# HTTP请求核心原理

* 网络请求架构图：<img src='../images/javaee/http请求结构图.png' width='350px'>
* 负载均衡架构：LVM（传输层负载均衡），Nginx（应用层负载均衡），HAProxy（应用层负载均衡）
    * 硬件负载均衡（F5）性能，但是贵且不能动态扩容（配置的机器数是死的，可以用云ELB解决）
    * 软件负载均衡成本低，但是层次多会增加网络延迟
    * 数据链路层负载均衡：集群使用同样的IP，均衡器将IP映射到不同的MAC地址实现路由
    * 网络层负载均衡：集群使用不同的IP，均衡器直接将IP映射到不同的机器实现路由
    * 传输层负载均衡：通过IP+PORT映射实现路由
    * 应用层负载通过：通过请求URL反向代理实现路由，DNS负载均衡，将域名解析成不同的IP地址，虽然域名解析中的A记录表示一个IP对应一个域名，但是可以同时存在多个A记录，也就是可以存在一个域名对应多个IP，只是保存在多个A记录中；这种负载均衡优点就是速度快，缺点就是有缓存，一旦某台服务挂了由于缓存会导致大量访问不可达
    * 相关算法：
        * 轮训，随机：静态的负载算法，不利于写数据，每次机器是随机选的，状态丢失，一般应用在应用服务器集群或数据库只读集群
        * Hash，一致性Hash：根据请求方的IP，利用Hash取模求出目的IP，能保证读写问题，一般应用在缓存集群
        * 根据主键范围负载：每个机器存放不同的范围的主键范围，根据主键范围选择对应的机器（访问热点不均匀）
        * 对主键取模负载：根据主键取模结果选择不同的机器
        * 消息队列：将耗时的操作放入消费者队列，消费者自己从队列中拉取任务（延时问题）
        * 比率，随机加权：给每个服务器一个加权值（根据权值大小将这台机器在轮训中重复几次），
* DNS域名解析步骤：<img src='../images/javaee/dns域名解析步骤.png' width='350px'>
    * 从浏览器缓存中查找域名IP映射
    * 从操作系统中查找域名IP映射，Windows中的hosts文件，Linux中的named.conf
    * 从本地区的域名服务器中查找域名IP映射
    * 从根域名服务器中查找主域名服务器，解析com、cn、org等国际域名
    * 从主域名服务器中查找域名注册地服务器，也就是域名提供商的服务器地址
    * 从域名服务商的服务器中查找域名IP映射
    * 本地区域名服务器缓存这个新的域名IP映射
    * 本地区域名服务器将结果返回给客户端浏览器
    * 域名解析工具：windows和linux：nslookup，linux：dig
    * 清空域名缓存工具：windows：ipconfig /flushdns，linux：/etc/init.d/nscd restart
* CDN内容分布网络：<img src='../images/javaee/cdn解析步骤.png' width='350px'>
    * 将网站内容发布到最接近用户的网络“边缘”
    * CDN=镜像+缓存+整体负载均衡
    * 可扩展，安全性，可靠性、相应和执行
    * 首先需要解析静态文件域名对应的IP，同DNS解析步骤一致，唯一的区别就是内容的IP是存在公司的DNS服务器中的
    * 公司的DNS域名服务器会将静态文件所存储的CDN服务器IP返回
    * 返回的IP一般是CND服务器集群中的DNS负载均衡服务器
    * DNS负载均衡服务器会根据用户的区域，返回离用户最近的CDN服务器IP
    * 用户客户端直接去该IP服务器中拿去静态文件
* TCP状态转移图：<img src='../images/javaee/tcp状态转移.png' width='350px'>
    * CLOSED：起始点，超时和连接关闭时处于该状态
    * LISTEN：服务端等待连接的状态，对于有socket的bind，listen
    * SYN-SENT：客户端发起连接请求，发送SYN给服务端等待确认连接
    * SYN-RCVD：服务端接收到客户端的SYN请求，服务端有LISTEN转换为该状态，服务端回应客户端ACK+SYN；当客户端发送SYN的同时收到服务端的SYN标志，该客户端会进入到该状态
    * ESTABLISHED：服务端和客户端完成三次握手后进入的状态
    * FIN-WAIT-1：主动关闭的一方，第一次发送FIN给对方
    * FIN-WAIT-2：主动关闭的一方，接收到对方的ACK+FIN后，此时已经不能接收数据了，只能发送数据
    * CLOSE-WAIT：被动关闭的一方，接收到对方的FIN，并且发送ACK给对方
    * LAST-ACK：被动关闭的一方，发送FIN给对方，并在接收到ACK后进入CLOSED状态
    * CLOSING：两边同时发起关闭请求，操作都是接收到对方的FIN后发送一个ACK
    * TIME-WAIT：在FIN-WAIT-2时接收到对方的FIN标志时进入该状态；在CLOSING时双方同时收到FIN并发出ACK后进入该状态；在FIN-WAIT-1同时接收到了对方的ACK+FIN时进入该状态，其实就是跳过了FIN-WAIT-2状态
        * TIME-WAIT数量太多时，可能会是服务器开放的端口数太少，netstat查看网络统计信息
* HTTP请求在容器中的路由：<img src='../images/javaee/http请求在容器中的路由.png' width='450px'>

****

# HTTP网络请求相关基础概念

* Ctrl+F5强制不使用缓存，在请求头部中添加Pragma: no-cache和Cache-Control: no-cache两个字段
* TCP网络调优相关参数请参考《JavaWeb深入分析技术内幕》第73页
* 网络IO调优
    * 减少网络交互次数：客服端、服务端设置缓存，合并请求，合并JS、CSS等文件
    * 减小网络传输数据量的大小：压缩数据再传输
    * 尽量减少编码：尽量以字节的方式发送数据，在到双端进行处理
* HTTP通信过程中的编码解码：
    * UTF-8变长字节编码，如果单字节首位为0，则表示是ASCII字符；如果单字节首位是11开头，则表示是双字节的开头；如果单字节首位是10开头，则表示不是首字节，需要去上一字节寻找首字节
    * UTF-8性能介于GBK和UTF-16之间，UTF-16是内存使用的编码，但是不适合网络传输，原始是网络传输会有丢包情况，UTF-16一旦丢失一字节数据就无法还原，UTF-8更加适合网络传输
    * 一次HTTP请求需要编码解码的部分，URL、Cookie、POST表单请求需要在客户端编码，在服务端解码，数据库读取的数据需要在服务端编码客户端解码
    * URL请求编码解码：
        * PathInfo是用UTF-8编码，QueryString是用GBK编码（在HTTP Header ContentType Charset指定，默认为ISO-8859-1）
        * PathInfo在服务端在解析URL时完成解码，是通过```<Connector URLEncoding='UTF-8'>```指定的编码集解码
        * QueryString是在服务端第一次调用```request.getParamter```进行解码，服务端设定```<Connector URLEncoding='UTF-8' useBodyEncodingForURI='true'>```指定使用HTTP Header ContentType Charset解码，```useBodyEncodingForURI='true'```只指定QueryString的解码
    * HTTP Header编码解码：在调用```request.getHeader```时发生，默认使用ISO-8859-1编解码，而且无法改变，所以在Header中需要传输非ASCII码字符，需要用URLEncoder编码，然后人为使用URLDecoder解码
    * POST表单编码解码：处理方式与QueryString一致，但是一定要在第一次调用```request.getParamter```时，调用```request.setCharacterEncoding(charset)```
    * HTTP Body编码解码：服务端编码集通过```response.setCharacterEncoding(charset)```设定，并会通过HTTP Header ContentType Charset返回给浏览器，浏览器首先会通过HTTP Header ContentType Charset进行解码，如果找不到则会找HTML中meta中指定的编码解码，否则就是默认ISO-8859-1解码
* Cookie和Session：
    * Cookie保存在浏览器端，通过httpheader进行传输，是一串保存了key，value键值对的字符串
    * Session是基于Cookie实现，在Cookie中存储了一个JSESIONOD的key值，避免Cookie太大，每次传输这个key值就行，服务端根据这个key能获取存储在服务端的key，value值；如果浏览器不支持Cookie则会将这个ID通过Path传给服务端，否则通过Cookie的JSESSIONID传给服务端

****

# Tomcat
* tomcat类加载器继承结构：<img src='../images/javaee/tomcat类加载器.png' width='150px'>
* web容器，包括tomcat、jetty、weblogic、websphere加载类时需要保证：
    * common目录：类库可供tomcat和web应用程序共同使用，CommonClassLoader
    * server目录：类库只供tomcat本身使用，web应用程序不可见，CatalinaClassLoader
    * shared目录：可供web应用程序使用，tomcat本身不可见，SharedClassLoader
    * webapp/web-inf：可被此web应用程序使用，对其他web应用程序和tomcat本身都不可见，WebappClassLoader
* tomcat加载本身类的过程：
    * 在Bootstrap类的initClassLoaders创建StandardClassLoader类加载器实例，并作为Bootstrap的catalinaLoader属性，作为整个tomcat的根类加载器
    * StandardClassLoader作为代理方法，仍然使用的是AppClassLoader类的方法，当且仅当tomcat的ClassPath没有设置时才会使用StandardClassLoader类加载器加载类，StandardClassLoader查找ClassPath是tomcat config.xml中的context元素中指定的ClassPath
* tomcat加载应用servlet过程：
    * tomcat会调用addwebapp方法会创建StandardContext，一个StandardContext代表一个web应用
    * StandardContext会创建XML解析对象，同时会解析context.xml、Host等相关配置文件，同时会启动ContextConfig解析其他配置
    * ContextConfig会获取相关资源，解析web.xml文件，创建ClassLoader加载servlet、listener、filter等并包装到ServletWrapper中
    * 检查WebappClassLoader是否已经加载过该servlet类，如果是肯定在resourceEntries中有缓存
    * 其次到JVM中查找该sevlet是否被加载过，其实就是从JVM缓存中查找加载过的servlet类， 如果缓存没有中，就调用AppClassLoader加载该sevlet类，从JVM的ClassPath中查找该类
    * 如果该servlet没有被AppClassLoader加载，则会判断是否属于StandardClassLoader类加载器加载，如果应用是放在webapp下则成立
    * 最后会由WebappClassLoader在WEB-INF/classes目录下查找需要加载的servlet类，并添加到resourceEntries缓存中
    * ServletWrapper通过loadServlet加载servlet，并通过initSevlet初始化servlet，其实就是代理调用servlet自己的init方法
    * 与servlet相关类，ServletConfig、ServletRequest、ServletResponse以及ServletContext
* tomcat各大组件
    * Service，将Container和Connector封装，给外部提供服务；可以有多个Connector但是只能有一个Container
    * Server，提供接口，让其他程序可以访问Service提供的服务，以及管理Service的生命周期和寻找服务的Service
    * Connector，负责接收浏览器发过来的TCP请求，并且解析TCP相关传输数据，将传输数据封装到Request和Response对象中，并开辟一个线程将Request和Response对象传送给Container处理该请求
    * Container，容器的父接口，所有子容器必须实现这个接口，采用责任链方式处理请求。有四个子容器，Engine、Host、Context、Wrapper
        * Engine主要负责管理容器，是最上层的容器
        * Host代表Engine中的虚拟主机，主要用来运行应用，安装、展开这些应用
        * Context包含Servlet所需要的上下文，并且负责定位Servlet
        * Wrapper就是ServletWrapper，主要用来管理Servlet，包括Servlet加载、初始化、执行和资源回收
    * 其他组件：security、logger、session、mbeans、naming

****

# ISO七层协议
* OSI七层模型通过七个层次化的结构模型使不同的系统不同的网络之间实现可靠的通讯，因此其最主要的功能就是帮助不同类型的主机实现数据传输
    <table>
        <tr>
            <td><img src='../images/javaee/osi七层网络协议.gif' width='350px'></td>
            <td><img src='../images/javaee/osi七层网络协议示例.jpg' width='350px'></td>
        </tr>
    </table>
* 一个设备工作在哪一层，关键看它工作时利用哪一层的数据头部信息。网桥工作时，是以MAC头部来决定转发端口的，因此显然它是数据链路层的设备   
    * 物理层：网卡，网线，集线器，中继器，调制解调器
    * 数据链路层：网桥，交换机
    * 网络层：路由器
    * 网关工作在第四层传输层及其以上
* 网络分层介绍
    * 物理层：在OSI参考模型中，物理层（Physical Layer）是参考模型的最低层，也是OSI模型的第一层
        * 物理层的主要功能是：利用传输介质为数据链路层提供物理连接，实现比特流的透明传输
    * 数据链路层：数据链路层（Data Link Layer）是OSI模型的第二层，负责建立和管理节点间的链路
        * 该层的主要功能是：通过各种控制协议，将有差错的物理信道变为无差错的、能可靠传输数据帧的数据链路，检查验证数据包的正确性
            * 该层通常又被分为介质访问控制（MAC）和逻辑链路控制（LLC）两个子层
    * 网络层（Network Layer）是OSI模型的第三层，是通信子网的最高一层
        * 该层的主要功能是：通过路由选择算法，为报文交换技术或分组交换技术通过通信子网选择最适当的路径。将数据根据网络地址IP对数据拆分，并发送到不同的网络
        * 网络层功能：寻址，交换，路由算法，连接服务
    * 传输层，OSI下3层的主要任务是数据通信，上3层的任务是数据处理。而传输层（Transport Layer）是OSI模型的第4层。因此该层是通信子网和资源子网的接口和桥梁，起到承上启下的作用
        * 该层的主要任务是：向用户提供可靠的端到端的差错和流量控制，保证报文的正确传输。该层常见的协议：TCP/IP中的TCP协议，将数据运送到相关的网络，决定数据所属的网络
        * 传输层提供会话层和网络层之间的传输服务，主要功能：传输连接管理，处理传输差错，监控服务质量
    * 会话层（Session Layer）是OSI模型的第5层，是用户应用程序和网络之间的接口
        * 该层的主要功能是：向两个实体的表示层提供建立和使用连接的方法，将不同实体之间的表示层的连接称为会话。域名解析解释数据将发到哪个网络
        * 用户可以按照半双工、单工和全双工的方式建立会话。会话层的具体功能：会话管理，会话流量控制，寻址，出错控制
    * 表示层（Presentation Layer）是OSI模型的第六层，它对来自应用层的命令和数据进行解释，对各种语法赋予相应的含义
        * 该层的主要功能是：“处理用户信息的表示问题，如编码、数据格式转换和加密解密”
        * 表示层的具体功能：数据格式处理，数据的编码，压缩和解压缩，数据的加密和解密
    * 应用层（Application Layer）是OSI参考模型的最高层，它是计算机用户，以及各种应用程序和网络之间的接口
        * 该层的主要功能是：为应用程序提高网络编程服务
        * 应用层为用户提供的服务和协议有：文件传输服务（FTP）、远程登录服务（Telnet）、电子邮件服务（E-mail）、打印服务、安全服务、网络管理服务、数据库服务等，
        * 应用层的主要功能：用户接口，实现各种服务

****

# TCP/IP分层模型
* <img src='../images/javaee/tcpip四层网络协议.png' width='350px'>
* TCP/IP协议被组织成四个概念层，其中有三层对应于ISO参考模型中的相应层。TCP/IP协议族并不包含物理层和数据链路层
* 第一层：网络接口层
    * 包括用于协作IP数据在已有网络介质上传输的协议。实际上TCP/IP标准并不定义与ISO数据链路层和物理层相对应的功能。相反，它定义像地址解析协议(Address Resolution Protocol,ARP)这样的协议，提供TCP/IP协议的数据结构和实际物理硬件之间的接口
* 第二层：网间层，对应于OSI七层参考模型的网络层
    * 本层包含IP协议、RIP协议(Routing Information Protocol，路由信息协议)，负责数据的包装、寻址和路由。同时还包含网间控制报文协议(Internet Control Message Protocol,ICMP)用来提供网络诊断信息
* 第三层：传输层，对应于OSI七层参考模型的传输层
    * 它提供两种端到端的通信服务。其中TCP协议(Transmission Control Protocol)提供可靠的数据流运输服务，UDP协议(Use Datagram Protocol)提供不可靠的用户数据报服务
* 第四层：应用层，对应于OSI七层参考模型的应用层和表达层
    * 因特网的应用层协议包括Finger、Whois、FTP(文件传输协议)、Gopher、HTTP(超文本传输协议)、Telent(远程终端协议)、SMTP(简单邮件传送协议)、IRC(因特网中继会话)、NNTP（网络新闻传输协议）

****

# Http1 vs Http2
* Http2的改进点：
    * 传输的是二进制数据，而不是文本数据
    * 完全多路复用连接，一个连接可以处理多个请求（异步非阻塞），Http1一个请求对应一个连接（同步阻塞）
    * 因为多个请求可以共享一个连接，因此客户端可以跟服务端一直保持连接，直到处理完请求，这样减少TCP连接和网络路由
    * server pushing response到客户端的缓存，可以让服务端发送更多的数据给客户端，避免客户端发多次数据请求
    * 优先级定义，可以让请求按优先级分配处理
    * 通过HPACK算法压缩header中的内容
    * 通过新版的WEB服务器，开启HTTP2
* HTTPS的工作原理
    * 对称加密：通信双方共享一对密钥，通过这个对密钥进行加解密，加解密效率高，速度快
    * 非对称加密：通信的一方生成一对公钥密钥，把公钥发给对方，对方通过公钥加密数据，然后几方通过私钥解密，加解密耗费的时间更长，速度慢
    * CA证书：
        * 证书的颁发机构、版本
        * 证书的使用者
        * 证书的有效时间
        * 证书的公钥
        * 证书的数字签名Hash值和签名Hash算法
        * 认证过程：
            * 客户端获取证书
            * 通过证书的公钥解密证书的数字签名Hash值（该值是证书的私钥加密生成），获得HASH-A
            * 通过签名HASH算法生成HASH-B
            * 如果HASH-A等于HASH-B认证通过
    * HTTPS使用对称加密和非对称加密的结合
        * 客户端生成随机数A，以及支持的SSL版本号，加密算法发送到服务端
        * 服务端确定客户端的加密算法，然后生产随机数B，以及CA颁布给自己证书发送给客户端
        * 客户端接收到服务端的信息后，先验证CA证书的有效性，然后生产随机数C，通过证书中的公钥加密发送给服务端
        * 服务端通过私钥解密获得随机数C
        * 客户端，服务端通过公共的加密算法利用A,B,C三个随机数生成对称密钥
        * 客户端通知服务端，后续的通信使用该对称密钥，并且客户端SSL握手结束
        * 服务端通知客户端，后续的通信使用该对称密钥，并且服务端SSL握手结束
        * SSL通信链路握手结束，后续的服务端客户端通过对称密钥进行通信
        

****

# HTTP Methods and HTTP Status

### HTTP Methods: https://restfulapi.net/http-methods/
* <b>Safe Methods</b>: As per HTTP specification, the GET and HEAD methods should be used only for retrieval of resource representations – and they do not update/delete the resource on the server. Both methods are said to be considered “safe“.
* <b>Idempotent Methods</b>: The term idempotent is used more comprehensively to describe an operation that will produce the same results if executed once or multiple times. This is a very useful property in many situations, as it means that an operation can be repeated or retried as often as necessary without causing unintended effects.
    * The methods <b>OPTIONS, TRACE, GET, HEAD, PUT and DELETE</b> are declared idempotent methods.
* <img src="../images/javase/http-method.png" width="350px">
* <b>HTTP GET</b>: Use GET requests to `retrieve resource representation/information only` – and not to modify it in any way.
* <b>HTTP POST</b>: Use POST APIs to `create new subordinate resources`, e.g. a file is subordinate to a directory containing it or a row is subordinate to a database table. Talking strictly in terms of REST, POST methods are used to `create a new resource into the collection of resources`.
    * if a resource has been created on the origin server, the response SHOULD be HTTP response code 201 (Created) and contain an entity which describes the status of the request and refers to the new resource, and a Location header.
    * the action performed by the POST method might not result in a resource that can be identified by a URI. In this case, either HTTP response code 200 (OK) or 204 (No Content) is the appropriate response status.
    * <b>POST requests are made on resource collections</b>
* <b>HTTP PUT</b>: Use PUT APIs primarily to `update existing resource` (if the resource does not exist then API may decide to create a new resource or not). 
    * if a new resource has been created by the PUT API, the origin server MUST inform the user agent via the HTTP response code 201 (Created) response
    * if an existing resource is modified, either the 200 (OK) or 204 (No Content) response codes SHOULD be sent to indicate successful completion of the request.
    * <b>PUT requests are made on an individual resource</b>
* <b>HTTP DELETE</b>: DELETE APIs are used to `delete resources` (identified by the Request-URI).
    * A successful response of DELETE requests SHOULD be HTTP response code 200 (OK) 
    * if the response includes an entity describing the status, 202 (Accepted) 
    * if the action has been queued, or 204 (No Content) if the action has been performed but the response does not include an entity.
* <b>HTTP PATCH</b>: HTTP PATCH requests are to `make partial update on a resource`.
    * <b>PATCH method is the correct choice for partially updating an existing resource and PUT should only be used if you’re replacing a resource in its entirety.</b>
    
### HTTP Status: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
* <b>1xx Informational response</b>: An informational response indicates that the request was received and understood. It is issued on a provisional basis while request processing continues. It alerts the client to wait for a final response.
    * <b>100 Continue</b>: The server has received the request headers and the client should proceed to send the request body
        * Sending a large request body to a server after a request has been rejected for inappropriate headers would be inefficient. To have a server check the request's headers, a client must send Expect: 100-continue as a header in its initial request and receive a 100 Continue status code in response before sending the body.
    * <b>101 Switching Protocols</b>: The requester has asked the server to switch protocols and the server has agreed to do so.
    * <b>102 Processing</b>: A WebDAV request may contain many sub-requests involving file operations, requiring a long time to complete the request. This code indicates that the server has received and is processing the request, but no response is available yet. This prevents the client from timing out and assuming the request was lost.
* <b>2xx Success</b>: This class of status codes indicates the action requested by the client was received, understood and accepted.
    * <b>200 OK</b>: Standard response for successful HTTP requests. 
    * <b>201 Created</b>: The request has been fulfilled, resulting in the creation of a new resource.
    * <b>202 Accepted</b>: The request has been accepted for processing, but the processing has not been completed. 
    * <b>203 Non-Authoritative Information</b>: The server is a transforming proxy that received a 200 OK from its origin, but is returning a modified version of the origin's response.
    * <b>204 No Content</b>: The server successfully processed the request and is not returning any content.
    * <b>205 Reset Content</b>: The server successfully processed the request, but is not returning any content. Unlike a 204 response, this response requires that the requester reset the document view.
* <b>3xx Redirection</b>: This class of status code indicates the client must take additional action to complete the request. Many of these status codes are used in URL redirection.
    * <b>301 Moved Permanently</b>: This and all future requests should be directed to the given URI.
    * <b>302 Found (Previously "Moved temporarily")</b>: Tells the client to look at (browse to) another url. 302 has been superseded by 303 and 307.
    * <b>303 See Other</b>: The response to the request can be found under another URI using the GET method.
    * <b>304 Not Modified</b>: Indicates that the resource has not been modified since the version specified by the request headers If-Modified-Since or If-None-Match. In such case, there is no need to retransmit the resource since the client still has a previously-downloaded copy.
    * <b>305 Use Proxy</b>: The requested resource is available only through a proxy, the address for which is provided in the response.
    * <b>307 Temporary Redirect</b>: the request should be repeated with another URI; however, future requests should still use the original URI.
    * <b>308 Permanent Redirect</b>: The request and all future requests should be repeated using another URI. 307 and 308 parallel the behaviors of 302 and 301, but do not allow the HTTP method to change.
* <b>4xx Client errors</b>: This class of status code is intended for situations in which the error seems to have been caused by the client.
    * <b>400 Bad Request</b>: The server cannot or will not process the request due to an apparent client error.
    * <b>401 Unauthorized</b>: Similar to 403 Forbidden, but specifically for use when <b>authentication</b> is required and has failed or has not yet been provided. 401 semantically means "unauthenticated" i.e. the user does not have the necessary credentials.
    * <b>403 Forbidden</b>: The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.
    * <b>404 Not Found</b>: The requested resource could not be found but may be available in the future. 
    * <b>405 Method Not Allowed</b>: A request method is not supported for the requested resource; for example, a GET request on a form that requires data to be presented via POST, or a PUT request on a read-only resource.
    * <b>406 Not Acceptable</b>: The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request.
    * <b>407 Proxy Authentication Required</b>: The client must first authenticate itself with the proxy.
    * <b>408 Request Timeout</b>: The server timed out waiting for the request. According to HTTP specifications: "The client did not produce a request within the time that the server was prepared to wait. The client MAY repeat the request without modifications at any later time."
    * <b>409 Conflict</b>: Indicates that the request could not be processed because of conflict in the current state of the resource, such as an edit conflict between multiple simultaneous updates.
    * <b>415 Unsupported Media Type</b>: The request entity has a media type which the server or resource does not support. 
    * <b>426 Upgrade Required</b>: The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field.
    * <b>428 Precondition Required</b>: The origin server requires the request to be conditional. Intended to prevent the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, when meanwhile a third party has modified the state on the server, leading to a conflict."
    * <b>429 Too Many Requests</b>: The user has sent too many requests in a given amount of time. Intended for use with rate-limiting schemes.
* <b>5xx Server errors</b>: The server failed to fulfil a request. Response status codes beginning with the digit "5" indicate cases in which the server is aware that it has encountered an error or is otherwise incapable of performing the request. 
    * <b>500 Internal Server Error</b>: A generic error message, given when an unexpected condition was encountered and no more specific message is suitable.
    * <b>501 Not Implemented</b>: The server either does not recognize the request method, or it lacks the ability to fulfil the request. Usually this implies future availability 
    * <b>502 Bad Gateway</b>: The server was acting as a gateway or proxy and received an invalid response from the upstream server <i>(upstream server refers to a server that provides service to another server)</i>.
    * <b>503 Service Unavailable</b>: The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state.
    * <b>504 Gateway Timeout</b>: The server was acting as a gateway or proxy and did not receive a timely response from the upstream server.
    * <b>505 HTTP Version Not Supported</b>: The server does not support the HTTP protocol version used in the request.

****

# Proxies:
* <b>Envoy</b>: https://www.envoyproxy.io/docs/envoy/latest/
* <b>HAProxy</b>: https://www.haproxy.org/#docs
* <b>Nghttp</b>: https://nghttp2.org/documentation/
* <b>Linkerd-proxy</b>: https://github.com/linkerd/linkerd2-proxy
* <b>Reverse proxy</b>: a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client, appearing as if they originated from the proxy server itself.
    * A reverse proxy taking requests from the Internet and forwarding them to servers in an internal network. Those making requests to the proxy may not be aware of the internal network.
    * A reverse proxy is usually an internal-facing proxy used as a front-end to control and protect access to a server on a private network. A reverse proxy commonly also performs tasks such as load-balancing, authentication, decryption or caching.
    * <img src="../images/javaee/reverse-proxy.png" width="400px">
* <b>Forward proxy</b>: a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity
    * A proxy server that passes unmodified requests and responses is usually called a gateway or sometimes a tunneling proxy.
    * A forward proxy is an Internet-facing proxy used to retrieve data from a wide range of sources (in most cases anywhere on the Internet).
    * <img src="../images/javaee/open-proxy.png" width="400px">