Jex’s Note


Load Balance

分幾種, 常見的是 L3, L7

L3 是 IP 層, 是以指派 IP 到後面的主機

L7 是 HTTP 層, 分析 Domain 或 Header 再指派到後面的主機, 效率較 L3 快


飽活封包底層就會做掉了, 建 socket 就會傳心跳 (habit) 給 server 確認它活著

habit 是 tcp 三項交握的 sync 封包


查看系統 TCP 相關設定


sysctl net.inet.tcp

TCP timeout

OS 預設會對 connection 設 timeout, 如果這段期間 connection 是閒置的(沒有 write, read, heartbeat), connection 就會被切斷

keep alive

發送心跳包, 用來偵測連線是否還正常, server/client 都可以設定, 可以自已調整心跳的頻率, 它的功能只有探測而且只有在 write/read 沒有在發送的時候才會去發送心跳包


  1. 程式自已下 conn.Close by server or client
  2. 心跳包發現對方沒回應
  3. 使用中 read/write 超過 timeout


google TCP BBR



tcp 沒有 keep-alive 一個 request 就會佔用一條通道

tcp 有 keep-alive 就多個 request 只需做一次三項交握, 都在同一條通道傳送

一個 socket 只能接一個 session, 不能一對多

HTTPS header 加密範圍

SSL 憑證加密, 從 Header 到 Body 都是加密的


PUT 相當於是 delete + insert, 是對整個資源進行更新

PATCH 是只更新部份的資源

瀏覽器支援 PATCH, PUT 跟 DELETE 嗎?



所以 HTML Form 是沒有支援 PUT/DELETE 的


但可以在 HTML Form 裡偷藏 _method 參數, 定義不支援的 method, 送到 server 端再判斷


第一次 : browser 對 server 發出請求, server 回應 200 ok, 並多加上 header[‘ETag’] = body 以 md5 編碼

browser 會 cache response 及儲存 Etag

第二次 : browser 對 server 發出請求並多帶 headers[‘If-None-match’] = 上面 ETag 的值, server 再算出 ETag 是否值為一樣, 一樣的話會返回 304 Not Modified

browser 收到 304 會從 cache 拿之前 cache 的結果

Terms of URL

* URL (Uniform Resource Locator): ``
* URN (Uniform Resource Name): ``
* URI (Uniform Resource Identifier): ``

  • Scheme / Protocol: http
  • Host:
  • Hostname / Domain:
  • Subdomain / Third level domain: www
  • Port: 8888
  • Path: /public
  • Query: key=value
  • Frament / Hash: #hashtag

Unix Domain Socket, aka IPC socket

Unix Domain Socket is a data communications endpoint for exchanging data between processes executing on the same host operating system. It supports transmission of a reliable stream of bytes, ordered and reliable transmission of datagrams. The API for Unix domain sockets is similar to that of an Internet socket, but rather than using an underlying network protocol, all communication occurs entirely within the operating system kernel. Unix domain sockets use the file system as their address name space. Processes reference Unix domain sockets as file system inodes, so two processes can communicate by opening the same socket. Instead of identifying a server by an IP address and port, a Unix domain socket is known by a pathname. Obviously the client and server have to agree on the pathname for them to find each other.


Remote procedure call (RPC) is an Inter-process communication technology that allows a computer program to cause a subroutine or procedure to execute in another address space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction.

An RPC (remote procedure call) is a form of IPC (inter-process communication)


  • Improved RPC
  • Developed by google
  • Use HTTP/2 for transport, Protocal Buffers as interface description language (protobuf)
  • Provides features such as authentication, bidirectional streaming and flow control, blocking or nonblocking bindings, and cancellation and timeouts.


  • RPC - Remote Procedure Call - is a particular type of communication, but can be on a single machine, or across a network between machines.
  • IPC - Inter-Process Communication - is a general term for communication between different processes (which are usually on a single machine).
  • RPC: remotely preferred, IPC: locally preferred

Named Pipe vs IPC

  • Duplex: Stream sockets provide bi-directional communication while named pipes are uni-directional.
  • Distinct clients: Clients using sockets each have an independent connection to the server. With named pipes, many clients may write to the pipe, but the server cannot distinguish the clients from each other– the server has only one descriptor to read from the named pipe. Because the named pipe has only read descriptor and possibly-multiple writers, random interleaving can also occur if a client writes more than PIPE_BUF bytes in one operation. Since pipes have these limitations, UNIX domain sockets should be used if there are multiple clients that need to be distinguishable or which write long messages to the server.
  • Method of creating and opening: Sockets are created using socket and assigned their identity via bind. Named pipes are created using mkfifo. To connect to a Unix domain socket the normal socket/connect calls are used, but a named pipe is written using regular file open and write. That makes them easier to use from a shell script for example.




Class A :   0.xx.xx.xx ~ 127.xx.xx.xx       # 0xxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx   開頭是 0
Class B : 128.xx.xx.xx ~ 191.xx.xx.xx       # 10xxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx   開頭是 10
Class C : 192.xx.xx.xx ~ 223.xx.xx.xx       # 110xxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx   開頭是 110
Class D : 224.xx.xx.xx ~ 239.xx.xx.xx       # 1110xxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx   開頭是 1110
Class E : 240.xx.xx.xx ~ 255.xx.xx.xx       # 1111xxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx   開頭是 1111

Public & Private

Class A:    -
Class B:  -
Class C: -


Web app 開 80 port 遇到 permission denied

只有 root 才可以開小於 1024 的 port,最簡單的解決方法就是先開一個高一點的 port (e.g. 8080),再用 iptable 去 forward 80 -> 8080

iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 1
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8181
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -m mark --mark 1 -j ACCEPT
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 8181 -m mark --mark 1 -j ACCEPT


讓 Private 可以被特定的連線操作

  • OpenVPN (SSL VPN) or IPsec
  • OpenVPN 安全性會比 IPsec 好

常用的 Http status

  • 301 (Permanent) — Redirects to the site you specified in the Forward To field using a “301 Moved Permanently” HTTP response. The HTTP 301 response code tells user-agents (including search engines) that the location has permanently moved.
  • 302 (Temporary) — Redirects to the site you specified in the Forward To field using a “302 Found” HTTP response. The HTTP 302 response code tells user-agents (including search engines) that the location has temporarily moved.
  • 200 (:ok) : ok. 常用在一般 api
  • 201 (:created) : 新增成功. 在 call create api 時回應
  • 422 (:unprocessable_entity) : Creating a new resource is not successful. create 失敗時回應
  • 204 (:no_content) : Successful responses with no content. 在 call destroy api 時回應
  • 500 : internal server errors # Rails automatically handles server errors and returns a 500 response.
  • 401 : Unauthorized

Server 回覆較常使用的

  • 200 : 成功回覆
  • 400 : Client 發送時引發的錯誤,例如參數有少
  • 401 : 認證錯誤,例如 AccessToken 錯誤
  • 500 : Server 內部發生錯誤,例如 DB 連線錯誤

traceroute 觀察 host 經過的節點狀態

$ traceroute
traceroute to (, 30 hops max, 60 byte packets
 1 (  16.685 ms (  19.225 ms (  16.309 ms
 2 (  17.298 ms (  13.307 ms (  21.296 ms
 3 (  17.270 ms (  20.964 ms (  14.131 ms
16 (  4.186 ms (  3.221 ms (  5.237 ms
17 (  3.611 ms  3.618 ms  5.141 ms
18 (  2.942 ms  4.001 ms  2.928 ms