XMLRPC allows you to create simple distributed computing solutions that span computer languages. Its distinctive feature is its simplicity compared to other approaches like SOAP and CORBA.
The Ruby standard library package xmlrpc enables you to create a server that implements remote procedures and a client that calls them. Very little code is required to achieve either of these.
Starting in Ruby 2.4.0, the xmlrpc library that was before bundled with ruby has been extracted to a gem. So you must just add this to your Gemfile file and bundle again.
In Ruby 2.4, there was a unification of integer types (i.e. Fixnum and Bignum are now the very same thing: Integer). This results on quite a few incompatibilities with existing gems which relied on the distinction of the classes.
1 2
$ bundle exec rails s /Users/cloudolife/.rvm/gems/ruby-2.5.9@camp/gems/activesupport-4.2.5/lib/active_support/core_ext/numeric/conversions.rb:131:in `block (2 levels) in <class:Numeric>': stack level too deep (SystemStackError)
The access logging in NGINX is very flexible that you can use to analyze the load and performance of your system. You can also define customized log formats for your application.
Enables or disables emitting nginx version on error pages and in the “Server” response header field.
The build parameter (1.11.10) enables emitting a build name along with nginx version.
Additionally, as part of our commercial subscription, starting from version 1.9.13 the signature on error pages and the “Server” response header field value can be set explicitly using the string with variables. An empty string disables the emission of the “Server” field.
To configure an HTTPS server, the ssl parameter must be enabled on listening sockets in the server block, and the locations of the server certificate and private key files should be specified:
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate /path/to/signed_cert_plus_intermediates; ssl_certificate_key /path/to/private_key; ssl_session_timeout1d; ssl_session_cache shared:SSL:50m;
SNI, or Server Name Indication, is an addition to the TLS encryption protocol that enables a client device to specify the domain name it is trying to reach in the first step of the TLS handshake, preventing common name mismatch errors.
We can confirm this on the command line with:
1 2 3
$ nginx -V ... TLS SNI support enabled
If you do not have a line like this one, then Nginx will have to be re-compiled manually to include this support.
1 2 3 4 5 6 7
http { # Enable Strict SNI strict_snion; # off
# Enable the check for invalid domain names. strict_sni_headeron; # off }
Return directive redirect HTTP to HTTPS
1 2 3 4 5
server { listen80; server_name cloudolife.com; return301 https://$host$request_uri; }
Error_page 497 make HTTP Request Sent to HTTPS Port
Status code 497 used when the client has made a HTTP request to a port listening for HTTPS requests.
1
error_page497 =301 https://$host$request_uri;
Performance optimization
aio
1 2 3 4 5
Syntax: aioon | off | threads[=pool]; Default: aiooff; Context: http, server, location This directive appeared in version 0.8.11.
Enables or disables the use of asynchronous file I/O (AIO) on FreeBSD and Linux:
1
aioon;
Files can be read and sent using multi-threading (1.7.11), without blocking a worker process:
1
aio threads;
By default, multi-threading is disabled, it should be enabled with the --with-threads configuration parameter. Currently, multi-threading is compatible only with the epoll, kqueue, and eventport methods. Multi-threaded sending of files is only supported on Linux.
sendfile
1 2 3 4
Syntax: sendfileon | off; Default: sendfileoff; Context: http, server, location, if in location
Enables or disables the use of sendfile().
1
sendfileon;
sendfile() is called with the SF_NODISKIO flag which causes it not to block on disk I/O, but, instead, report back that the data are not in memory. nginx then initiates an asynchronous data load by reading one byte.
In this configuration, On the first read, the FreeBSD kernel loads the first 128K bytes of a file into memory, although next reads will only load data in 16K chunks. This can be changed using the read_ahead directive.
Enables or disables the use of the TCP_NODELAY option. The option is enabled when a connection is transitioned into the keep-alive state. Additionally, it is enabled on SSL connections, for unbuffered proxying, and for WebSocket proxying.
Enables or disables the use of the TCP_NOPUSH socket option on FreeBSD or the TCP_CORK socket option on Linux. The options are enabled only when sendfile is used. Enabling the option allows
sending the response header and the beginning of a file in one packet, on Linux and FreeBSD 4.*;
sending a file in full packets.
Accessing Nginx via https is generally 30% slower than http access. Improve the performance of Nginx + HTTPS for better TTFB and less latency.
SSL operations consume extra CPU resources. On multi-processor systems several worker processes should be run, no less than the number of available CPU cores. The most CPU-intensive operation is the SSL handshake. There are two ways to minimize the number of these operations per client: the first is by enabling keepalive connections to send several requests via one connection and the second is to reuse SSL session parameters to avoid SSL handshakes for parallel and subsequent connections.
Enable HTTP/2
Networking protocol for low-latency transport of content over the web. Originally started out from the SPDY protocol, now standardized as HTTP version 2.
Enabling SSL Session caching can reduce repeated TLS verification and reduce TLS handshake. 1M of memory can cache 4000 connections, which is very cost-effective.
1 2 3 4 5 6
server { # 1m for 4000 connections. ssl_session_cache shared:SSL:50m; # 4 hour during which sessions can be re-used. ssl_session_timeout4h; }
Disable SSL session tickets
Since SSL session tickets have not yet been implemented in Nginx, they can be closed.
1 2 3 4 5
Syntax: ssl_session_ticketson | off; Default: ssl_session_ticketson; Context: http, server This directive appeared in version 1.5.9.
If you do not enable OCSP Stapling, you need to verify the certificate when the user connects to your server. The time for verifying the certificate is uncontrollable. After we enable OCSP Stapling, you can save this step.
1 2 3 4 5
Syntax: ssl_staplingon | off; Default: ssl_staplingoff; Context: http, server This directive appeared in version 1.3.7.
Syntax: ssl_stapling_verifyon | off; Default: ssl_stapling_verifyoff; Context: http, server This directive appeared in version 1.3.7.
Enables or disables verification of OCSP responses by the server.
For verification to work, the certificate of the server certificate issuer, the root certificate, and all intermediate certificates should be configured as trusted using the ssl_trusted_certificate directive.
1 2 3 4
Syntax: ssl_trusted_certificate file; Default: — Context: http, server This directive appeared in version 1.3.7.
Specifies a file with trusted CA certificates in the PEM format used to verify client certificates and OCSP responses if ssl_stapling is enabled.
In contrast to the certificate set by ssl_client_certificate, the list of these certificates will not be sent to clients.
ssl_buffer_size controls the size of the buffer when sending data. In order to minimize the TTFB (time to the first byte), it is best to use a smaller value, so that TTFB can save about 30 – 50ms.
1 2 3 4 5
Syntax: ssl_buffer_size size; Default: ssl_buffer_size16k; Context: http, server This directive appeared in version 1.5.9.
Sets the size of the buffer used for sending data.
By default, the buffer size is 16k, which corresponds to minimal overhead when sending big responses. To minimize Time To First Byte it may be beneficial to use smaller values, for example:
1
ssl_buffer_size4k;
SSL protocols and ciphers
ssl_ciphers
Put the newer and faster Cipher in front, so that the delay is smaller.
1 2 3 4
Syntax: ssl_ciphers ciphers; Default: ssl_ciphers HIGH:!aNULL:!MD5; Context: http, server
Specifies the enabled ciphers. The ciphers are specified in the format understood by the OpenSSL library, for example:
# nginx -V nginx version: nginx/1.20.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.1.1g FIPS 21 Apr 2020 TLS SNI support enabled
Remember to make all server(include default server) to use TLSv1.3 protocol;
Example
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
server { # Default ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# All protocols. # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Just TLS v1.3 support. # ssl_protocols TLSv1.3;
# Only TLS v1.2, v1.3 support. ssl_protocols TLSv1.2 TLSv1.3;
# Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and TLS protocols ssl_prefer_server_ciphersoff; }
Early Data (0-RTT) (Optional)
1 2 3 4
Syntax: ssl_early_dataon | off; Default: ssl_early_dataoff; Context: http, server
Enables or disables TLS 1.3 early data.
Requests sent within early data are subject to replay attacks. To protect against such attacks at the application layer, the $ssl_early_data variable should be used.
1 2 3 4 5
server { ssl_early_dataon; # In addition, please add Early-Data header to inform the backend to prevent replay attacks proxy_set_header Early-Data $ssl_early_data; }
The async and defer attributes are boolean attributes that indicate how the script should be evaluated. Classic scripts may specify defer or async, but must not specify either unless the src attribute is present. Module scripts may specify the async attribute, but must not specify the defer attribute.
In Ruby 2.3.0 Release, A safe navigation operator (so-called lonely operator) &., which already exists in C#, Groovy, and Swift, is introduced to ease nil handling as obj&.foo. Array#dig and Hash#dig are also added.
DataGrip is a powerful IDE from JetBrains for SQL on macOS, Windows, and Linux, correctly resolves all references in your SQL code and helps you refactor them. When you rename a variable or an alias, it will update their usages throughout the entire file. The actual table names in the database are updated when you rename references to them from your queries.
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux. It comes with built-in support for JavaScript, TypeScript and Node.js and has a rich ecosystem of extensions for other languages (such as C++, C#, Java, Python, PHP, Go) and runtimes (such as .NET and Unity). Begin your journey with VS Code with these introductory videos - https://code.visualstudio.com/docs/introvideos/overview.