1
00:00:04,450 --> 00:00:07,050
As our version one point nine point five.

2
00:00:07,090 --> 00:00:10,420
Engine X includes a new HTP 2 module.

3
00:00:10,600 --> 00:00:13,630
And then this lesson we'll take a look at how to enable this module.

4
00:00:13,630 --> 00:00:20,770
After first discussing what htb too is and why it's worth upgrading from the age old age TTP one point

5
00:00:20,800 --> 00:00:28,820
one first off HTP 2 is a binary protocol where h.t. TB One is a textual protocol.

6
00:00:29,050 --> 00:00:34,550
Binary data or ones and zeros is a far more compact way of transferring data.

7
00:00:34,720 --> 00:00:39,550
And it greatly reduces the chance of errors during data transfer.

8
00:00:39,550 --> 00:00:47,410
Secondly HTP to compress this response headers which again reduces transfer time then the single most

9
00:00:47,410 --> 00:00:54,970
important feature for performance is the fact that HTP 2 uses persistent connections and those persistent

10
00:00:54,970 --> 00:01:02,280
connections are also multiplexed meaning that multiple assets such as stylesheets scripts and xceedium

11
00:01:02,330 --> 00:01:09,210
l can be combined into a single stream of binary data and transmitted over a single connection.

12
00:01:09,570 --> 00:01:15,640
A cheatee be one of course requiring a dedicated connection for each resource but we'll discuss this

13
00:01:15,640 --> 00:01:17,890
in more detail in a second.

14
00:01:17,890 --> 00:01:25,840
Finally HTP too can perform a server push meaning that the client the browser can be informed if assets

15
00:01:25,900 --> 00:01:32,560
such as scripts images or stylesheets along with the initial request for the page will look at this

16
00:01:32,560 --> 00:01:34,340
in the next lesson however.

17
00:01:34,790 --> 00:01:40,450
Okay let's see how exactly connections are opened using htb one compare to the persistent multi blixt

18
00:01:40,450 --> 00:01:47,980
Connections of HTP to remember that opening a new connection is a time consuming process which is why

19
00:01:47,980 --> 00:01:53,650
developers concatenate multiple javascript or see SS files into single files.

20
00:01:54,150 --> 00:01:58,180
Opening a connection requires a handshake between the client and the server.

21
00:01:58,380 --> 00:02:03,070
And for this to happen headers need to be passed on both ends each time.

22
00:02:03,180 --> 00:02:08,160
There is also a limit to how many concurrent connections a browser can open to a particular domain at

23
00:02:08,160 --> 00:02:09,240
once.

24
00:02:09,240 --> 00:02:14,440
Making these connections even more valuable when trying to maximize client side performance.

25
00:02:15,140 --> 00:02:15,980
In this diagram.

26
00:02:15,980 --> 00:02:21,550
Then let's see how many connections it takes between the client and the server for a basic h.t. AML

27
00:02:21,560 --> 00:02:30,080
page with a linked style sheet and a linked script first HTC One the client requests indexed on a chart

28
00:02:30,080 --> 00:02:36,260
here mayol which opens a new connection to the server and if everything goes right the server responds

29
00:02:36,260 --> 00:02:38,290
with the HD malcontent.

30
00:02:38,510 --> 00:02:42,970
That's one connection the browser now has to process that h.t. email data.

31
00:02:42,980 --> 00:02:50,230
After receiving it from which it can then identify linked resources required by their h.t. email page.

32
00:02:50,300 --> 00:02:55,980
For example two files namely style dotsie assess and script Dodger Es.

33
00:02:56,330 --> 00:03:02,630
So again the browser opens a new connection to the server and requests style dotsie says To which the

34
00:03:02,630 --> 00:03:08,510
server response with the C Ss data that's two connections and the same for script.

35
00:03:08,520 --> 00:03:13,970
RJ es remember h t t be one point one uses simplex streaming.

36
00:03:13,970 --> 00:03:17,180
So one connection handles one request.

37
00:03:17,180 --> 00:03:22,340
That means we use three connections in total to load a very simple web page.

38
00:03:22,340 --> 00:03:28,400
Of course most modern websites will require multiple script files style sheets and images so we can

39
00:03:28,430 --> 00:03:32,070
easily be using 15 plus connections for such a page.

40
00:03:32,300 --> 00:03:37,790
And at that point connection limits in the browser will start coming into effect as well meaning that

41
00:03:37,790 --> 00:03:42,530
some new connections might have to wait for others to be closed first.

42
00:03:42,650 --> 00:03:46,870
All in all this is just not an ideal way of transferring data.

43
00:03:47,150 --> 00:03:50,760
And that's where h.t. to be to comes to the rescue.

44
00:03:50,840 --> 00:03:55,780
That same scenario using hgt be to now looks like this.

45
00:03:55,880 --> 00:04:01,090
The client requests indexed not h.t. AML and the server responds with the data.

46
00:04:01,190 --> 00:04:07,460
The browser Now process their data and then over the same persistent connection requests both style

47
00:04:07,460 --> 00:04:14,150
dotsie assess and script Dodger here as to which the server sends a multiplex stream containing the

48
00:04:14,150 --> 00:04:16,900
data for both these files.

49
00:04:17,090 --> 00:04:21,070
So this time round we only use the single connection for all this to happen.

50
00:04:21,260 --> 00:04:24,720
Compared to the three connections over HTP one.

51
00:04:25,010 --> 00:04:26,370
OK with that covered.

52
00:04:26,540 --> 00:04:31,450
See how to enable and configure hgt be to on engine x.

53
00:04:31,670 --> 00:04:40,400
Very importantly a requirement of htb DO IS S S L or H T T P S meaning before we are able to use H T

54
00:04:40,400 --> 00:04:46,270
T P to will also have to configure the most basic SSL connection which will do.

55
00:04:46,280 --> 00:04:49,970
In this lesson after adding the hgt to module.

56
00:04:50,530 --> 00:04:53,890
I'll clean up this configuration from the previous lesson.

57
00:04:53,890 --> 00:04:57,070
Remove all the fast cji Cache directives.

58
00:04:57,070 --> 00:04:59,620
Not necessary but just less cluttered.

59
00:05:00,440 --> 00:05:01,570
And save.

60
00:05:01,880 --> 00:05:07,730
Then Step 1 is going to be adding the HTP to module to our install.

61
00:05:07,790 --> 00:05:13,490
We've seen how to add modules before so I'll quickly go over this move into that original source code

62
00:05:13,490 --> 00:05:14,520
directory.

63
00:05:14,750 --> 00:05:19,670
Get the current bold configuration with engine X and a capital V flag.

64
00:05:19,880 --> 00:05:28,190
I'll copy that and now to see the flag needed for adding htb to to our bold in the source code directory

65
00:05:28,460 --> 00:05:31,670
run configure with the help flag.

66
00:05:31,880 --> 00:05:39,740
So listing all the available configuration flags faltering with grep for hgt B underscore version 2

67
00:05:40,280 --> 00:05:42,290
they're worth hgt P.

68
00:05:42,320 --> 00:05:49,400
Version 2 module so configure again in the source directory pasting the current configuration flags

69
00:05:49,430 --> 00:05:52,510
as we copied it from a year and a pend.

70
00:05:52,520 --> 00:05:57,790
That new module flag with H dtp v to module.

71
00:05:58,130 --> 00:06:03,800
I mentioned that we also need SSL to be able to use HTP too but that's already been added here.

72
00:06:03,800 --> 00:06:13,340
Just be aware of that SSL underscore module enter asked forward through this done compile with make

73
00:06:13,400 --> 00:06:16,600
this being the really long one so fast forward again.

74
00:06:16,880 --> 00:06:20,230
And once that completes make install.

75
00:06:21,250 --> 00:06:27,580
That's all done so restart engine eggs for good measure a reload will be fine but I prefer restart after

76
00:06:27,580 --> 00:06:29,270
rebuilding check.

77
00:06:29,320 --> 00:06:30,700
Everything is fine.

78
00:06:31,720 --> 00:06:35,530
And all good before enabling SSL and h.t. to be too.

79
00:06:35,530 --> 00:06:38,970
Let's see what our server response looks like at the moment.

80
00:06:39,100 --> 00:06:42,580
Just to have something to compare to over to the browser.

81
00:06:42,730 --> 00:06:49,780
I have the demo site indexed out h.t. a melt page opening so launch the developer tools open the network

82
00:06:49,810 --> 00:06:54,910
tab which will be more or less the same for any other browser you use.

83
00:06:54,910 --> 00:06:56,050
Reload again.

84
00:06:56,230 --> 00:07:03,120
And if we inspect this indexed outraged the email response we see no SSL so plain hgt B.

85
00:07:04,120 --> 00:07:06,990
And HTP version one point one.

86
00:07:07,060 --> 00:07:08,380
As expected.

87
00:07:08,560 --> 00:07:16,030
So let's enable hgt be to with SSL and check back we'll configure it first being requirement for h.t.

88
00:07:16,030 --> 00:07:22,000
to be true and what we're going to need is an SSL certificate for a production website.

89
00:07:22,000 --> 00:07:27,890
You'll of course want some legitimate certificates from a vendor or a service such as let's encrypt.

90
00:07:27,970 --> 00:07:34,360
But for the purposes of this lesson all generate a self signed certificate and private key perfectly

91
00:07:34,360 --> 00:07:36,860
fine for testing and development.

92
00:07:36,910 --> 00:07:42,410
I'll move back to my home directory saeedi and to keep things tidy.

93
00:07:42,460 --> 00:07:48,640
I'll store the key and the certificate in this engine X directory or more specifically a new directory

94
00:07:48,670 --> 00:07:50,270
in the engine next Directory.

95
00:07:50,410 --> 00:07:59,840
S s l create the new Directory make DIR slash e t c slash engine X slash s s l.

96
00:08:01,070 --> 00:08:02,460
And there it is.

97
00:08:02,480 --> 00:08:09,650
So with the directory there let's generate these test certificates using the open SSL command line tools.

98
00:08:09,680 --> 00:08:11,790
No need to really understand what is happening here.

99
00:08:11,810 --> 00:08:14,290
But I'll give a brief rundown anyway.

100
00:08:14,390 --> 00:08:17,030
Open SSL request.

101
00:08:17,100 --> 00:08:17,530
Ari.

102
00:08:17,530 --> 00:08:28,070
Q To request a new certificate signing x 5 0 9 being the cert standard we're requesting days being how

103
00:08:28,070 --> 00:08:30,280
long to make this certificate valid for.

104
00:08:30,410 --> 00:08:38,090
I'll just make this 10 days note which allows us to leave out a pass phrase or password for the key

105
00:08:38,090 --> 00:08:46,970
file new key meaning generate a new private key for the signing request at the same time that nuki being

106
00:08:47,030 --> 00:08:49,410
off type are s a.

107
00:08:49,580 --> 00:08:58,940
With a length of two thousand and forty eight bytes writing the key out to slash see slash engine X

108
00:08:59,300 --> 00:09:03,620
slash SSL slash self dot key.

109
00:09:03,620 --> 00:09:12,020
So in that new SSL directory we created and out being where to write the this is difficult to also slash

110
00:09:12,070 --> 00:09:18,330
ebc slash engine X s s l self-taught c r t again.

111
00:09:18,380 --> 00:09:20,420
No need to really understand this.

112
00:09:20,510 --> 00:09:22,930
Just a convenient way to create this private key.

113
00:09:22,950 --> 00:09:24,830
An artist's certificate.

114
00:09:24,950 --> 00:09:31,910
Enter a private key get created and then we get a few questions for the signing request.

115
00:09:31,910 --> 00:09:34,810
Not that important being a test certificate.

116
00:09:35,030 --> 00:09:49,150
Country Code province city organization steck academy a TV business section a name and an email address.

117
00:09:49,910 --> 00:09:50,830
Done.

118
00:09:51,050 --> 00:09:57,890
List the contents of that SSL the rectory to check our files accessed and there it is a private key

119
00:09:57,980 --> 00:10:00,830
and a self signed SSL certificate.

120
00:10:00,920 --> 00:10:07,010
So with that let's first enable SSL or htb s in the configuration file.

121
00:10:07,010 --> 00:10:08,630
Change the listen directive to.

122
00:10:08,630 --> 00:10:17,290
Now listen on port 4 4 3 being the standard HTC P board for SSL encrypted connections and add s s l

123
00:10:17,570 --> 00:10:20,660
referring to the SSL module being used for this.

124
00:10:20,660 --> 00:10:29,060
Listen DirecTV configure the location to that SSL certificate we generated again in that HTP context

125
00:10:29,600 --> 00:10:40,610
SSL so difficult out ATC slash engine X slash SSL self dot c r t and in combination with the certificate

126
00:10:40,940 --> 00:10:51,320
tell engine X where to find the signing key SSL certificate key slash EDC slash engine X slash SSL self

127
00:10:51,440 --> 00:10:52,960
dot key.

128
00:10:53,240 --> 00:10:58,950
That's all we need for basic SSL so safe reload the configuration.

129
00:11:00,620 --> 00:11:02,570
Back to the browser.

130
00:11:02,570 --> 00:11:04,990
Change this to htb s.

131
00:11:06,170 --> 00:11:11,960
Enter which presents us with this warning as we are using self science certificates.

132
00:11:11,960 --> 00:11:13,820
I'll add an exception.

133
00:11:13,820 --> 00:11:18,410
This might look different depending on your browser but nonetheless just allow the connection once and

134
00:11:18,410 --> 00:11:21,120
the browser will remember on firm.

135
00:11:22,200 --> 00:11:24,390
And indexed not HDMI loads over.

136
00:11:24,420 --> 00:11:32,850
H T T P S indicated with the lock icon up here in the U R L and down here in the network inspector but

137
00:11:32,850 --> 00:11:35,230
still hgt be one point one.

138
00:11:35,370 --> 00:11:39,970
So let's enable it she dippie to this being really straight forward now.

139
00:11:39,990 --> 00:11:41,290
I'll add on to this.

140
00:11:41,290 --> 00:11:48,780
Listen DirecTV HTP to again referring to the module that should be used in conjunction with any requests

141
00:11:48,840 --> 00:11:53,790
on the sport save and reload engine x.

142
00:11:54,450 --> 00:12:00,800
Reload indexed not h.t. email in the browser and this time when I inspect this indexed I'd aged hicham

143
00:12:00,810 --> 00:12:09,860
old response we see htb version 2 meaning our site is now being served entirely over HTP to where support

144
00:12:09,860 --> 00:12:15,490
it which is all major browsers should hgt be to not be supported.

145
00:12:15,500 --> 00:12:16,680
However I'll copy this.

146
00:12:16,680 --> 00:12:24,780
You are able to demonstrate to curl request for this displaying the headers only and a K flag to allow

147
00:12:24,780 --> 00:12:28,860
that insecure self signed to difficult enter.

148
00:12:29,070 --> 00:12:32,230
And we get automatic fall back to HDB one.

149
00:12:32,400 --> 00:12:34,430
So nothing to worry about there.

150
00:12:35,180 --> 00:12:37,340
That wraps up enabling htb too.

151
00:12:37,370 --> 00:12:43,760
And whilst we also saw how to enable s s l will cover that in more detail in the security section of

152
00:12:43,760 --> 00:12:49,960
this course in the next list we will take a quick look at a basic h.t. dp push implementation.