Home > Operation and Maintenance > Nginx > How to upgrade nginx to support HTTP2.0

How to upgrade nginx to support HTTP2.0

王林
Release: 2023-05-24 22:58:04
forward
2586 people have browsed it

1. Preface

# ssl写在443端口后面。这样http和https的链接都可以用
    listen 443 ssl http2 default_server;
    server_name chat.chengxinsong.cn;
    
  # hsts的合理使用,max-age表明hsts在浏览器中的缓存时间,includesubdomainscam参数指定应该在所有子域上启用hsts,preload参数表示预加载,通过strict-transport-security: max-age=0将缓存设置为0可以撤销hsts
  add_header strict-transport-security "max-age=63072000; includesubdomains; preload";
    
  ssl_certificate   /usr/local/nginx/cert/2540136_chat.chengxinsong.cn.pem;
    ssl_certificate_key /usr/local/nginx/cert/2540136_chat.chengxinsong.cn.key;
    
  # 分配20mb的共享内存缓存,不同工作进程共享tls会话信息
  # ssl_session_cache shared:ssl:20m;
    
  # 设置会话缓存过期时间1h
  ssl_session_timeout 60m;
    
  # tls协议的合理配置
  # 指定tls协议的版本,不安全的ssl2和ssl3要废弃掉
  ssl_protocols tlsv1 tlsv1.1 tlsv1.2;
    
  # 启用ssl_prefer_server_ciphers,用来告诉nginx在tls握手时启用服务器算法优先,由服务器选择适配算法而不是客户端
  ssl_prefer_server_ciphers on;
    
  # 优先选择支持前向加密的算法,且按照性能的优先顺序排列
  ssl_ciphers ecdhe-rsa-aes128-gcm-sha256:ecdhe:ecdh:aes:high:!null:!anull:!md5:!adh:!rc4;
    
  # 会话恢复的合理使用
  # 配置会话票证,减少了tls握手的开销
  ssl_session_tickets on;
Copy after login

Then execute the check nginx configuration. nginx -t

How to upgrade nginx to support HTTP2.0

means that http2.0 lacks ngx_http_v2_module. nginx lacks the http_ssl_module module. Just bring the --with-http_ssl_module configuration when compiling and installing.

2. Search information to find the reason

The reason for the above is that nginx has replaced ngx_http_spdy_module with the http_v2_module module since 1.9.5, and officially started to support the http2 protocol.

But my nginx is 1.12.2. It should not be an ngin version issue

How to upgrade nginx to support HTTP2.0

Notes:

1. And the openssl library version needs to be compiled at or above 1.0.2. 1. To enable http/2 protocol support, you need to compile nginx 1.10 or above and the openssl library version 1.0.2 or above.

2.http2.0 only supports websites with https enabled.

It may be the version of the server's openssl library, which is found to be 1.0.2.

So we still need to upgrade to a higher point.

3. Upgrade openssl

In the http2.0 protocol, it involves support for alpn (application layer protocol negotiation, application layer protocol negotiation). Currently, all mainstream The built-in openssl libraries in unix server systems are all lower than version 1.0.2. By using openssl's command line tool, you can check whether the current http2 service supports alpn.

Find an installation directory

1. Download the latest version of openssl library, compile and install

wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar xzf openssl-1.1.0f.tar.gz
cd openssl-1.1.0f
./config --prefix=/usr/local/openssl
make && make install
Copy after login

2. Replace the old version library

mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
#链接新库文件
ln -s /usr/local/openssl/lib/libssl.so /usr/local/lib64/libssl.so
ln -s /usr/local/openssl/lib/libcrypto.so /usr/local/lib64/libcrypto.so
#检查更新后的openssl依赖库是否是1.1.0f
strings /usr/local/lib64/libssl.so | grep openssl
#显示结果表明已升级到最新版本链接库
openssl 1.1.0f 25 may 2017

#配置openssl库文件的搜索路径
echo '/usr/local/openssl/lib' >> /etc/ld.so.conf
#使修改后的搜索路径生效
ldconfig -v
#查看openssl版本,结果显示升级成功
openssl version
openssl 1.1.0f 25 may 2017
Copy after login

4 , nginx turns on the ssl module

The default compiled nginx does not include the h2 module. We need to add parameters to compile. As of the time of publishing, the source code of nginx 1.9 development version and above needs to add compilation parameters by ourselves. From the software Those downloaded from the source warehouse are compiled by default. nginx no longer supports spdy.

If the nginx you compiled does not support it, then add: --with-http_v2_module in ./configure. If there is no ssl support, you also need to add --with-http_ssl_module

1. Find the source code package and check whether the configure supports http2

At this time, you need to find the configure in the source code folder when downloading. Note: Not the folder after compilation.

How to upgrade nginx to support HTTP2.0

In the "./configure" configuration, "--with" means enabling modules, which means that these modules will not be automatically built when compiling "--without" Indicates that modules are disabled, which means that these modules will be automatically built during compilation. If you want nginx to run lightweight, you can remove some unnecessary modules.

Execute ./configure --help

How to upgrade nginx to support HTTP2.0

From the above figure, we know that nginx will not automatically build http_ssl_module and http_v2_module during compilation. So nginx needs to be recompiled.

2. Add parameters to compile

Our new configuration information should be written like this:

./configure --prefix=/usr/local/nginx --with-http_v2_module --with-http_ssl_module --with-openssl=/home/soft/openssl-1.1.0f
Copy after login

The above /usr/local/nginx path It is the package path after we compiled it.

Then add: --with-http_v2_module in ./configure. If there is no ssl support, you also need to add --with-http_ssl_module, plus the openssl just updated to 1.1.0, so you need to add - -with-openssl=/home/soft/openssl-1.1.0f.

Just run the above command. After the configuration is completed

After the configuration is completed, run the command

make
Copy after login

Do not perform make install here, otherwise it will be an overwrite installation

3. Backup and replacement

(1) Then back up the original installed nginx

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_07_22.bak
Copy after login

(2) Close nginx, and then install the newly compiled nginx Overwrite the original nginx

Close nginx

./nginx -s quit
Copy after login

Move the compiled nginx to the original nginx

cp ./objs/nginx /usr/local/nginx/sbin/
Copy after login

(3) Start nginx

. /nginx
Wait for 1 minute, and then you can see the effect of http2.0.

5. Check whether the website is http2.0

Right-click the name and check protocol, so that you can see the http protocol.

How to upgrade nginx to support HTTP2.0

The website address of the screenshot above:

Compare the http1.1 website

How to upgrade nginx to support HTTP2.0

The above is the detailed content of How to upgrade nginx to support HTTP2.0. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template