Foundations: Web, Git, and Command Line
Establish core web concepts, version control fluency, and developer tooling fundamentals for a productive workflow.
Content
Web Architecture Basics
Versions:
Watch & Learn
AI-discovered learning video
Web Architecture Basics: The 12-Lane Highway Under Your App's Cute UI
"You type a URL, hit Enter, and boom — pixels. But behind that instant gratification is a full-blown logistical opera with more moving parts than a Tesla factory."
Welcome to the backstage tour of the web. If you plan to be a certified full stack developer, you can’t just vibe with frameworks — you need to know what actually happens when a browser meets a server and they decide to exchange structured love letters called HTTP.
Why this matters:
- Debugging weird production issues without this knowledge is like trying to fix a car by whispering to it.
- Performance, security, and scalability all live here.
- Interviews. You will get asked versions of “what happens when you type google.com.” Today: you’ll be ready.
The Request Road Trip: From URL to Pixels
Imagine you order pizza. But instead of a delivery guy, you get:
- a map app (DNS),
- a highway (the network),
- a toll booth (TLS),
- a distributor hub (CDN),
- a traffic cop (load balancer),
- a front desk concierge (reverse proxy),
- the actual kitchen (app server),
- a pantry (database),
- and a microwave of pure chaos (cache).
Here’s the actual path, minus marinara:
- You type a URL like https://cats.example.com
- Browser parses the URL: scheme=https, host=cats.example.com, path=/, maybe query and fragment.
- DNS lookup
- The browser asks: what IP is cats.example.com?
- Recursive resolvers ask around until they find the authoritative answer. You get an IP (IPv4 or IPv6). Sometimes it points to a CDN edge.
- TCP and TLS handshakes
- TCP opens a connection (port 443 for HTTPS, 80 for HTTP). Three-way handshake hello.
- TLS negotiates encryption. Now your data wears a tiny suit of armor.
- HTTP request gets sent
GET / HTTP/1.1
Host: cats.example.com
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml
Accept-Encoding: br,gzip
- Edge logic: CDN, WAF, and friends
- CDN checks: do I have this cached? If yes: instant win. If not: it forwards upstream.
- A Web Application Firewall (WAF) might quietly karate-chop malicious requests.
- Load balancer chooses a healthy server
- Distributes traffic across instances. Helps with horizontal scaling and high availability.
- Reverse proxy/web server (e.g., Nginx) mediates
- Terminates TLS, serves static files, compresses content, and forwards dynamic requests to the app server.
- Application server runs your code
- Your framework (Express, Django, Rails, Spring) handles routes, runs business logic, fetches data, calls other services.
- Data layer
- Database queries, maybe Redis cache lookup, object storage fetch (images), or a message queue enqueue for background tasks.
- Response returns up the chain
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Encoding: br
Cache-Control: public, max-age=600
- Browser renders
- HTML parsed → CSS applied → JS executed → layout/paint/composite → the page appears. Additional requests fire for CSS, JS, images, fonts (often from the CDN).
The path above repeats for every asset unless it’s cached. Caching is the closest thing we have to web sorcery.
The Cast of Characters (With Vibes)
Browser → DNS → CDN/Edge → Load Balancer → Reverse Proxy → App Server → DB/Cache/Object Storage
↘ (WAF)
| Component | What it is | Why we care |
|---|---|---|
| Client (Browser/App) | The requester and renderer | Parses, caches, executes JS; can be opinionated and dramatic |
| DNS | Phonebook of the internet | Translates domains to IPs; can route by geography via CDN |
| CDN (Edge) | Global cache network | Low latency, offloads traffic, protects origin |
| Load Balancer | Traffic distributor | Reliability, horizontal scale |
| Reverse Proxy/Web Server | Middle front desk | TLS termination, static files, compression, routing |
| App Server | Your code runner | Where your logic and bugs live |
| Database | Data store | Structured (SQL) or unstructured (NoSQL) |
| Cache (Redis/Memcached) | Fast key-value store | Millisecond reads, session store, rate limiting |
| Object Storage | Blob home (e.g., images) | Durable, cheap, not a DB replacement |
| Message Queue | Async pipeline | Offload slow tasks, smooth spikes |
HTTP: The Web’s Love Language
- Stateless by design. Each request knows nothing about the last one.
- Methods: GET, POST, PUT, PATCH, DELETE (and a few rarities).
- Status codes: 2xx (success), 3xx (redirect), 4xx (client oops), 5xx (server yikes).
- Headers: where caching, auth, content negotiation, and performance tuning live.
Example patterns:
- REST: resources and verbs. Predictable, cache-friendly.
- GraphQL: ask for exactly what you want. Great for complex UIs; needs care for caching.
- gRPC/RPC: tight, binary, speedy; usually service-to-service.
The web is stateless; your users are not. So we add state without breaking the stateless vibe.
State and Sessions (aka Remembering Humans)
HTTP forgets. You must remember.
- Cookies: Small blobs sent by the server; browser returns them on subsequent requests to that domain. Use HttpOnly, Secure, SameSite to avoid chaos.
- Server sessions: Cookie holds a session ID; actual data lives in Redis or DB.
- Tokens: JWTs or opaque tokens in Authorization header. Good for APIs and mobile. Rotate and validate.
- CSRF and CORS:
- CSRF: protect state-changing endpoints (same-site cookies, CSRF tokens).
- CORS: tells the browser which origins may access resources. Configure carefully, not with wildcard therapy.
Performance: Faster Than Your Users’ Attention Span
Where speed happens:
- Cache, cache, cache
- Browser cache: respect Cache-Control, ETag, Last-Modified.
- CDN cache: put static assets on the edge; consider immutable file names with hashes.
- App/DB cache: memoize hot queries in Redis, but bust responsibly.
- Ship less, compress more
- Minify CSS/JS, enable gzip/brotli, image optimization, HTTP/2 multiplexing, HTTP/3/QUIC where possible.
- Database discipline
- Index the right columns. Avoid N+1 queries. Paginate. Profile queries.
- Frontend smarts
- Lazy-load images, code-split JS, prefetch critical assets, measure with real user monitoring.
Latency is a budget. Spend it like cash: intentionally.
Reliability and Scaling Without Tears
- Horizontal vs vertical scaling
- Vertical: bigger boxes. Fast but limited and pricey at the top.
- Horizontal: more boxes. Needs stateless services and shared stores.
- Health checks and auto-scaling
- Kill and replace sick instances automatically. Cattle, not pets.
- Database replication and failover
- Reads from replicas; writes to primary. Plan for split-brain and lag.
- CAP theorem (30-second version)
- In a network partition, you choose consistency or availability. Pick based on use case.
- Idempotency keys
- Safe retries for POST-like actions. Prevent duplicate charges and oopsies.
Architectures in the Wild
- Monolith
- One app for everything. Simple to start, easier to debug. Outgrows shoes eventually.
- Microservices
- Many small services. Independent deploys, but distributed-systems headaches. Observability required.
- Serverless/functions
- Scale-to-zero magic; great for spiky workloads and event-driven jobs. Cold starts and limits to consider.
Frontend flavors:
- MPA (Multi-Page App): server renders each page. Great SEO, simple caching.
- SPA (Single-Page App): client-side routing and APIs. Snappy UX after first load.
- SSR/SSG/ISR blends: render on server or at build time, revalidate on demand. Best of both worlds when tuned.
Realtime needs:
- WebSockets: full-duplex chatty channel. Great for chats, games, dashboards.
- Server-Sent Events: simple one-way updates from server.
- Long polling: the fallback when times are tough.
Security: The Seatbelts You Actually Wear
- HTTPS everywhere (TLS). Consider HSTS to force it.
- Input validation and output encoding to block XSS and injection.
- Least privilege for services and database users.
- Rate limiting and throttling at the edge to stop brute-force and abuse.
- Secrets management: env vars, vaults; never commit keys to repos, ever.
Security is not a feature — it’s a habit you practice every request.
Put It Together: A Mini Mental Model
Follow a request; if something breaks, ask: where on the chain?
- Name resolution (DNS) working?
- TLS/ports open (443) and certificates valid?
- Edge/CDN rules okay? Cache status hit/miss?
- Load balancer health checks good?
- Reverse proxy routes correct? Any gzip/Brotli issues?
- App logs screaming? Timeouts? Memory pressure?
- Database slow? Locks? Missing indexes?
- Cache helping or hurting (stale or stampede)?
- Frontend shipping megabytes of JS tacos it doesn’t need?
Quick Glossary (Because Jargon Is Real)
- Origin: your real server behind the CDN.
- Port: door number on a machine (HTTP 80, HTTPS 443).
- Reverse proxy vs forward proxy: reverse sits in front of servers; forward sits in front of clients.
- E2E latency: total time from request to pixels.
- Backpressure: telling upstream to slow down when downstream is drowning.
Closing: Your Architecture Superpower
Web architecture is the difference between “it works on my machine” and “it works for a million users in Singapore during a product launch.”
Key takeaways:
- HTTP is simple; the ecosystem around it is gloriously not. Respect the layers.
- Caching is performance steroids — use at browser, edge, and app.
- Stateless services scale; state lives in shared stores (DB, cache, object storage).
- Reliability is engineered: health checks, retries, idempotency, and observability.
- Security is layered: TLS, WAF, least privilege, sane cookie and CORS configs.
Walk away with this mantra: design for clarity first, measure everything, cache aggressively (but correctly), and always know where your request is on its road trip.
Now go make the web fast, safe, and slightly magical.
Comments (0)
Please sign in to leave a comment.
No comments yet. Be the first to comment!