HN Academy

Not a book, and I only have one (positive) data point from a coworker, but this free Udacity course tackles that subject: https://www.udacity.com/course/networking-for-web-developers...

Udacity has a Networking for Web Developers course[0], but I'd recommend trying out things (such as running a simple web-app on your own server). Things like:

- Running https://certbot.eff.org/instructions

- Trying out a few different web servers (apache/nginx/caddy)

- Playing around with load-balancers on $cloud_provider.

- Spending time with docker networking (https://docs.docker.com/config/containers/container-networki...)

- Playing around with various X-Forwarded header options in the context of your application

For a web developer, the most useful skill is knowing what each and every component on the pipeline is doing before your code executes on the request. As a common eg, if your application seems to be loading stylesheets from `http://` instead of `https://` despite being loaded over HTTPS, it is often because your application didn't honor the X-Forwarded-Proto header (which most frameworks will do for you). Similarly, seeing a local IP address (192.168.x.y for eg) on a log, and realizing that you should be using the X-Forwarded-Ip by "trusting your proxy"[1] and doing it securely[2].[3].

[0]: https://www.udacity.com/course/networking-for-web-developers...

[1]: https://expressjs.com/en/guide/behind-proxies.html

[2]: https://shubs.io/enumerating-ips-in-x-forwarded-headers-to-b...

[3]: https://blog.ircmaxell.com/2012/11/anatomy-of-attack-how-i-h...