SERVICING STATIC WEBSITES USING WEB SERVERS
Static web pages are essential for simple applications and informational sites. This text explains how web servers such as Apache and Nginx can efficiently serve static pages. Security recommendations, performance optimization through compression and caching, and configuration examples for popular web servers are covered.
The previous application can be extended to serve static web pages. In the previous example, on request entered in the address field in the web browser:
http://localhost:5000
process ie. the web application responded to the request by returning a welcome message and system time. The application can be expanded by adding static web pages within a new folder, e.g. wwwroot located in the root folder of that application. These pages are actually html pages e.g.
Contact.html, Index.html, News.html, Students.html
Now the request to call the web application (Http web server), ie. The URLs that should return the content of these pages should be, for example:
Contact.html, Index.html, News.html, Students.html
Now the request to call the web application (Http web server), ie. The URLs that should return the content of these pages should be, for example:
http://localhost:5000/Students.html
ili
http://localhost:5000/Contact.html
In order for the web server to return these pages at the client's request, it is necessary to add the following two lines of code in the Startup.cs file within the Configure method:
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseStaticFiles();
In this way, the web server is instructed to use the default location for static files, which is wwwroot.
The UseStaticFile () command is required to use static files: html, javascript, css, etc.
See the following video on how to create such a web application using the VS Code tool:
See the following video on how to create such a web application using the VS Code tool:
Video 1: ASP NET Core: Serving Static Web Pages
The difference between static pages and dynamic web services:
Static web pages contain predefined HTML, CSS and JavaScript files that do not change each time they are loaded. They are ideal for simple informational sites.
Dynamic web services, on the other hand, respond to requests by generating content in real time, such as API calls. Instead of fixed pages, web services return data, which can be different depending on the input, such as the current time or the user's search. ASP.NET Core makes it easy to create these dynamic services.
Dynamic web services, on the other hand, respond to requests by generating content in real time, such as API calls. Instead of fixed pages, web services return data, which can be different depending on the input, such as the current time or the user's search. ASP.NET Core makes it easy to create these dynamic services.
Web services in ASP.NET CORE
The previous examples describe how to create a simple web server that returns a text or html page on demand by a web browser, but sometimes it is necessary to create a web service.
A web service is an application that, when requested by a browser, sends data or a set of data, not an html page.
An example of a simple web service is a service that returns the current time from a server.
If a search keyword such as "Tesla" is typed into Google's web browser, Google's web service will most likely perform a function that passes the word "Tesla" as a parameter and finds similar words, e.g. tesla, teslić, tesla transformer etc. and which are returned in response to a request to the web browser.
Creating the application skeleton is done using the command in the command prompt:
A web service is an application that, when requested by a browser, sends data or a set of data, not an html page.
An example of a simple web service is a service that returns the current time from a server.
If a search keyword such as "Tesla" is typed into Google's web browser, Google's web service will most likely perform a function that passes the word "Tesla" as a parameter and finds similar words, e.g. tesla, teslić, tesla transformer etc. and which are returned in response to a request to the web browser.
Creating the application skeleton is done using the command in the command prompt:
dotnet new web
A web service that returns system time on the server was actually created in one of the previous examples, by adding the MapGet () command of a class object that implements the IEndpointRouteBuilder interface and maps the url call:
http://localhost:5000/time
to a web service that displays system time, see below figure:
Using the: endpoint.MapGet () commands, other web services can be added, such as call service :
http://localhost:5000/day
return the day of the week, which can be seen in the following figure:
If we would now like to call a web service and pass it a parameter, e.g. by calling through a web browser using the following URL:
http://localhost:5000/hello?name=Mihajlo
then in the implementation of the web service we would have to extract the previously sent parameter name = Mihajlo which represents the name to be attached to the welcome message. The following figure shows the code that will allow this:
To extract the name, we first create a variable "name", which we will extract from the "context.Request" object using the Querry property, which is actually a set of parameters defined in the call URL after "?". The value of the "name" parameter is extracted from the set by access via the name of the Querry [name] parameter.
After runing the application:
After runing the application:
Security recommendations for servicing static web pages
- Use HTTPS: Implementing HTTPS ensures that all data is encrypted during transmission between the server and the client. This is crucial for protecting user data, even with static pages.
- SSL/TLS certificates: Ensure that your server uses SSL/TLS certificates to guarantee a secure communication channel. You can get free SSL certificates with services like Let's Encrypt.
- HTTP Strict Transport Security Policy (HSTS): Enables automatic redirection of all HTTP requests to HTTPS, thus preventing the use of insecure connections.
- Attack protection: Enable protection against DDoS attacks using firewall and load balancing technologies.
Compression and caching
- Compression: Web servers like Apache and Nginx can automatically compress static files using compression like Gzip or Brotli. This reduces file size (HTML, CSS, JS) and speeds up page loading.
- Apache: Enable Gzip compression by adding mod_deflate.
- Nginx: Use gzip on; in the configuration.
- Caching: Define headers for caching resources to reduce the need for re-fetching. Use Cache-Control and Expires for long-term caching.
Examples of settings
Apache
<code>
<IfModule mod_deflate.c><br>
AddOutputFilterByType DEFLATE text/html text/css application/javascript<br>
</IfModule><br>
<br>
<IfModule mod_expires.c><br>
ExpiresActive On<br>
ExpiresByType text/html "access plus 1 hour"<br>
ExpiresByType image/jpeg "access plus 1 month"<br>
</IfModule><br>
</code>
<IfModule mod_deflate.c><br>
AddOutputFilterByType DEFLATE text/html text/css application/javascript<br>
</IfModule><br>
<br>
<IfModule mod_expires.c><br>
ExpiresActive On<br>
ExpiresByType text/html "access plus 1 hour"<br>
ExpiresByType image/jpeg "access plus 1 month"<br>
</IfModule><br>
</code>
- Compression (mod_deflate): This module compresses responses (HTML, CSS, JS) using Gzip, reducing the size of data transferred between server and client.
- Caching (mod_expires): Defines how long the browser should cache resources (eg images), which improves performance by reducing requests to the server.
Nginx
gzip on;
gzip_types text/css application/javascript;
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
}
- gzip on: Enables Gzip compression for certain content types (CSS, JavaScript).
- location block: Sets caching rules for static files such as images and CSS files, allowing caching for up to 30 days.
Practical steps for implementing HTTPS and SSL certificates:
- Obtaining an SSL/TLS certificate: Certificates can be purchased from authorized Certificate Authorities (CAs) or for free through services such as Let's Encrypt.
- Setting for Apache:
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo service apache2 reload
Then, in the Apache configuration file (eg /etc/apache2/sites-available/default-ssl.conf), set the path to the certificate:
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
3. Setting for Nginx: In the Nginx configuration file:
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /path/to/your_domain_name.crt;
ssl_certificate_key /path/to/your_private.key;
}
This configuration enables SSL/TLS on the server.
4. Redirect HTTP to HTTPS: In Nginx or Apache, add a rule to redirect all HTTP requests to HTTPS, ensuring secure communication.
Once set up, it's important to regularly renew your SSL certificates and test your HTTPS connection using security testing tools like SSL Labs.
4. Redirect HTTP to HTTPS: In Nginx or Apache, add a rule to redirect all HTTP requests to HTTPS, ensuring secure communication.
Once set up, it's important to regularly renew your SSL certificates and test your HTTPS connection using security testing tools like SSL Labs.
Previous
|< ASP.NET Core web application |