📝 Add permalinks to headers in English docs (#13993)

Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
2026-03-09 10:27:54 -04:00 · 2025-08-31 11:15:41 +02:00
parent 7653de2715
commit c55f7138a1
112 changed files with 1060 additions and 1060 deletions
--- a/docs/en/docs/deployment/https.md
+++ b/docs/en/docs/deployment/https.md
@@ -1,4 +1,4 @@
-# About HTTPS
+# About HTTPS { #about-https }

 It is easy to assume that HTTPS is something that is just "enabled" or not.

@@ -43,7 +43,7 @@ Some of the options you could use as a TLS Termination Proxy are:
 * Nginx
 * HAProxy

-## Let's Encrypt
+## Let's Encrypt { #lets-encrypt }

 Before Let's Encrypt, these **HTTPS certificates** were sold by trusted third parties.

@@ -57,11 +57,11 @@ The domains are securely verified and the certificates are generated automatical

 The idea is to automate the acquisition and renewal of these certificates so that you can have **secure HTTPS, for free, forever**.

-## HTTPS for Developers
+## HTTPS for Developers { #https-for-developers }

 Here's an example of how an HTTPS API could look like, step by step, paying attention mainly to the ideas important for developers.

-### Domain Name
+### Domain Name { #domain-name }

 It would probably all start by you **acquiring** some **domain name**. Then, you would configure it in a DNS server (possibly your same cloud provider).

@@ -77,7 +77,7 @@ This Domain Name part is way before HTTPS, but as everything depends on the doma

 ///

-### DNS
+### DNS { #dns }

 Now let's focus on all the actual HTTPS parts.

@@ -87,7 +87,7 @@ The DNS servers would tell the browser to use some specific **IP address**. That

 <img src="/img/deployment/https/https01.drawio.svg">

-### TLS Handshake Start
+### TLS Handshake Start { #tls-handshake-start }

 The browser would then communicate with that IP address on **port 443** (the HTTPS port).

@@ -97,7 +97,7 @@ The first part of the communication is just to establish the connection between

 This interaction between the client and the server to establish the TLS connection is called the **TLS handshake**.

-### TLS with SNI Extension
+### TLS with SNI Extension { #tls-with-sni-extension }

 **Only one process** in the server can be listening on a specific **port** in a specific **IP address**. There could be other processes listening on other ports in the same IP address, but only one for each combination of IP address and port.

@@ -127,7 +127,7 @@ Notice that the encryption of the communication happens at the **TCP level**, no

 ///

-### HTTPS Request
+### HTTPS Request { #https-request }

 Now that the client and server (specifically the browser and the TLS Termination Proxy) have an **encrypted TCP connection**, they can start the **HTTP communication**.

@@ -135,19 +135,19 @@ So, the client sends an **HTTPS request**. This is just an HTTP request through

 <img src="/img/deployment/https/https04.drawio.svg">

-### Decrypt the Request
+### Decrypt the Request { #decrypt-the-request }

 The TLS Termination Proxy would use the encryption agreed to **decrypt the request**, and would transmit the **plain (decrypted) HTTP request** to the process running the application (for example a process with Uvicorn running the FastAPI application).

 <img src="/img/deployment/https/https05.drawio.svg">

-### HTTP Response
+### HTTP Response { #http-response }

 The application would process the request and send a **plain (unencrypted) HTTP response** to the TLS Termination Proxy.

 <img src="/img/deployment/https/https06.drawio.svg">

-### HTTPS Response
+### HTTPS Response { #https-response }

 The TLS Termination Proxy would then **encrypt the response** using the cryptography agreed before (that started with the certificate for `someapp.example.com`), and send it back to the browser.

@@ -157,7 +157,7 @@ Next, the browser would verify that the response is valid and encrypted with the

 The client (browser) will know that the response comes from the correct server because it is using the cryptography they agreed using the **HTTPS certificate** before.

-### Multiple Applications
+### Multiple Applications { #multiple-applications }

 In the same server (or servers), there could be **multiple applications**, for example, other API programs or a database.

@@ -167,7 +167,7 @@ Only one process can be handling the specific IP and port (the TLS Termination P

 That way, the TLS Termination Proxy could handle HTTPS and certificates for **multiple domains**, for multiple applications, and then transmit the requests to the right application in each case.

-### Certificate Renewal
+### Certificate Renewal { #certificate-renewal }

 At some point in the future, each certificate would **expire** (about 3 months after acquiring it).

@@ -190,7 +190,7 @@ To do that, and to accommodate different application needs, there are several wa

 All this renewal process, while still serving the app, is one of the main reasons why you would want to have a **separate system to handle HTTPS** with a TLS Termination Proxy instead of just using the TLS certificates with the application server directly (e.g. Uvicorn).

-## Recap
+## Recap { #recap }

 Having **HTTPS** is very important, and quite **critical** in most cases. Most of the effort you as a developer have to put around HTTPS is just about **understanding these concepts** and how they work.