HTTP1
The old standard of the HTTP protocol is HTTP/1.0. In order to improve the efficiency of the system, HTTP 1.0 stipulates that the browser and the server only maintain a short connection, and each request of the browser needs to establish a TCP connection with the server, and the server immediately processes the request. When the TCP connection is disconnected, the server does not track each client and does not record past requests. However, this also caused some performance defects. If a web page contains many pictures and requests, it must be disconnected and reconnected every time, which seriously affects the performance of the client and server. Based on this, it will be found that the most complained about http1.0 is the two problems of *** connection cannot be reused*** and ***head of line blocking***.
The inability to reuse the connection will cause each request to experience a three-way handshake and slow start. The three-way handshake has a more obvious impact in high-latency scenarios, and a slow start has a greater impact on file requests.
Head of line blocking will result in bandwidth not being fully utilized, and subsequent health requests will be blocked.
The next version of HTTP1 HTTP1.0
The main features of HTTP1.0:
1. HTTP 1.1 supports persistent connections (the default mode of HTTP/1.1 uses persistent connections with pipelines), multiple HTTP requests and responses can be transmitted on a TCP connection, reducing the consumption and delay of establishing and closing connections.
2. HTTP 1.1 also allows the client to issue the next request without waiting for the return of the previous request. However, the server must send back the response in the order in which the client request is received to ensure that the client can distinguish each time. The response content of the request, which also significantly reduces the time required for the entire download process.
3. Add the Host request header field in HTTP 1.1.
We can use different host names on the same IP address and port number to create multiple virtual WEB sites on one WEB server.
Fourth, HTTP 1.1 also provides request headers and response headers related to mechanisms such as identity authentication, state management, and Cache caching.
Five, HTTP 1.1 supports resumable transmission
HTTP 1.1 status codes and their meanings
1xx: Indication message-indicates that the request has been received, continue processing
100 Continue 初始的请求已经接受,客户应当继续发送请求的其余部分。(HTTP 1.1新)
101 Switching Protocols 服务器将遵从客户的请求转换到另外一种协议(HTTP 1.1新)
2xx: Success-indicates that the request has been successfully received, understood, and accepted
200 OK 一切正常,对GET和POST请求的应答文档跟在后面。
201 Created 服务器已经创建了文档,Location头给出了它的URL。
202 Accepted 已经接受请求,但处理尚未完成。
203 Non-Authoritative Information 文档已经正常地返回,但一些应答头可能不正确,因为使用的是文档的拷贝(HTTP 1.1新)。
204 No Content 没有新文档,浏览器应该继续显示原来的文档。如果用户定期地刷新页面,而Servlet可以确定用户文档足够新,这个状态代码是很有用的。
205 Reset Content 没有新的内容,但浏览器应该重置它所显示的内容。用来强制浏览器清除表单输入内容(HTTP 1.1新)。
206 Partial Content 客户发送了一个带有Range头的GET请求,服务器完成了它(HTTP 1.1新)。
3xx: Redirect-further action must be taken to complete the request
300 Multiple Choices 客户请求的文档可以在多个位置找到,这些位置已经在返回的文档内列出。如果服务器要提出优先选择,则应该在Location应答头指明。
301 Moved Permanently 客户请求的文档在其他地方,新的URL在Location头中给出,浏览器应该自动地访问新的URL。
302 Found 类似于301,但新的URL应该被视为临时性的替代,而不是永久性的。注意,在HTTP1.0中对应的状态信息是“Moved Temporatily”。
出现该状态代码时,浏览器能够自动访问新的URL,因此它是一个很有用的状态代码。
注意这个状态代码有时候可以和301替换使用。例如,如果浏览器错误地请求http://host/~user(缺少了后面的斜杠),有的服务器返回301,有的则返回302。
严格地说,我们只能假定只有当原来的请求是GET时浏览器才会自动重定向。请参见307。
303 See Other 类似于301/302,不同之处在于,如果原来的请求是POST,Location头指定的重定向目标文档应该通过GET提取(HTTP 1.1新)。
304 Not Modified 客户端有缓冲的文档并发出了一个条件性的请求(一般是提供If-Modified-Since头表示客户只想比指定日期更新的文档)。服务器告诉客户,原来缓冲的文档还可以继续使用。
305 Use Proxy 客户请求的文档应该通过Location头所指明的代理服务器提取(HTTP 1.1新)。
307 Temporary Redirect 和302(Found)相同。许多浏览器会错误地响应302应答进行重定向,即使原来的请求是POST,即使它实际上只能在POST请求的应答是303时 才能重定向。由于这个原因,HTTP 1.1新增了307,以便更加清除地区分几个状态代码:当出现303应答时,浏览器可以跟随重定向的GET和POST请求;如果是307应答,则浏览器只能跟随对GET请求的重定向。(HTTP 1.1新)
4xx: Client error-the request has a syntax error or the request cannot be fulfilled
400 Bad Request 请求出现语法错误。
401 Unauthorized 客户试图未经授权访问受密码保护的页面。应答中会包含一个WWW-Authenticate头,浏览器据此显示用户名字/密码对话框,然后在填写合适的Authorization头后再次发出请求。
403 Forbidden 资源不可用。服务器理解客户的请求,但拒绝处理它。通常由于服务器上文件或目录的权限设置导致。
404 Not Found 无法找到指定位置的资源。这也是一个常用的应答。
405 Method Not Allowed 请求方法(GET、POST、HEAD、DELETE、PUT、TRACE等)对指定的资源不适用。(HTTP 1.1新)
406 Not Acceptable 指定的资源已经找到,但它的MIME类型和客户在Accpet头中所指定的不兼容(HTTP 1.1新)。
407 Proxy Authentication Required 类似于401,表示客户必须先经过代理服务器的授权。(HTTP 1.1新)
408 Request Timeout 在服务器许可的等待时间内,客户一直没有发出任何请求。客户可以在以后重复同一请求。(HTTP 1.1新)
409 Conflict 通常和PUT请求有关。由于请求和资源的当前状态相冲突,因此请求不能成功。(HTTP 1.1新)
410 Gone 所请求的文档已经不再可用,而且服务器不知道应该重定向到哪一个地址。它和404的不同在于,返回407表示文档永久地离开了指定的位置,而404表示由于未知的原因文档不可用。(HTTP 1.1新)
411 Length Required 服务器不能处理请求,除非客户发送一个Content-Length头。(HTTP 1.1新)
412 Precondition Failed 请求头中指定的一些前提条件失败(HTTP 1.1新)。
413 Request Entity Too Large 目标文档的大小超过服务器当前愿意处理的大小。如果服务器认为自己能够稍后再处理该请求,则应该提供一个Retry-After头(HTTP 1.1新)。
414 Request URI Too Long URI太长(HTTP 1.1新)。
416 Requested Range Not Satisfiable 服务器不能满足客户在请求中指定的Range头。(HTTP 1.1新)
5xx: server-side error-the server failed to fulfill a legitimate request
500 Internal Server Error 服务器遇到了意料不到的情况,不能完成客户的请求。
501 Not Implemented 服务器不支持实现请求所需要的功能。例如,客户发出了一个服务器不支持的PUT请求。
502 Bad Gateway 服务器作为网关或者代理时,为了完成请求访问下一个服务器,但该服务器返回了非法的应答。
503 Service Unavailable 服务器由于维护或者负载过重未能应答。例如,Servlet可能在数据库连接池已满的情况下返回503。服务器返回503时可以提供一个Retry-After头。
504 Gateway Timeout 由作为代理或网关的服务器使用,表示不能及时地从远程服务器获得应答。(HTTP 1.1新)
505 HTTP Version Not Supported 服务器不支持请求中所指明的HTTP版本。(HTTP 1.1新)
HTTP2
New features of http2:
1.
Binary framing HTTP/2 adds a binary framing layer between the application layer (HTTP/2) and the transport layer (TCP or UDP). Without changing the semantics, methods, status codes, URI, and header fields of HTTP/1.x, the performance limitations of HTTP 1.1 are resolved, transmission performance is improved, and low latency and high throughput are achieved.
http1.x uses text (string) transmission, and because http2 uses a binary framing method, frames are formed into a stream, and the stream has a stream ID, which can uniquely identify which stream it is to locate which http The request leads to the second feature multiplexing.
Two, multiplexing (Multiplexing)
Multiplexing allows multiple request-response messages to be initiated via a single HTTP/2 connection at the same time. In the HTTP/1.1 protocol, the browser client has a certain limit on the number of requests under the same domain name at the same time. Requests exceeding the limit will be blocked.
The multiplexing of HTTP/2 allows multiple request-response messages to be initiated through a single HTTP/2 connection at the same time. Therefore, HTTP/2 can easily implement multi-stream parallelism without relying on the establishment of multiple TCP connections. HTTP/2 reduces the basic unit of HTTP protocol communication to one frame, which corresponds to the messages in the logical flow. In parallel, messages are exchanged in both directions on the same TCP connection.
3. Header Compression
HTTP/1.1 does not support HTTP header compression, while HTTP/2 uses the HPACK algorithm specifically designed for header compression to achieve header compression. HTTP2 compresses the header through gzip and compress and then sends it. At the same time, the client and the server maintain a header information table. All fields are recorded in this table, so that each subsequent transmission only needs to transmit the index Id in the table. Index ID query table header value
Fourth, server push (Server Push)
server push is a mechanism to send data before the client requests. In HTTP/2, the server can send multiple responses to a client request.
Server Push makes the optimization methods of using embedded resources in the HTTP1.x era meaningless;
if a request is initiated by your homepage, the server is likely to respond to the content, logo and style sheet of the homepage, because it knows the client will use To these things. This is equivalent to a collection of all resources in an HTML document.
Compared with it, server push has another big advantage: it can be cached! It also makes it possible to share cache resources between different pages when following the same origin.
HTTPS
HTTPS is the TLS protocol used, but because SSL appeared earlier [SSL (Secure Sockets Layer) protocol is used to encrypt data transmitted by HTTP protocol] and is still supported by current browsers, SSL is still HTTPS Synonymous with.
HTTPS requires a handshake between the client (browser) and the server (website) before transmitting data. During the handshake process, the password information for both parties to encrypt the transmitted data will be established. The TLS/SSL protocol is not just a set of encrypted transmission protocols. Asymmetric encryption, symmetric encryption and HASH algorithms are used in TLS/SSL. A brief description of the handshake process is as follows:
1.浏览器将自己支持的一套加密规则发送给网站。
2.网站从中选出一组加密算法与HASH算法,并将自己的身份信息以证书的形式发回给浏览器。证书里面包含了网站地址,加密公钥,以及证书的颁发机构等信息。
3.获得网站证书之后浏览器要做以下工作:
a) 验证证书的合法性(颁发证书的机构是否合法,证书中包含的网站地址是否与正在访问的地址一致等),如果证书受信任,则浏览器栏里面会显示一个小锁头,否则会给出证书不受信的提示。
b) 如果证书受信任,或者是用户接受了不受信的证书,浏览器会生成一串随机数的密码,并用证书中提供的公钥加密。
c) 使用约定好的HASH计算握手消息,并使用生成的随机数对消息进行加密,最后将之前生成的所有信息发送给网站。
4.网站接收浏览器发来的数据之后要做以下的操作:
a) 使用自己的私钥将信息解密取出密码,使用密码解密浏览器发来的握手消息,并验证HASH是否与浏览器发来的一致。
b) 使用密码加密一段握手消息,发送给浏览器。
5.浏览器解密并计算握手消息的HASH,如果与服务端发来的HASH一致,此时握手过程结束,之后所有的通信数据将由之前浏览器生成的随机密码并利用对称加密算法进行加密。
If there is any error in the TLS handshake process, the encrypted connection will be disconnected, thereby preventing the transmission of private information. It is precisely because HTTPS is very secure that attackers cannot find a place to start, so they use fake certificates to deceive clients to obtain information in plain text. The default HTTP port number is 80, and the HTTPS port number is 443.
Long and short links
The long connection process is as follows:
连接->传输数据->保持连接 -> 传输数据-> 。。。 ->关闭连接。
The short connection is as follows:
连接->传输数据->关闭连接
The difference between websocket and polling and long polling
Polling is as follows:
客户端:啦啦啦,有没有新信息(Request)
服务端:没有(Response)
客户端:啦啦啦,有没有新信息(Request)
服务端:没有。。(Response)
客户端:啦啦啦,有没有新信息(Request)
服务端:你好烦啊,没有啊。。(Response)
客户端:啦啦啦,有没有新消息(Request)
服务端:好啦好啦,有啦给你。(Response)
客户端:啦啦啦,有没有新消息(Request)
服务端:。。。。。没。。。。没。。。没有(Response) ---- loop
The long polling is as follows:
客户端:啦啦啦,有没有新信息,没有的话就等有了才返回给我吧(Request)
服务端:额。。 等待到有消息的时候。。来 给你(Response)
客户端:啦啦啦,有没有新信息,没有的话就等有了才返回给我吧(Request) -loop
The websocket is as follows:
http uses a three-way handshake to establish a connection, while websocket is based on http. After the first handshake is established, websocket establishes a long-term connection, and it closes only when one party closes the connection.
websocket solves these problems of HTTP. First of all, passive. When the server completes the protocol upgrade (HTTP->Websocket), the server can actively push information to the client.
In general: The feature of http is that only the client can send requests to the server, and the server can only send requests through polling when it wants to actively send. Websocket solves this problem. It can make the server actively want the client to send requests. .
So the above scenario can be modified as follows.
客户端:啦啦啦,我要建立Websocket协议,需要的服务:chat,Websocket协议版本:17(HTTP Request)
服务端:ok,确认,已升级为Websocket协议(HTTP Protocols Switched)
客户端:麻烦你有信息的时候推送给我噢。。
服务端:ok,有的时候会告诉你的。
服务端:balabalabalabala
服务端:balabalabalabala
服务端:哈哈哈哈哈啊哈哈哈哈
服务端:笑死我了哈哈哈哈哈哈哈