About two dozen manufacturers HTTP face questions asked in the interview

[Q035] http What are the common status codes

1XX represents a message
2XX indicates success
3XX Redirects
4XX that the client error
5XX expressed server error

Common status codes

200

Most like to see the status code indicating that the request was successful
301

Permanent redirect
302

Temporary Redirect
304

Since the last request, unmodified documents
400

bad Request
401

Unauthorized, requires authentication, such as token information, etc.
403

Request is denied
404

Lack of resources, the interface does not exist, or the requested file does not exist, etc.
500

Unknown server error
502

Bad Gateway
503

Service is temporarily unavailable

[Q036] http status codes 301, 302 and 307 What is the difference

301, Moved Permanently. Permanent redirect, the operation is dangerous, we need to exercise caution: If you set 301, but after some time want to cancel, but the browser has already cached, or redirected.
302, Fount. Temporary redirect, but we will change the method in the redirect time: change the POST GET, so with 307
307, Temporary Redirect. Temporary redirect, redirect will not change in the method

[Q050] http status codes 502 and 504 What is the difference

Of Bad Gateway 502
of The Gateway Server or WAS A acting Proxy and AS AN Received invalid Response The upstream from Server.
Received a response but can not resolve the upstream
504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
上游响应超时

[Q079] http caching mechanism outlined

What [Q081] http proxy principle is

everything

[Q084] With the development of http2, conventional schemes which front-end performance optimization may be substituted

Sprite map
Merge resource files

[Q085] http2 What is the difference with http1.1

[Q107] What is the Basic Auth and Digest Auth

What is the principle of gzip is [Q108]

gzipUsing the LZ77algorithm and Huffmanencoding to compress files, file higher spatial repetitiveness compressible greater.

[Q109] you can turn on gzip compression of the picture, and why

No need to open, if open, then, has the potential to become bigger picture. If you pay attention img Resource some sites, you will find that they are not opengzip

Reference: https://webmasters.stackexchange.com/questions/8382/is-gzipping-images-worth-it-for-a-small-size-reduction-but-overhead-compressing

[Q110] request packet and response packet format http what

To ncsimulate http packets as follows

$ nc www.baidu.com 80
GET / HTTP/1.1
Host: www.baidu.com

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 14615
Content-Type: text/html
Date: Tue, 10 Dec 2019 02:48:44 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: BWS/1.1
Set-Cookie: BAIDUID=F0FC6B3A056DEA285F51A1F2F8A170BB:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BIDUPSID=F0FC6B3A056DEA285F51A1F2F8A170BB; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1575946124; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUID=F0FC6B3A056DEA287CB2B9422E09E30E:FG=1; max-age=31536000; expires=Wed, 09-Dec-20 02:48:44 GMT; domain=.baidu.com; path=/; version=1; comment=bd
Traceid: 1575946124058431156210725656341129791126
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1

<!DOCTYPE html><!--STATUS OK-->
........内容省略

[Q111] http ETag value in response to how the head is generated

About etaggenerated need to meet several conditions

When the file does not change, etagvalues remain unchanged. We can not simply useinode
Ease of calculation, especially not consume CPU. Like this hashis not particularly suitable
Easy to scale, a plurality of nodegenerating the etagsame value. This way inoderuled out

About server etaghow to generate reference may HTTP: Generating ETag Header

Then nginxin etagit is how to generate?

nginx generated in the ETag

I found some information and learn the source code online etagcalculation method. A pythonrepresents a pseudo-code is calculated as follows

etag = '{:x}-{:x}'.format(header.last_modified, header.content_lenth)

Source: ngx_http_core_modules.c

etag->value.len = ngx_sprintf(etag->value.data, "\"%xT-%xO\"",
                                  r->headers_out.last_modified_time,
                                  r->headers_out.content_length_n)
                      - etag->value.data;

Summary: nginxIn etaga response header Last-Modifiedand Content-Lengthis expressed from a combination of hexadecimal.

Readily find in my k8s cluster nginxservice test

$ curl --head 10.97.109.49
HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Tue, 10 Dec 2019 06:45:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 23 Apr 2019 10:18:21 GMT
Connection: keep-alive
ETag: "5cbee66d-264"
Accept-Ranges: bytes

The etagcalculation Last-Modifiedand Content-Lengthusing jscalculated as follows, consistent with the results

> new Date(parseInt('5cbee66d', 16) * 1000).toJSON()
"2019-04-23T10:18:21.000Z"
> parseInt('264', 16)
612

Last-Modified, ETag cache and consultation

We know that there are two ways to negotiate cache

Last-Modified/if-Modified-Since
ETag/If-None-Match

Since the nginxmiddle ETagof Last-Modifiedand Content-Lengthcomposition, then it will be an enhanced version Last-Modified, that strengthening the area?

** Last-Modifiedis a unix timestamprepresentation, it means that it can only act on the second level of change **

That next question: If http response header ETag value has changed, it means that the contents of the file must have changed

[Q112] If http response header ETag value has changed, it means that the contents of the file must have changed

Not necessarily, by the server in ETagthe decision generation algorithm. See # 112

For example, nginxin the etagmade last_modifiedand content_lengthcomposed, and last_modifiedhas a mtimecomposition

When editing a file but did not change the contents of the file, or touch file, mtimewill change, this time etagto change, but do not change the content of the document.

[Q116] http serving of static files Last-Modified is generated based on what

Usually selected file mtime, represents the contents of the file modification time

nginxTreated the same way, the sour: ngx_http_static_module.c

    r->headers_out.status = NGX_HTTP_OK;
    r->headers_out.content_length_n = of.size;
    r->headers_out.last_modified_time = of.mtime;

About Why mtimeinstead ctime, refer to # 116

[Q117] Since http is a stateless protocol, then it is how to stay logged in

To pass credentials cookie or Authorization header, authentication on the server

[Q119] https is how to ensure the safety message

https address three major security issues:

Privacy Content
Tamper-proof
Confirm each other's identity

https not directly through asymmetric encryption during transmission, but a handshake, the handshake process is mainly to do and server communications, generate private keys, symmetric encryption for data transmission through the final secret key. As well as verify the correctness of the certificate.
Certificate validation process to ensure that the other party is legitimate, and the man in the middle attack can not be forged by a certificate.

[Q121] How do we know that the service uses technology stack from the packet in http

There are two general response header, sometimes to conceal their true server-side technology stack these two fields will be hidden

X-Powerd-By
Server

[Q122] when sending http request packet, Host is necessary to do

Is necessary, because we do not know will not be a broker goes way, if directly to the server, the server can know the path by which resources, but if by proxy, then the proxy server is not known what specific address

[Q133] http response if the content-type header to application / octet-stream, then what does that mean representatives

It represents a binary stream, generally used to download files

[Q136] http to https redirection to do what status code should be used

Generally used 301in more and more, but also used 302, if opened HSTSwill be used307

As known to use almost 302, 301 used Taobao

$ curl --head www.zhihu.com
HTTP/1.1 302 Found
Date: Tue, 24 Dec 2019 00:13:54 GMT
Content-Length: 22
Connection: keep-alive
Server: NWS_TCloud_IPV6
Location: https://www.zhihu.com/
X-NWS-LOG-UUID: 0e28d9a1-6aeb-42cd-9f6b-00bd6cf11500

$ curl --head www.taobao.com
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Tue, 24 Dec 2019 00:13:58 GMT
Content-Type: text/html
Content-Length: 278
Connection: keep-alive
Location: https://www.taobao.com/
Via: cache20.cn1480[,0]
Timing-Allow-Origin: *
EagleId: 6f3f38a815771464380412555e

[Q141] http Date header Last-Modified response and what is the difference and what needs to pay attention to the deployment site

LM-Factor And Talia related.

In short, not a static resource settings Cache-Controlwould set a mandatory buffer time to respond to these two heads when, rather than directly negotiate cache. When it comes to CDN, more obvious, reflected in the updated code is deployed, the interface is not updated.

keep-alive [Q144] http 1.1 What is the role of the

In http 1.1, set in the response header keep-alivemay send multiple http requests on a TCP connection

To avoid the reopening of the TCP connection overhead
Avoiding the overhead of re-establishing SSL connections when refreshing
When QPS avoid too large, too large number of connections to the server

Use turned on in response to the first server keep-alive

Connection: Keep-Alive
Keep-Alive: timeout=5, max=1000