[Q035] http What are the common status codes
Exchange and discussion in the Issue: answer analysis
- 1XX represents a message
- 2XX indicates success
- 3XX Redirects
- 4XX that the client error
- 5XX expressed server error
Common status codes
200
Most like to see the status code indicating that the request was successful
301
Permanent redirect
302
Temporary Redirect
304
Since the last request, unmodified documents
400
bad Request
401
Unauthorized, requires authentication, such as token information, etc.
403
Request is denied
404
Lack of resources, the interface does not exist, or the requested file does not exist, etc.
500
Unknown server error
502
Bad Gateway
503
Service is temporarily unavailable
[Q036] http status codes 301, 302 and 307 What is the difference
Exchange and discussion in the Issue: answer analysis
- 301, Moved Permanently. Permanent redirect, the operation is dangerous, we need to exercise caution: If you set 301, but after some time want to cancel, but the browser has already cached, or redirected.
- 302, Fount. Temporary redirect, but we will change the method in the redirect time: change the POST GET, so with 307
- 307, Temporary Redirect. Temporary redirect, redirect will not change in the method
[Q050] http status codes 502 and 504 What is the difference
Exchange and discussion in the Issue: answer analysis
Of Bad Gateway 502
of The Gateway Server or WAS A acting Proxy and AS AN Received invalid Response The upstream from Server.
Received a response but can not resolve the upstream504 Gateway Timeout
The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
上游响应超时
[Q079] http caching mechanism outlined
Exchange and discussion in the Issue: answer analysis
What [Q081] http proxy principle is
More Description: The `webpack-dev-server` may be provided proxy,` nginx` may be provided
Exchange and discussion in the Issue: answer analysis
everything
[Q084] With the development of http2, conventional schemes which front-end performance optimization may be substituted
Exchange and discussion in the Issue: answer analysis
- Sprite map
- Merge resource files
[Q085] http2 What is the difference with http1.1
Exchange and discussion in the Issue: answer analysis
[Q107] What is the Basic Auth and Digest Auth
Exchange and discussion in the Issue: answer analysis
What is the principle of gzip is [Q108]
Exchange and discussion in the Issue: answer analysis
gzip
Using the LZ77
algorithm and Huffman
encoding to compress files, file higher spatial repetitiveness compressible greater.
[Q109] you can turn on gzip compression of the picture, and why
Exchange and discussion in the Issue: answer analysis
No need to open, if open, then, has the potential to become bigger picture. If you pay attention img Resource some sites, you will find that they are not opengzip
Don't use gzip for image or other binary files.
Image file formats supported by the web, as well as videos, PDFs and other binary formats, are already compressed; using gzip on them won't provide any additional benefit, and can actually make them larger. To compress images, see Optimize images.
[Q110] request packet and response packet format http what
Exchange and discussion in the Issue: answer analysis
To nc
simulate http packets as follows
$ nc www.baidu.com 80
GET / HTTP/1.1
Host: www.baidu.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 14615
Content-Type: text/html
Date: Tue, 10 Dec 2019 02:48:44 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Pragma: no-cache
Server: BWS/1.1
Set-Cookie: BAIDUID=F0FC6B3A056DEA285F51A1F2F8A170BB:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BIDUPSID=F0FC6B3A056DEA285F51A1F2F8A170BB; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1575946124; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BAIDUID=F0FC6B3A056DEA287CB2B9422E09E30E:FG=1; max-age=31536000; expires=Wed, 09-Dec-20 02:48:44 GMT; domain=.baidu.com; path=/; version=1; comment=bd
Traceid: 1575946124058431156210725656341129791126
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
<!DOCTYPE html><!--STATUS OK-->
........内容省略
[Q111] http ETag value in response to how the head is generated
Exchange and discussion in the Issue: answer analysis
About etag
generated need to meet several conditions
- When the file does not change,
etag
values remain unchanged. We can not simply useinode
- Ease of calculation, especially not consume CPU. Like this
hash
is not particularly suitable - Easy to scale, a plurality of
node
generating theetag
same value. This wayinode
ruled out
About server etag
how to generate reference may HTTP: Generating ETag Header
Then nginx
in etag
it is how to generate?
nginx generated in the ETag
I found some information and learn the source code online etag
calculation method. A python
represents a pseudo-code is calculated as follows
etag = '{:x}-{:x}'.format(header.last_modified, header.content_lenth)
Source: ngx_http_core_modules.c
etag->value.len = ngx_sprintf(etag->value.data, "\"%xT-%xO\"",
r->headers_out.last_modified_time,
r->headers_out.content_length_n)
- etag->value.data;
Summary: nginx
In etag
a response header Last-Modified
and Content-Length
is expressed from a combination of hexadecimal.
Readily find in my k8s cluster nginx
service test
$ curl --head 10.97.109.49
HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Tue, 10 Dec 2019 06:45:24 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 23 Apr 2019 10:18:21 GMT
Connection: keep-alive
ETag: "5cbee66d-264"
Accept-Ranges: bytes
The etag
calculation Last-Modified
and Content-Length
using js
calculated as follows, consistent with the results
> new Date(parseInt('5cbee66d', 16) * 1000).toJSON()
"2019-04-23T10:18:21.000Z"
> parseInt('264', 16)
612
Last-Modified, ETag cache and consultation
We know that there are two ways to negotiate cache
Last-Modified
/if-Modified-Since
ETag
/If-None-Match
Since the nginx
middle ETag
of Last-Modified
and Content-Length
composition, then it will be an enhanced version Last-Modified
, that strengthening the area?
** Last-Modified
is a unix timestamp
representation, it means that it can only act on the second level of change **
That next question: If http response header ETag value has changed, it means that the contents of the file must have changed
[Q112] If http response header ETag value has changed, it means that the contents of the file must have changed
Exchange and discussion in the Issue: answer analysis
Not necessarily, by the server in ETag
the decision generation algorithm. See # 112
For example, nginx
in the etag
made last_modified
and content_length
composed, and last_modified
has a mtime
composition
When editing a file but did not change the contents of the file, or touch file
, mtime
will change, this time etag
to change, but do not change the content of the document.
[Q116] http serving of static files Last-Modified is generated based on what
Exchange and discussion in the Issue: answer analysis
Usually selected file mtime
, represents the contents of the file modification time
nginx
Treated the same way, the sour: ngx_http_static_module.c
r->headers_out.status = NGX_HTTP_OK;
r->headers_out.content_length_n = of.size;
r->headers_out.last_modified_time = of.mtime;
About Why mtime
instead ctime
, refer to # 116
[Q117] Since http is a stateless protocol, then it is how to stay logged in
Exchange and discussion in the Issue: answer analysis
To pass credentials cookie or Authorization header, authentication on the server
[Q119] https is how to ensure the safety message
Exchange and discussion in the Issue: answer analysis
https address three major security issues:
- Privacy Content
- Tamper-proof
- Confirm each other's identity
https not directly through asymmetric encryption during transmission, but a handshake, the handshake process is mainly to do and server communications, generate private keys, symmetric encryption for data transmission through the final secret key. As well as verify the correctness of the certificate.
Certificate validation process to ensure that the other party is legitimate, and the man in the middle attack can not be forged by a certificate.
[Q121] How do we know that the service uses technology stack from the packet in http
Exchange and discussion in the Issue: answer analysis
There are two general response header, sometimes to conceal their true server-side technology stack these two fields will be hidden
X-Powerd-By
Server
[Q122] when sending http request packet, Host is necessary to do
Exchange and discussion in the Issue: answer analysis
Is necessary, because we do not know will not be a broker goes way, if directly to the server, the server can know the path by which resources, but if by proxy, then the proxy server is not known what specific address
[Q133] http response if the content-type header to application / octet-stream, then what does that mean representatives
Exchange and discussion in the Issue: answer analysis
It represents a binary stream, generally used to download files
[Q136] http to https redirection to do what status code should be used
Exchange and discussion in the Issue: answer analysis
Generally used 301
in more and more, but also used 302
, if opened HSTS
will be used307
As known to use almost 302, 301 used Taobao
$ curl --head www.zhihu.com
HTTP/1.1 302 Found
Date: Tue, 24 Dec 2019 00:13:54 GMT
Content-Length: 22
Connection: keep-alive
Server: NWS_TCloud_IPV6
Location: https://www.zhihu.com/
X-NWS-LOG-UUID: 0e28d9a1-6aeb-42cd-9f6b-00bd6cf11500
$ curl --head www.taobao.com
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Tue, 24 Dec 2019 00:13:58 GMT
Content-Type: text/html
Content-Length: 278
Connection: keep-alive
Location: https://www.taobao.com/
Via: cache20.cn1480[,0]
Timing-Allow-Origin: *
EagleId: 6f3f38a815771464380412555e
[Q141] http Date header Last-Modified response and what is the difference and what needs to pay attention to the deployment site
Exchange and discussion in the Issue: answer analysis
LM-Factor
And Talia related.
In short, not a static resource settings Cache-Control
would set a mandatory buffer time to respond to these two heads when, rather than directly negotiate cache. When it comes to CDN, more obvious, reflected in the updated code is deployed, the interface is not updated.
keep-alive [Q144] http 1.1 What is the role of the
Exchange and discussion in the Issue: answer analysis
In http 1.1
, set in the response header keep-alive
may send multiple http requests on a TCP connection
- To avoid the reopening of the TCP connection overhead
- Avoiding the overhead of re-establishing SSL connections when refreshing
- When QPS avoid too large, too large number of connections to the server
Use turned on in response to the first server keep-alive
Connection: Keep-Alive
Keep-Alive: timeout=5, max=1000