HTTP
Basics
- https://httpkit.com/resources/HTTP-from-the-Command-Line/
- http://news.ycombinator.com/item?id=4762886
- HTTPie is a CLI, cURL-like tool for humans
- httpbin(1) - HTTP Request & Response Service
user-agent
auth
2012;
- https://datatracker.ietf.org/doc/draft-prodromou-dialback/ - pump.io
- https://github.com/evanp/dialback-example
URLs
User and group
See also *nix#Users
Servers
python2
python -m SimpleHTTPServer 8000
python3
python -m http.server 5674
- h5ai makes browsing directories on HTTP web servers more pleasant. Directory listings get styled in a modern way and browsing through the directories is enhanced by different views, a breadcrumb and a tree overview.
Nginx
- nginx [engine x] is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Igor Sysoev started development of Nginx in 2002, with the first public release in 2004. Nginx now hosts nearly 12.18% (22.2M) of active sites across all domains. Nginx is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.
Guides
- Nginx Primer - Jul 19, 2010
- Nginx Primer 2: From Apache to Nginx - Feb 04th, 2011
- agentzh's Nginx Tutorials
- The Architecture of Open Source Applications (Volume 2): Nginx
- https://github.com/dslatten/nginsane
- Varnish as reverse proxy with nginx as web server and SSL terminator - Or, if you like, the nginx-Varnish-nginx sandwich. Jul 24th, 2012
Compression
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype;
Webfonts
Nginx uses a file’s mime type declaration to decide whether or not to apply compression to that file, and so we must first ensure that the four types of web font files have mime types configured.
/etc/nginx/mime.types
application/vnd.ms-fontobject eot; application/x-font-ttf ttf; font/opentype ott; font/x-woff woff;
remove;
application/octet-stream eot; application/vnd.oasis.opendocument.text-template ott;
Configuration
Listening on specific IP will override a wildcard IP catch-all.
Site setup
Site folder location can vary.
/var/www debian /etc/nginx/html arch linux
Create 'Server Block' (vhost) config file in
/etc/nginx/sites-available
and later ln -s them in
/etc/nginx/sites-enabled
- ServerBlockExample - Basic examples
Enable logging in vhost conf;
error_log /var/log/nginx-vhostnamehere.log error;
- http://nginx.org/en/docs/http/server_names.html
- http://stackoverflow.com/questions/7947030/nginx-no-www-to-www-and-www-to-no-www
SSL
- Create .key
- Create .csr from .key
- Send .csr to CA, CA returns .crt
- (.crt is concatenated with intermediate.crt. .key can also be added; nginx will not send it)
- Nginx config points to .crt and .key
- http://www.startssl.com/?app=42
- http://blog.chrismeller.com/creating-and-managing-ssl-certificates-with-nginx
Make sure wildcard SSL is in http stanza and that any specific server is listening on 443.
- http://serverfault.com/questions/375621/nginx-override-global-ssl-directives-for-specific-servers
- http://publications.jbfavre.org/web/nginx-vhosts-automatiques-avec-SSL-et-authentification.en
- http://stackoverflow.com/questions/8768946/dealing-with-nginx-400-the-plain-http-request-was-sent-to-https-port-error
- https://www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-nginx-on-ubuntu-12-04
- https://raymii.org/s/tutorials/Pass_the_SSL_Labs_Test_on_NGINX_(Mitigate_the_CRIME_and_BEAST_attack_-_Disable_SSLv2_-_Enable_PFS).html
- http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
Modules
- Nginx modules must be selected during compile, run-time selection of modules is not currently supported.
- HttpFastcgiModule
- FcgiExample - FastCGI example. Keep seperate and include.
- PHPFcgiExample
- How to Solve “No input file specified” with PHP and Nginx - Jan 19, 2011
- HttpLimitConnModule - This module makes it possible to limit the number of concurrent connections for a defined key such as, for example, an ip address.
- HttpRewriteModule - rewriting urls
- HttpAuthBasicModule - for directory passwords
location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/htpasswd; }
printf "John:$(openssl passwd -crypt V3Ry)\n" >> .htpasswd # this example uses crypt encryption printf "Mary:$(openssl passwd -apr1 SEcRe7)\n" >> .htpasswd # this example uses apr1 (Apache MD5) encryption printf "Jane:$(openssl passwd -1 V3RySEcRe7)\n" >> .htpasswd # this example uses MD5 encryption (PWD="SEcRe7PwD";SALT="$(openssl rand -base64 3)";SHA1=$(printf "$PWD$SALT" | openssl dgst -binary -sha1 | \ sed 's#$#'"$SALT"'#' | base64);printf "Jim:{SSHA}$SHA1\n" >> .htpasswd) # this example uses SSHA encryptio
- https://github.com/pagespeed/ngx_pagespeed - Automatic [Google] PageSpeed optimization module for Nginx
Tools
- https://github.com/perusio/nginx_ensite - nginx_ensite and nginx_dissite for quick virtual host enabling and disabling
Directory listing
autoindex on;
Lua
Forks / patches
Apache
- The 5G Blacklist helps reduce the number of malicious URL requests that hit your website. It’s one of many ways to improve the security of your site and protect against evil exploits, bad requests, and other nefarious garbage.
.htaccess
lighttpd
Other
CORS
- https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS
- http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Proxy
- Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.
- HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net
- Glype is a web-based proxy script written in PHP which focuses on features, functionality, and ease of use. Webmasters use Glype to quickly and easily set up their own proxy sites. Glype helps users to defeat Internet censorship and be anonymous while web browsing.
- ngrok - Introspected tunnels to localhost- securely expose a local web server to the internet and capture all traffic for detailed inspection and replay
Extensions
- http://getfoxyproxy.org/
- https://github.com/willscott/ChromeProxy
- https://chrome.google.com/webstore/detail/proxxy/clkkaggocmafajhbcbknhcgnbmagjohi/details
- https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm
Testing
- RED is a robot that checks HTTP resources to see how they'll behave, pointing out common problems and suggesting improvements. Although it is not a HTTP conformance tester, it can find a number of HTTP-related issues.
- Browser SOA Debugger - Depending on the view of things this is just an enhanced HTTP output formatter for tcpdump streams, or the ultimate debugger for complex HTTP oriented SOA architectures which visualizes the full HTTP interactions in a readable, reproducible way so that you can see what is actually going on in your backend.
Compression
Load
Performance
See also Server#Performance
- Use Server Cache Control to Improve Performance
- Cache Control Directives Demystified - July 2008
- The Importance of the WordPress Expires Header
Guides
- Google Dev: Make the Web Faster
- Even Faster Web Sites - Book by Steve Souders
- Caching Tutorial for Web Authors and Webmasters
- A Primer on Web Caching - Jun 23rd, 2012
- How we made Portent.com really freaking fast - May 23, 2012
- serverfault: The strange case of Mr. Time To First Byte
- One Sub Domain Doesn’t Make a CDN - Jan 3, 2011
- if using not using www., use a subdomain cname on another domain
Cookieless
Cookie free domain for static content so cooke isn't sent with request. Root domain cookies apply to all subdomain cookies, though using www. (ugh!) works. Use another domain A record to point to the site.(?)
ETag
- stackoverflow: ETag vs Header Expires - Feb 1, 2009
- Speed Tips: Turn Off ETags - for multiserver
- http://joshua.schachter.org/2006/11/apache-etags.html
- http://davidwalsh.name/yslow-htaccess
- REST Tip: Deep etags give you more benefits. - Mar 2007
- ETags Revisited - 31 Jan 2011. best overview article.
Caching
- http://www.quora.com/What-is-the-fundamental-difference-between-varnish-and-squid-caching-architectures
- http://deserialized.com/caching/reverse-proxy-performance-varnish-vs-squid-part-1/
Varnish
- Varnish is a web application accelerator. You install it in front of your web application and it will speed it up significantly.
Load balancing
CDN
- http://www.jsdelivr.com/ - js
- backed by maxcdn.com
- CoralCDN is a decentralized, self-organizing, peer-to-peer web-content distribution network. CoralCDN leverages the aggregate bandwidth of volunteers running the software to absorb and dissipate most of the traffic for web sites using the system.
.nyud.net
p2p;
Testing
- YSlow
- YSlow: Yahoo's Problems Are Not Your Problems - Aug 15, 2007
- etc.
- GTmetrix uses Google Page Speed and Yahoo! YSlow to grade your site's performance and provides actionable recommendations to fix these issues.
- Blitz does cloud based load and performance testing ising Sinatra, Rails and node.js.
- Free: Sprint all you want, Rush all you want, 250 concurrent users, 1 minute rushes
- Engulf is a scalable, distributed HTTP benchmarker, designed to let you spin up and coordinate a cluster of workers with nothing more than a single JAR. Engulf's backend is written in clojure, the frontend in javascript.
Web server logs
Combined Log Format
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
old skool;
Apache
Nginx
error_log /var/log/nginx/domain.name/error.log; access_log /var/log/nginx/domain.name/access.log;
- http://articles.slicehost.com/2010/8/27/reading-nginx-web-logs
- http://gadelkareem.com/2012/07/01/nginx-error-log-reader/
GoAccess
- GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems. It provides fast and valuable HTTP statistics for system administrators that require a visual server report on the fly.
Control panels
Analytics
Referer
Piwik
- Piwik is downloadable, Free/Libre (GPLv3 licensed) real time web analytics software. It provides you with detailed reports on your website visitors; the search engines and keywords they used, the language they speak, your popular pages, and much more.
- User Guide
- Log Analytics - combined format logs (apache, nginx)
WordPress
Clicky
other
Upload
Quick screipts for uploading;
- https://code.google.com/p/html5uploader/
- https://github.com/mihaild/jquery-html5-upload
- http://www.plupload.com/
404
Other
HTTP/2.0
see SPDY and such conversation