://localhost:8080 nghttp -v -H "accept: application/json" http://localhost:8080 nghttp -v -H "accept: text/plain" http://localhost:8080 nghttp -v -H "accept: text/css" http://localhost:8080 实例:: curl -i --data-urlencode paste@- localhost:8080 curl -i --data-urlencode paste@my_file localhost:8080 curl -i --data-urlencode paste@priv/index.html localhost:8080 查看此网站web服务器:: curl -s -I http://blog.programfan.info | grep Server 性能 ==== 查看网站连接的各种时间指标:: curl -L -w "time_namelookup: %{time_namelookup} time_connect: %{time_connect} time_appconnect: %{time_appconnect} time_pretransfer: %{time_pretransfer} time_redirect: %{time_redirect} time_starttransfer: %{time_starttransfer} time_total: %{time_total} " https://example.com/ => ... time_namelookup: 0.001403 time_connect: 0.245464 time_appconnect: 0.757656 time_pretransfer: 0.757823 time_redirect: 0.000000 time_starttransfer: 0.982111 time_total: 0.982326 字段说明:: time_namelookup 从请求开始到域名解析完成的耗时 time_connect 从请求开始到 TCP 三次握手完成耗时 time_appconnect 从请求开始到 TLS 握手完成的耗时 time_pretransfer 从请求开始到向服务器发送第一个 GET/POST 请求开始之前的耗时 time_redirect 重定向时间,包括到内容传输前的重定向的 DNS 解析、TCP 连接、内容传输等时间 time_starttransfer 从请求开始到内容传输前的时间 time_total 从请求开始到完成的总耗时 业务常关注的性能指标:: 域名解析耗时 = time_namelookup 域名 NS 及本地 LocalDNS 解析耗时 总耗时 = time_total TCP 握手耗时 = time_connect - time_namelookup 建立 TCP 连接时间 SSL 耗时 = time_appconnect - time_connect TLS 握手以及加解密处理 服务器处理请求耗时 = time_starttransfer - time_pretransfer 服务器响应第一个字节到全部传输完成耗时 TTFB = time_starttransfer - time_appconnect 服务器从接收请求到开始到收到第一个字节的耗时 实例 ==== 断点续传:: // normal(explicitly specified start AND end) curl -v -X GET -H "range: bytes=1-8" http://localhost:8080/bbb/test // specified ONLY start(end will be specified at the end of file) curl -v -X GET -H "range: bytes=10-" http://localhost:8080/bbb/test // specified ONLY one negative value(last N bytes of file will be retrieved) curl -v -X GET -H "range: bytes=-11" http://localhost:8080/bbb/test // multi(specified multi ranges by using comma) curl -v -X GET -H "range: bytes=0-8,10-" http://localhost:8080/bbb/test // ? curl -v -r 0-500 http://somefile -o localfile 上传json文件:: curl -v -i -X POST -H "Content-Type: application/json" \ -H "Accept: application/json" -H "Authorization:Basic <用户名和密码的base64>=" \ http://localhost:3000/api/dashboards/db -d@1.json 用户名和密码的base64: base64(user:passwd) $ echo -n "user:passwd" | base64 dXNlcjpwYXNzd2Q= $ curl -v -X POST http://localhost:3000/api/dashboards/db \ -H 'Accept: application/json' -H 'Authorization: Basic dXNlcjpwYXNzd2Q=' \ -H 'Content-Type: application/json' -d @abc.json .. warning:: 注意,-X后面的POST是大写 实战 ==== 实例1:: $ curl -v -X POST https://api.zhaoweiguo.com/hello -d {\"key\":"\"value\""} Note: Unnecessary use of -X or --request, POST is already inferred. * Trying 39.105.xxx.xxx... * TCP_NODELAY set * Connected to api.zhaoweiguo.com (39.105.xxx.xxx) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: C=CN; ST=Beijing; O=Wei64 (Beijing) Limited; CN=*.zhaoweiguo.com * start date: Nov 5 00:00:00 2020 GMT * expire date: Nov 20 23:59:59 2021 GMT * subjectAltName: host "api.zhaoweiguo.com" matched cert's "*.zhaoweiguo.com" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Secure Site CA G2 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x563b43f57e00) > POST /api HTTP/1.1 > Host: api.zhaoweiguo.com > User-Agent: curl/7.52.1 > Accept: */* > Content-Length: 358 > Content-Type: application/x-www-form-urlencoded // 注: 默认 Content-Type > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! * We are completely uploaded and fine < HTTP/2 400 < date: Wed, 29 Sep 2021 03:31:43 GMT < content-type: text/plain; charset=utf-8 < content-length: 25 < access-control-allow-credentials: true < access-control-allow-origin: * < content-security-policy: default-src https: wss: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' < strict-transport-security: max-age=31536000; includeSubDomains < x-content-type-options: nosniff < x-xss-protection: 1; mode=block