How to upgrade nginx to support HTTP2.0
1. Preface
# ssl写在443端口后面。这样http和https的链接都可以用
listen 443 ssl http2 default_server;
server_name chat.chengxinsong.cn;
# hsts的合理使用,max-age表明hsts在浏览器中的缓存时间,includesubdomainscam参数指定应该在所有子域上启用hsts,preload参数表示预加载,通过strict-transport-security: max-age=0将缓存设置为0可以撤销hsts
add_header strict-transport-security "max-age=63072000; includesubdomains; preload";
ssl_certificate /usr/local/nginx/cert/2540136_chat.chengxinsong.cn.pem;
ssl_certificate_key /usr/local/nginx/cert/2540136_chat.chengxinsong.cn.key;
# 分配20mb的共享内存缓存,不同工作进程共享tls会话信息
# ssl_session_cache shared:ssl:20m;
# 设置会话缓存过期时间1h
ssl_session_timeout 60m;
# tls协议的合理配置
# 指定tls协议的版本,不安全的ssl2和ssl3要废弃掉
ssl_protocols tlsv1 tlsv1.1 tlsv1.2;
# 启用ssl_prefer_server_ciphers,用来告诉nginx在tls握手时启用服务器算法优先,由服务器选择适配算法而不是客户端
ssl_prefer_server_ciphers on;
# 优先选择支持前向加密的算法,且按照性能的优先顺序排列
ssl_ciphers ecdhe-rsa-aes128-gcm-sha256:ecdhe:ecdh:aes:high:!null:!anull:!md5:!adh:!rc4;
# 会话恢复的合理使用
# 配置会话票证,减少了tls握手的开销
ssl_session_tickets on;Then execute the check nginx configuration. nginx -t
means that http2.0 lacks ngx_http_v2_module. nginx lacks the http_ssl_module module. Just bring the --with-http_ssl_module configuration when compiling and installing.
2. Search information to find the reason
The reason for the above is that nginx has replaced ngx_http_spdy_module with the http_v2_module module since 1.9.5, and officially started to support the http2 protocol.
But my nginx is 1.12.2. It should not be an ngin version issue
Notes:
1. And the openssl library version needs to be compiled at or above 1.0.2. 1. To enable http/2 protocol support, you need to compile nginx 1.10 or above and the openssl library version 1.0.2 or above.
2.http2.0 only supports websites with https enabled.
It may be the version of the server's openssl library, which is found to be 1.0.2.
So we still need to upgrade to a higher point.
3. Upgrade openssl
In the http2.0 protocol, it involves support for alpn (application layer protocol negotiation, application layer protocol negotiation). Currently, all mainstream The built-in openssl libraries in unix server systems are all lower than version 1.0.2. By using openssl's command line tool, you can check whether the current http2 service supports alpn.
Find an installation directory
1. Download the latest version of openssl library, compile and install
wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz tar xzf openssl-1.1.0f.tar.gz cd openssl-1.1.0f ./config --prefix=/usr/local/openssl make && make install
2. Replace the old version library
mv /usr/bin/openssl /usr/bin/openssl.old mv /usr/include/openssl /usr/include/openssl.old ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl #链接新库文件 ln -s /usr/local/openssl/lib/libssl.so /usr/local/lib64/libssl.so ln -s /usr/local/openssl/lib/libcrypto.so /usr/local/lib64/libcrypto.so #检查更新后的openssl依赖库是否是1.1.0f strings /usr/local/lib64/libssl.so | grep openssl #显示结果表明已升级到最新版本链接库 openssl 1.1.0f 25 may 2017 #配置openssl库文件的搜索路径 echo '/usr/local/openssl/lib' >> /etc/ld.so.conf #使修改后的搜索路径生效 ldconfig -v #查看openssl版本,结果显示升级成功 openssl version openssl 1.1.0f 25 may 2017
4 , nginx turns on the ssl module
The default compiled nginx does not include the h2 module. We need to add parameters to compile. As of the time of publishing, the source code of nginx 1.9 development version and above needs to add compilation parameters by ourselves. From the software Those downloaded from the source warehouse are compiled by default. nginx no longer supports spdy.
If the nginx you compiled does not support it, then add: --with-http_v2_module in ./configure. If there is no ssl support, you also need to add --with-http_ssl_module
1. Find the source code package and check whether the configure supports http2
At this time, you need to find the configure in the source code folder when downloading. Note: Not the folder after compilation.
In the "./configure" configuration, "--with" means enabling modules, which means that these modules will not be automatically built when compiling "--without" Indicates that modules are disabled, which means that these modules will be automatically built during compilation. If you want nginx to run lightweight, you can remove some unnecessary modules.
Execute ./configure --help
From the above figure, we know that nginx will not automatically build http_ssl_module and http_v2_module during compilation. So nginx needs to be recompiled.
2. Add parameters to compile
Our new configuration information should be written like this:
./configure --prefix=/usr/local/nginx --with-http_v2_module --with-http_ssl_module --with-openssl=/home/soft/openssl-1.1.0f
The above /usr/local/nginx path It is the package path after we compiled it.
Then add: --with-http_v2_module in ./configure. If there is no ssl support, you also need to add --with-http_ssl_module, plus the openssl just updated to 1.1.0, so you need to add - -with-openssl=/home/soft/openssl-1.1.0f.
Just run the above command. After the configuration is completed
After the configuration is completed, run the command
make
Do not perform make install here, otherwise it will be an overwrite installation
3. Backup and replacement
(1) Then back up the original installed nginx
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_07_22.bak
(2) Close nginx, and then install the newly compiled nginx Overwrite the original nginx
Close nginx
./nginx -s quit
Move the compiled nginx to the original nginx
cp ./objs/nginx /usr/local/nginx/sbin/
(3) Start nginx
. /nginx
Wait for 1 minute, and then you can see the effect of http2.0.
5. Check whether the website is http2.0
Right-click the name and check protocol, so that you can see the http protocol.
The website address of the screenshot above:
Compare the http1.1 website
The above is the detailed content of How to upgrade nginx to support HTTP2.0. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to allow external network access to tomcat server
Apr 21, 2024 am 07:22 AM
To allow the Tomcat server to access the external network, you need to: modify the Tomcat configuration file to allow external connections. Add a firewall rule to allow access to the Tomcat server port. Create a DNS record pointing the domain name to the Tomcat server public IP. Optional: Use a reverse proxy to improve security and performance. Optional: Set up HTTPS for increased security.
How to run thinkphp
Apr 09, 2024 pm 05:39 PM
Steps to run ThinkPHP Framework locally: Download and unzip ThinkPHP Framework to a local directory. Create a virtual host (optional) pointing to the ThinkPHP root directory. Configure database connection parameters. Start the web server. Initialize the ThinkPHP application. Access the ThinkPHP application URL and run it.
Welcome to nginx!How to solve it?
Apr 17, 2024 am 05:12 AM
To solve the "Welcome to nginx!" error, you need to check the virtual host configuration, enable the virtual host, reload Nginx, if the virtual host configuration file cannot be found, create a default page and reload Nginx, then the error message will disappear and the website will be normal show.
How to deploy nodejs project to server
Apr 21, 2024 am 04:40 AM
Server deployment steps for a Node.js project: Prepare the deployment environment: obtain server access, install Node.js, set up a Git repository. Build the application: Use npm run build to generate deployable code and dependencies. Upload code to the server: via Git or File Transfer Protocol. Install dependencies: SSH into the server and use npm install to install application dependencies. Start the application: Use a command such as node index.js to start the application, or use a process manager such as pm2. Configure a reverse proxy (optional): Use a reverse proxy such as Nginx or Apache to route traffic to your application
How to generate URL from html file
Apr 21, 2024 pm 12:57 PM
Converting an HTML file to a URL requires a web server, which involves the following steps: Obtain a web server. Set up a web server. Upload HTML file. Create a domain name. Route the request.
How to implement HTTP streaming using C++?
May 31, 2024 am 11:06 AM
How to implement HTTP streaming in C++? Create an SSL stream socket using Boost.Asio and the asiohttps client library. Connect to the server and send an HTTP request. Receive HTTP response headers and print them. Receives the HTTP response body and prints it.
Can nodejs be accessed from the outside?
Apr 21, 2024 am 04:43 AM
Yes, Node.js can be accessed from the outside. You can use the following methods: Use Cloud Functions to deploy the function and make it publicly accessible. Use the Express framework to create routes and define endpoints. Use Nginx to reverse proxy requests to Node.js applications. Use Docker containers to run Node.js applications and expose them through port mapping.
How to deploy and maintain a website using PHP
May 03, 2024 am 08:54 AM
To successfully deploy and maintain a PHP website, you need to perform the following steps: Select a web server (such as Apache or Nginx) Install PHP Create a database and connect PHP Upload code to the server Set up domain name and DNS Monitoring website maintenance steps include updating PHP and web servers, and backing up the website , monitor error logs and update content.
