nginx⽀持http2协议
1.http2协议
HTTP 2.0 的主要⽬标是改进传输性能,实现低延迟和⾼吞吐量。从另⼀⽅⾯看,HTTP 的⾼层协议语义并不会因为这次版本升级⽽受影响。所有HTTP ⾸部、值,以及它们的使⽤场景都不会变。
现有的任何⽹站和应⽤,⽆需做任何修改都可以在HTTP 2.0 上跑起来。不⽤为了利⽤HTTP 2.0 的好处⽽修改标记。HTTP 服务器必须运⾏HTTP 2.0 协议,但⼤部分⽤户都不会因此⽽受到影响
centos6安装参考:
imhanjm/2017/04/20/nginx%20http2%E7%BC%96%E8%AF%91%E5%AE%89%E8%A3%85/
blog.csdn/littlesmallless/article/details/59173287
2.编译安装nginx
#1.安装依赖
[root@hadoop_node1 ~]# yum install -y gcc gcc-c++ pcre pcre-devel openssl-devel zlib zlib-devel
#2.下载安装
[root@hadoop_node1 ~]# cd /usr/local/src/
[root@hadoop_node1 src]# wget /download/nginx-1.10.
[root@hadoop_node1 src]# tar xf nginx-1.10.
[root@hadoop_node1 src]# cd nginx-1.10.3/
#3.编译参数
[root@hadoop_node1 nginx-1.10.3]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx-1.10.3 --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module
[root@hadoop_node1 nginx-1.10.3]# make && make install
--with-http_v2_module ⽀持http2协议
[root@hadoop_master nginx]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.10.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx-1.10.3 --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module
3.⽣成证书
因为没有真的证书,所以⽣成⼀个伪证书
[root@hadoop_node1 nginx-1.10.3]# ln -s /usr/local/nginx-1.10.3/ /usr/local/nginx
[root@hadoop_node1 nginx-1.10.3]# cd /usr/local/nginx/conf/
[root@hadoop_node1 conf]# mkdir key
[root@hadoop_node1 conf]# cd key/
#⾃定义密码
[root@hadoop_node1 key]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..........++++++
..........++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
#签发证书
[root@hadoop_node1 key]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:SDU
Organizational Unit Name (eg, section) []:SA
Common Name (eg, your name or your server's hostname) []:xiaojin
Email Address []:123@qq
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
[root@hadoop_node1 key]# cp server.key i
[root@hadoop_node1 key]# openssl rsa -in i -out server.key
Enter pass phrase for i:
writing RSA key
[root@hadoop_node1 key]# openssl x509 -req -days 365 -in server.csr -signkey server.key -
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=SDU/OU=SA/CN=xiaojin/emailAddress=123@qq
Getting Private key
4.修改nginx的配置⽂件
[root@hadoop_node1 conf]# f
worker_processes 1;
events {
worker_connections 1024;
}
http {
include pes;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name 10.0.0.71;
if ($scheme ~ http) {
return $server_name:8443$request_uri;
}
location / {
root html;
index index.html index.htm;
}
location = /50x.html {
root html;
}
}
server {
listen 8443 ssl http2 default_server;
server_name 10.0.0.71;
ssl_certificate ;
ssl_certificate_key key/server.key;
location / {
root html;
index index.html index.htm;
}
location = /50x.html {
root html;
}
}
}
检查防⽕墙是否开启,是否开启8443和80端⼝
[root@hadoop_node1 conf]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@hadoop_node1 conf]# iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
[root@hadoop_node1 conf]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx-1.10.3/f syntax is ok
nginx: configuration file /usr/local/nginx-1.10.3/f test is successful
[root@hadoop_node1 conf]# /usr/local/nginx/sbin/nginx
[root@hadoop_node1 conf]# ss -lntup|grep 8
tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=7582,fd=6),("nginx",pid=7581,fd=6))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=1885,fd=3))
tcp LISTEN 0 128 *:8443 *:* users:(("nginx",pid=7582,fd=7),("nginx",pid=7581,fd=7))
tcp LISTEN 0 128 :::22 :::* users:(("sshd",pid=1885,fd=4))
验证⽅法
⽅法⼀
1. 使⽤Chrome访问启⽤的站点,⽐如Jackie的环境为10.0.0.71:8443。
2. 新开TAB页,在地址栏中输⼊chrome://net-internals/#http2,检查HTTP/2 sessions下的表格。
3. 确认表格⾥是否出现了上⼀步访问的主机地址,⽐如10.0.0.71:8443。
⽅法⼆
1. 使⽤命令,参考,执⾏如下命令,确认站点返回的协议是否为HTTP
2. curl --http2 -I 10.0.0.71:8443nginx ssl证书配置
3. 如执⾏上述命令时遇到如下错误,说明系统当前安装的还不⽀持HTTP2协议。
4. curl 10.0.0.71:8443/ --http2 curl: (1) Unsupported protocol
5. 可以执⾏如下命令,检查系统当前安装的⽀持的特性列表,确认是否包含HTTP2。
6. curl -V curl
7.47.0 (i686-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp
smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
7. 从前述输出信息可以了解到,当前安装的还不⽀持HTTP2。
8. 这时可参考重新编译,加⼊HTTP2的⽀持。
⽅法三
1. 安装Chrome插件,安装完毕后访问启⽤HTTP2的站点,如果地址栏出现蓝⾊的闪电,说明站点已启⽤HTTP2。
Nginx跨域优化
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS';
add_header 'Access-Control-Allow-Headers' 'application/json,X-Requested-With,Content-Type,Accept';
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论