Everything you need, plus all the goodies you know you want!
Features
65 Reasons why the HTTP/2 Server is in Your Future
Read Write Serve is packed with all the features you need from a fully fledged HTTP/2 server.
Security
- Stateful roles eliminate the need for session identifiers, safely carrying user roles inside an AES-192 symmetric encryption cookie.
- The IP whitelisting/blacklisting module provides immediate temporary relief from bad actors.
- The forbidden resources module blocks access to hidden files and special directories, as configured by the webmaster.
- The Role Based Access Control (RBAC) module provides fully configurable resource protection.
Encryption
- Configurable cipher suites provide DevOps with the ability to quickly handle Zero Day vulnerabilities.
- The
https:
scheme is used exclusively;http:
requests are rejected. - The TLS 1.2 protocol is used on all initial handshakes.
Policies
- Easily configured content security policy can enlist the browser's support in enforcing your safe coding practices.
- Mobile device feature policy can stop accidental and nefarious use of device features.
- Network error logging lets you know when DNS, TLS, or HTTP errors unexpectedly occur for your visitors.
- Referrer policy prevents outsiders from tracking your visitor's every move.
- Report-to header lets the browser send policy reports when something out-of-the-ordinary happens.
- Built-in policy reports plugin turns any ordinary web server into a policy report handler as well.
Cross origin requests
- Simple CORS and preflight CORS fully configurable by resource pattern, including:
access-control-allow-origin
,access-control-allow-credentials
,access-control-allow-methods
,access-control-allow-headers
,access-control-expose-headers
,access-control-max-age
.
Efficiency
- HTTP/2 advanced optimizations for sending fewer bytes like HPACK header compression and elimination of redundant header for follow-on requests.
- Framed stream control reduces latency and eliminates the pipeline blocking problem.
- Long connections without the need for
keep-alive
headers. - Multiplexed traffic flow, allowing the server to push resources before they are requested by the user.
- Push prioritization allowing DevOps to fine tuned the order of resource delivery.
Scalability
- Clustered request handlers allow memory usage to be balanced against request frequency.
- Scale from 2 to 64 clustered worker threads.
- Crash-proof — worker threads automatically restart on unexpected failure.
- Virtual hosting via Server Name Indication allows one server to handle many hostnames.
- Separate SSL certificates can be deployed for each virtual hostname.
- Each virtual host can be configured differently, adopting server-wide settings by default while overriding individual module settings as required.
Standardization
- Operates on either standard port 443 or an alternate.
- Installs as a systemd service with
systemctl start|restart|stop
control. - Logs output to journald service with
journalctl
monitoring.
Configurability
- Conveniently configure the server using the BLUEPHRASE declarative language.
- Enable and disable server modules by toggling on/off settings while experimenting and troubleshooting.
- Configuration files can easily be versioned using git, or your favorite SCM, allowing new settings to be deployed with confidence.
URL rewrites
- URL rewrites are enabled using the resource mask module.
- SEO-friendly URLs are easy to implement with named capture groups, a more palatable GREP.
- Status code 302 redirects with
location
response headers can instruct the browser to reissue the request. - Resource masks are configured using straightforward resource patterns and replacement patterns.
- Advanced configuration can include scheme, authority and port.
Content Negotiation
- MIME-types are configurable by filename extension.
- User-agent and server can negotiate these exchanges:
accept-type
request header andcontent-type
response header,accept-language
request header andcontent-language
response header,accept-encoding
request header andcontent-encoding
response header,OPTIONS
request method andallow
response header.
Caching
- Caching instructions can be configured per resource MIME-type.
- ETag caching is the default for user-agents that handle it, with timestamp caching as a fallback.
- Standard 304 response code protocol fully honored.
- Compiled MIME-type
text/blue
pages are cached on the server until modified. - Compressed
gzip/deflate
resources are cached on the server until modified. - Speculative server caching can be set up to push resources to the user before they are requested.
Range requests
- Partial content
range
requests from robots and crawlers are allowed. - Conditional range requests are fully honored.
- Both simple and multipart range requests are implemented.
BLUEPHRASE files
- MIME-type
text/blue
source files are compiled from BLUEPHRASE into HTML just-in time. - Compiled HTML is cached on the server until the source is modified.
- Compiled linkmaps provide a hassle-free mechanism to keep source and cache fresh.
- Linkmaps are examined by the server to automatically select resources to be pushed to the user.
- Server speculative push prioritization can be configured on a MIME-type basis.
Logging
- Extensive logging operations can record as much or as little as needed for each request/response cycle.
- RWSERVE "information headers" provide contextual data to help webmasters with root cause analysis.
- Custom 404 error pages provide a soft landing for visitors when necessary.
- Real time counters provide on-demand statistics on current usage.
JavaScript Plugins
- Plugins are developed using Javascript with Node.js.
- Plugins can be configured using the same configuration file the server uses.
- Plugins have full access to the work order for each request/response cycle.
- Every plugin is chained to the server's dynamic module stack to handle compression, caching, permissions, security, logging, and monitoring.
Extensibility
- Any standard method may be targeted:
HEAD, GET, POST, PATCH, PUT
andDELETE
. - Virtual resource targets are configured using resource masks.
- Incoming requests have their URLs preprocessed into
resourcePath
,queryString
andparameterMap
for convenience. - Incoming cookies are preprocessed into a
cookieMap
. - Incoming form data with content-type
application/x-www-form-urlencoded
is preprocessed into aformDataMap
.
★ Top 7 Reasons Why ★
- Standard port 443 hosting
- Declarative routing
- Easy to configure CORS
- Plugins with the full power of Node.js
- Best in class logging
- Security from the ground up
- Crash proof worker threads