DevOps Journey

HTTP/HTTPS

HyperText Transfer Protocol

HTTP/HTTPS

HTTP is the application protocol used for web communication.

HTTP Basics

Request-Response Model

Client Request:
GET /index.html HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0

Server Response:
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1234

<html>...</html>

HTTP Methods

GET

Retrieve a resource

GET /api/users HTTP/1.1

POST

Submit data to server

POST /api/users HTTP/1.1
Content-Type: application/json

{"name": "John"}

PUT

Replace entire resource

PUT /api/users/1 HTTP/1.1

PATCH

Partially update resource

PATCH /api/users/1 HTTP/1.1

DELETE

Remove resource

DELETE /api/users/1 HTTP/1.1

Like GET but no response body

HEAD /index.html HTTP/1.1

Status Codes

2xx Success

  • 200 OK
  • 201 Created
  • 204 No Content
  • 206 Partial Content

3xx Redirection

  • 301 Moved Permanently
  • 302 Found (temporary)
  • 304 Not Modified
  • 307 Temporary Redirect

4xx Client Error

  • 400 Bad Request
  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found
  • 429 Too Many Requests

5xx Server Error

  • 500 Internal Server Error
  • 502 Bad Gateway
  • 503 Service Unavailable
  • 504 Gateway Timeout

HTTP Versions

HTTP/1.1

  • Persistent connections
  • Pipelining support
  • Keep-alive
  • Most common

HTTP/2

  • Binary framing
  • Multiplexing
  • Server push
  • Header compression
  • Better performance

HTTP/3

  • Based on QUIC
  • UDP instead of TCP
  • Faster connection
  • Improved security

HTTPS (HTTP Secure)

HTTP with SSL/TLS encryption

Benefits

  • Encrypted communication
  • Authentication
  • Integrity checking
  • Protection from eavesdropping
  • Required for sensitive data

Port

HTTP: Port 80
HTTPS: Port 443

Headers

Common Request Headers

Host: example.com
User-Agent: Mozilla/5.0
Accept: text/html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Cookie: session=abc123
Authorization: Bearer token

Common Response Headers

Content-Type: text/html
Content-Length: 1234
Cache-Control: max-age=3600
Set-Cookie: session=xyz789
Location: /new-location
Vary: Accept-Encoding

Caching

Cache-Control: max-age=3600
Cache-Control: public
Cache-Control: private
Cache-Control: no-cache
Cache-Control: no-store
Expires: Wed, 21 Oct 2025 07:28:00 GMT
ETag: "33a64df551425fcc55e4d42a148795d9f25f89d4"
Last-Modified: Wed, 21 Oct 2020 07:28:00 GMT

Testing HTTP

# Make HTTP request
curl http://example.com

# Verbose output
curl -v http://example.com

# Headers only
curl -I http://example.com

# POST request
curl -X POST -d "key=value" http://example.com

# Custom headers
curl -H "Custom-Header: value" http://example.com

# Save response
curl -o filename http://example.com

Best Practices

  • Always use HTTPS for sensitive data
  • Implement proper caching
  • Set security headers
  • Validate input
  • Handle errors gracefully
  • Implement rate limiting
  • Monitor performance
  • Keep software updated

DNS

Domain Name System

SSL/TLS

Secure Sockets Layer and Transport Layer Security

On this page

HTTP/HTTPSHTTP BasicsRequest-Response ModelHTTP MethodsGETPOSTPUTPATCHDELETEHEADStatus Codes2xx Success3xx Redirection4xx Client Error5xx Server ErrorHTTP VersionsHTTP/1.1HTTP/2HTTP/3HTTPS (HTTP Secure)BenefitsPortHeadersCommon Request HeadersCommon Response HeadersCachingTesting HTTPBest Practices