There's this thing called HTTP

There’s
this thing
called
HTTP
By Thijs Feryn

View Slide

Hi
my name
is Thijs

View Slide

I’m
an evangelist at

View Slide

I’m
a board member
at

View Slide

View Slide

h"p://joind.in/7581
Please
give me
feedback

View Slide

View Slide

Name 5
things you
like about
HTTP

View Slide

Name 5
things you
hate about
HTTP

View Slide

What the
heck is
HTTP
actually?

View Slide

It might get a bit boring ... just a bit

View Slide

Application
level protocol
in the TCP/IP
network stack

View Slide

View Slide

Request
&
Response

View Slide

Methods
&
Status
codes

View Slide

Headers
&
Body

View Slide

GET / HTTP/1.1
Host: fronteers.nl
User-‐Agent: Mozilla/5.0 (Macintosh; Intel
Mac OS X 10.8; rv:16.0) Gecko/20100101
Firefox/16.0
Accept: text/html,application/xhtml
+xml,application/xml;q=0.9,*/*;q=0.8
Accept-‐Language: en,nl;q=0.7,fr-‐be;q=0.3
Accept-‐Encoding: gzip, deflate
Connection: keep-‐alive
Cookie: first_pv_60255=1; _eventqueue=%7B
%22heatmap%22%3A%5B%5D%2C%22events%22%3A%5B
%5D%7D; _jsuid=608348910; unpoco_60255=1

View Slide

HTTP/1.1 200 OK
Date: Wed, 17 Oct 2012 13:19:58 GMT
Server: Apache
Content-‐Encoding: gzip
Vary: Accept-‐Encoding
X-‐UA-‐Compatible: IE=Edge,chrome=1
Content-‐Length: 5566
Keep-‐Alive: timeout=11, max=97
Connection: Keep-‐Alive
Content-‐Type: text/html; charset=UTF-‐8

View Slide

Status
codes
h"p://www.w3.org/Protocols/rfc2616/rfc2616-‐sec10.html
h"p://en.wikipedia.org/wiki/List_of_HTTP_status_codes

View Slide

100 range
Magic,
fuggedaboudid!

View Slide

200 range
Check!

View Slide

200
201
202
203
OK
Created
Accepted
Non-‐Authorita7ve
Informa7on

View Slide

204
205
206
No Content
Reset Content
Par7al Content

View Slide

300 range
Talk to that guy over
there

View Slide

301
302
303
304
Moved permanently
Found
See other
Not modified

View Slide

305
306
307
Use Proxy
Unused
Temporary Redirect

View Slide

400 range
Dude, you f’d up!

View Slide

400
403
404
405
408
Bad request
Forbidden
Not found
Method not allowed
Request 7meout

View Slide

400
401
402
403
404
Bad Request
Unauthorized
Payment Required
Forbidden
Not Found

View Slide

405
406
407
408
409
Method Not Allowed
Not Acceptable
Proxy Authen7ca7on
Required
Request Timeout
Conﬂict

View Slide

410
411
412
413
414
Gone
Length Required
Precondi7on Failed
Request En7ty Too Large
Request-‐URI Too Long

View Slide

415
416
417
Unsupported Media Type
Requested Range Not
Sa7sﬁable
Expecta7on Failed

View Slide

500 range
Sorry man, we f’d
up!

View Slide

500
501
502
503
504
505
Internal server error
Not implemented
Bad gateway
Service unavailable
Gateway 7meout
HTTP Version Not
Supported

View Slide

Request
Headers

View Slide

Accept
Accept-‐Charset
Accept-‐Encoding
Accept-‐language
Authorization
Cache-‐control
Connection
Cookie
Content-‐length
Date
text/plain
u^8
gzip, deﬂate
en,nl;q=0.7,fr-‐be;q=0.3
Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
no-‐cache
close
bla=ja; foo=bar
1024
Tue, 15 Nov 1994 08:12:31 GMT

View Slide

Host
If-‐None-‐Match
Pragma
Proxy-‐Authorization
Referer
Upgrade
User-‐Agent
Via
www.fronteers.nl
"737060cd8c284d8af7ad3082f209582d"
no-‐cache
Basic
QWxhZGRpbjpvcGVuIHNl
c2FtZQ==
hQp://www.combell.com
Mozilla/5.0
websocket
1.0 fred, 1.1 example.com (Apache/1.1)

View Slide

Response
Headers

View Slide

Age
Allow
Cache-‐control
Connection
Content-‐Encoding
Content-‐Language
Content-‐Length
Content-‐Type
Date
12
GET,HEAD
max-‐age=3600
close
gzip
nl
1024
text/html; charset=u^-‐8
Tue, 15 Nov 1994 08:12:31 GMT

View Slide

ETag
Expires
Last-‐Modified
Location
Pragma
Server
Set-‐Cookie
Transfer-‐Encoding
Vary
737060cd8c284d8af7ad3082f209582d
Thu, 01 Dec 1994 16:00:00 GMT
Thu, 01 Dec 1994 16:00:00 GMT
hkp://www.combell.com
no-‐cache
My magic server
bla=abc; session=12345
chuncked
Accept-‐encoding

View Slide

GET / HTTP/1.1
Host: fronteers.nl
User-‐Agent: Mozilla/5.0 (Macintosh; Intel
Mac OS X 10.8; rv:16.0) Gecko/20100101
Firefox/16.0
Accept: text/html,application/xhtml
+xml,application/xml;q=0.9,*/*;q=0.8
Accept-‐Language: en,nl;q=0.7,fr-‐be;q=0.3
Accept-‐Encoding: gzip, deflate
Connection: keep-‐alive
Cookie: first_pv_60255=1; _eventqueue=%7B
%22heatmap%22%3A%5B%5D%2C%22events%22%3A%5B
%5D%7D; _jsuid=608348910; unpoco_60255=1

View Slide

HTTP/1.1 200 OK
Date: Wed, 17 Oct 2012 13:19:58 GMT
Server: Apache
Content-‐Encoding: gzip
Vary: Accept-‐Encoding
X-‐UA-‐Compatible: IE=Edge,chrome=1
Content-‐Length: 5566
Keep-‐Alive: timeout=11, max=97
Connection: Keep-‐Alive
Content-‐Type: text/html; charset=UTF-‐8

View Slide

Implementations

View Slide

Clients +
cURL &
Lynx

View Slide

Servers
The
classics

View Slide

The
popular
new kid
Hype
factor 1

View Slide

NoSQL
Hype
factor 2

View Slide

Varnish
Hype
factor
2.5

View Slide

Hype
factor 3
A hipster’s wet dream

View Slide

PHP’s reac2on to node.js
Pixels
on
purpose

View Slide

What
do
we
do
with
HTTP
?

View Slide

Serve
ﬁles

View Slide

Display pages

View Slide

Interact
with services

View Slide

Search & query

View Slide

Invalidate cache

View Slide

Obstacles

View Slide

Caching

View Slide

ETag
If-‐Non-‐Match: "3e86-‐410-‐3596?bc"
ETag: "3e86-‐410-‐3596?bc"

View Slide

Expires
Expires "Wed, 1 Jan 2014 20:00:00 GMT"

View Slide

Cache-‐control
Cache-‐Control “max-‐age=3600, s-‐
maxage=1000, public, must-‐revalidate”

View Slide

Max-‐Age
S-‐maxage
Public
Private
No-‐cache
No-‐store
Must-‐revalidate
Proxy-‐revalidate
TTL for browsers in seconds
TTL for proxies in seconds
Proxies & browsers can cache
Only browsers can cache
Revalidate before dropping from cache
Don’t cache at all
Browser revalidate before serving from
cache
Proxy revalidate before serving from
cache

View Slide

Cache-control in Varnish
1.Vcl (beresp.ttl)
2.Cache-control s-maxage
3.Cache-control max-age
4.Expires

View Slide

Let’s talk about Varnish

View Slide

“Varnish saves lives”

View Slide

Reverse caching
proxy

View Slide

In front of the
webserver

View Slide

Only get & HEAD
No cookie & auth headers
No set-cookie headers
cache ttl > 0
No vary “*”
When will varnish cache?

View Slide

based on host/ip + urL hash
By default in Memory
Optionally on disk
how will varnish cache?

View Slide

Request vcl_recv
In cache?
vcl_hash Cacheable?
vcl_hit() vcl_miss()
vcl_deliver()
vcl_fetch()
No
Yes
No
Yes
Response

View Slide

# sub vcl_recv {
# if (req.restarts == 0) {
# if (req.http.x-‐forwarded-‐for) {
# set req.http.X-‐Forwarded-‐For =
# req.http.X-‐Forwarded-‐For + ", " + client.ip;
# } else {
# set req.http.X-‐Forwarded-‐For = client.ip;
# }
# }
# if (req.request != "GET" &&
# req.request != "HEAD" &&
# req.request != "PUT" &&
# req.request != "POST" &&
# req.request != "TRACE" &&
# req.request != "OPTIONS" &&
# req.request != "DELETE") {
# /* Non-‐RFC2616 or CONNECT which is weird. */
# return (pipe);
# }
# if (req.request != "GET" && req.request != "HEAD") {
# /* We only deal with GET and HEAD by default */
# return (pass);
# }
# if (req.http.Authorization || req.http.Cookie) {
# /* Not cacheable by default */
# return (pass);
# }
# return (lookup);
# }

View Slide

# sub vcl_hash {
# hash_data(req.url);
# if (req.http.host) {
# hash_data(req.http.host);
# } else {
# hash_data(server.ip);
# }
# return (hash);
# }
# sub vcl_fetch {
# if (beresp.ttl <= 0s ||
# beresp.http.Set-‐Cookie ||
# beresp.http.Vary == "*") {
# /*
# * Mark as "Hit-‐For-‐Pass" for the next 2 minutes
# */
# set beresp.ttl = 120 s;
# return (hit_for_pass);
# }
# return (deliver);
# }

View Slide

Purge cache

View Slide

curl -‐X PURGE http://example.com/some-‐page
acl purge {
"localhost"
}
sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}

View Slide

Edge Side Includes

View Slide

header.php
menu.php main.php
footer.php
TTL 5s
No caching
TTL 10s
TTL 2s

View Slide

View Slide

Surrogate-‐Capability: “key=ESI/1.0”
Surrogate-‐Control: “content=ESI/1.0”
Proxy
Webserver

View Slide

ESI VCL
sub vcl_recv {
set req.http.Surrogate-‐Capability="key=ESI/1.0";
}
sub vcl_fetch {
if(beresp.http.Surrogate-‐Control~"ESI/1.0") {
unset beresp.http.Surrogate-‐Control;
set beresp.do_esi=true;
}
}

View Slide

Cookies

View Slide

Cookies
Tracking
Sessions
Language

View Slide

Cookies
HTTP cookie
request header
via browser
HTTP set-cookie
response header
via webserver

View Slide

Varnish doesn’t like them

View Slide

Don’t vary on
cookie

View Slide

Vary on custom
header
X-‐Lang: nl
Vary: X-‐Lang
Cookie: lang=nl

View Slide

Webserver
performance

View Slide

Apache vs Nginx

View Slide

Prefork or worker mode
Async, event-‐driven workers
Apache
Nginx

View Slide

Evented non-‐blocking I/O
We’ll call
you back!

View Slide

Blocking
var results = db.query("SELECT * FROM tablename");
//use results
Non-‐blocking
db.query("SELECT * FROM tablename" , function (results) {
//use results
});
//do something else

View Slide

Example
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-‐Type': 'text/plain'});
res.end('Hello World\n');
}).listen(1337, '127.0.0.1');
console.log('Server running at http://127.0.0.1:1337/');

View Slide

We can do it in PHP too

View Slide

Example
require 'vendor/autoload.php';
$app = function ($request, $response) {
$response->writeHead(200, array('Content-
Type' => 'text/plain'));
$response->end("Hello World\n");
};
$loop = React\EventLoop\Factory::create();
$socket = new React\Socket\Server($loop);
$http = new React\Http\Server($socket, $loop);
$http->on('request', $app);
echo "Server running at http://127.0.0.1:1337\n";
$socket->listen(1337);
$loop->run();

View Slide

Real 2me data
Ajax
Websockets

View Slide

Websockets
var conn = new
WebSocket('ws://
some.host');
conn.onmessage =
function(e) {
console.log(e.data);
};
conn.send('Hello World!');
Client

View Slide

Websockets
Server
Ratchet:
websocket
framework
on top of
React

View Slide

namespace MyApp;
use Ratchet\MessageComponentInterface;
use Ratchet\ConnectionInterface;
class Chat implements MessageComponentInterface {
protected $clients;
public function __construct() {
$this->clients = new \SplObjectStorage;
}
public function onOpen(ConnectionInterface $conn) {
$this->clients->attach($conn);
}
public function onMessage(ConnectionInterface $from, $msg) {
foreach ($this->clients as $client) {
if ($from !== $client) {
$client->send('Response: '.$msg);
}
}
}
public function onClose(ConnectionInterface $conn) {
$this->clients->detach($conn);
}
public function onError(ConnectionInterface $conn, \Exception $e) {
echo "An error has occurred: {$e->getMessage()}\n";
$conn->close();
}
}

View Slide

require __DIR__.'/vendor/autoload.php';
require 'chat.php';
use Ratchet\WebSocket\WsServer;
use Ratchet\Server\IoServer;
use MyApp\Chat;
$ws = new WsServer(new Chat());
$ws->disableVersion(0);
$server = IoServer::factory($ws,80,'1.2.3.4');
$server->run();

View Slide

View Slide

HTTPS

View Slide

Browser
trust
Client

View Slide

CSR
CRT
Key
CA bundle
Server

View Slide

Varnish
can’t deal
with it

View Slide

Terminate SSL

View Slide

Is
also a
proxy!

View Slide

upstream varnish {
server varnish1.example.com;
server varnish2.example.com;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/example.ssl.cert;
ssl_certificate_key /etc/nginx/example.ssl.key;
server_name www.example.com;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://varnish;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-‐Scheme $scheme;
proxy_set_header X-‐Forwarded-‐For $proxy_add_x_forwarded_for;
proxy_set_header CLIENT_CERT $ssl_client_raw_cert;
}
Make
your app
aware

View Slide

Other
cool stuff
we can
do!

View Slide

upstream fpm {
server php1.server.com:9000;
server php2.server.com:9000;
}
upstream memcached {
server memcached1.server.com:11211;
server memcached2.server.com:11211;
}
server {
root /var/www;
index index.php index.html index.htm;
server_name nginx.server.com;
location / {
try_files $uri $uri/ /index.php;
}
location @php {
fastcgi_pass fpm;
fastcgi_index index.php;
include fastcgi_params;
}

View Slide

location ~ \.php$ {
set $memcached_key $request_uri;
memcached_pass memcached;
memcached_next_upstream not_found;
default_type text/html;
error_page 404 405 502 = @php;
}
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-
revalidate, proxy-revalidate";
}
}

View Slide

REpresentational
State
Transfer

View Slide

Developed in
parallel with
HTTP/1.1

View Slide

The way the
web
*should*
work

View Slide

Resources
Stateless
Cacheable
Layered
Uniform interface
Vocabulary re-‐use
HATEOAS
Keywords

View Slide

View Slide

David
Zülke
@dzuelke

View Slide

✓A URL idenKﬁes a resource.
✓Resources have a hierarchy, so you know that
something with addiKonal slashes is a subordinate
resource
✓Verbs are used to perform operaKons on
resources
✓The operaKon is implicit and not part of the URL
✓A hypermedia format is used to represent the
data
✓Link relaKons are used to navigate a service
Quodng
David Zülke
@dzuelke

View Slide

GET
POST
PUT
DELETE
Retrieve
Insert
Update
Remove

View Slide

HATEOAS
WTF?

View Slide

Hypertext
As
The
Engine
Of
Application
State

View Slide

GET /products/1234 HTTP/1.1
Host: example.com
Accept: application/vnd.com.example+xml
HTTP/1.1 200 OK
Content-‐Type: application/vnd.com.example+xml; charset=utf-‐8
Allow: GET, PUT, DELETE
xml version="1.0" encoding="utf-‐8" ?>
w3.org/2005/Atom">
1234
My product
Mijn product
5
6.5
+xml" href="http://example.com/products/1234/payment"

Thx
David!

View Slide

There's this thing called HTTP

There's this thing called HTTP

Thijs Feryn

More Decks by Thijs Feryn

Other Decks in Technology

Featured

Transcript