Shulou(Shulou.com)06/01 Report--

Editor to share with you how to upgrade nginx to support HTTP2.0. I hope you will get something after reading this article. Let's discuss it together.

I. Preface

Upgrade the server to http2.0.

Then nginx configured it according to the official website.

# ssl is written after port 443. In this way, the links between http and https can be reasonably used by listen 443ssl http2 default_server; server_name chat.chengxinsong.cn; # HSTS. Max-age indicates the cache time of HSTS in the browser, the includeSubdomainscam parameter specifies that the HSTS,preload parameter should be enabled on all subdomains to indicate preloading, and setting the cache to 0 through Strict-Transport-Security: max-age=0 can undo HSTS add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload". Ssl_certificate / usr/local/nginx/cert/2540136_chat.chengxinsong.cn.pem; ssl_certificate_key / usr/local/nginx/cert/2540136_chat.chengxinsong.cn.key; # allocates 20MB's shared memory cache, and different worker processes share TLS session information # ssl_session_cache shared:SSL:20m; # set session cache expiration time 1h ssl_session_timeout 60m # reasonable configuration of TLS protocol # specify the version of TLS protocol, unsafe SSL2 and SSL3 should discard ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # enable ssl_prefer_server_ciphers to tell Nginx to enable server algorithm priority when TLS handshake, and it is up to the server to choose adaptation algorithm instead of client ssl_prefer_server_ciphers on # give priority to the algorithms that support forward encryption, and arrange ssl_ciphers ECDHEMurRSAMAES128, GCMMerSHA256, ECDH, ECDH, etc., in the order of performance priority, to select the algorithms that support forward encryption. # rational use of session recovery # configuration of session tickets to reduce the cost of TLS handshake ssl_session_tickets on

Then check the nginx configuration. Nginx-t

This means that http2.0 is missing ngx_http_v2_module. Nginx lacks the http_ssl_module module, so just compile and install it with the with-http_ssl_module configuration.

Second, check the information to find the reason.

The reason for the above is that nginx has replaced ngx_http_spdy_module with the http_v2_module module since 1.9.5, and officially began to support the http2 protocol.

But my nginx is 1.12.2. It should not be the ngin version.

Note:

1. And the version of the openssl library needs to be compiled above 1.0.2. 1. To enable HTTP/2 protocol support, you need to be in nginx version 1.10 or above and the openssl library version is required to be compiled above 1.0.2.

2.http2.0 only supports websites that open https.

It may be the version of the server's openssl library, which is found to be 1.0.2.

So we still have to upgrade to a higher level.

Third, upgrade OpenSSL

In the http2.0 protocol, when it comes to the support of ALPN (Application Layer Protocol Negotiation, Application layer Protocol negotiation), the built-in OpenSSL libraries in all mainstream Unix server systems are lower than version 1.0.2. By using OpenSSL's command-line tool, you can check whether the current http2 service supports ALPN.

Find an installation directory

1. Download the latest version of the OpenSSL library to compile and install

Wget https://www.openssl.org/source/openssl-1.1.0f.tar.gztar xzf openssl-1.1.0f.tar.gzcd openssl-1.1.0f./config-- prefix=/usr/local/opensslmake & & make install

two。 Replace the old version library

Mv / usr/bin/openssl / usr/bin/openssl.oldmv / usr/include/openssl / usr/include/openssl.oldln-s / usr/local/openssl/bin/openssl / usr/bin/opensslln-s / usr/local/openssl/include/openssl / usr/include/openssl# link to the new library file ln-s / usr/local/openssl/lib/libssl.so / usr/local/lib64/libssl.soln-s / usr/local/openssl/lib/libcrypto.so / usr/local/lib64/libcrypto. So# checks whether the updated openssl dependent library is 1.1.0fstrings / usr/local/lib64/libssl.so | the grep OpenSSL# display result indicates that it has been upgraded to the latest version of the link library OpenSSL 1.1.0f 25 May 2010. configure the search path of the openssl library file echo'/ usr/local/openssl/lib' > > / etc/ld.so.conf# to make the modified search path take effect ldconfig-v# View openssl version The results show that the upgrade was successful openssl versionOpenSSL 1.1.0f 25 May 2017

4. Nginx opens the ssl module

Nginx compiled by default does not contain h3 module, so we need to add parameters to compile. As of this article, the source code of Nginx version 1.9 and above needs to add compilation parameters, and those downloaded from the software source repository will be compiled by default. Nginx no longer supports SPDY.

If the Nginx you compiled does not support it, add:-- with-http_v2_module to. / configure, and-- with-http_ssl_module if there is no SSL support.

1. Find the source code package and check whether http2 is supported in configure.

At this point you need to find the configure in the source folder when you download it. Note: this is not a compiled folder.

In the ". / configure" configuration, "--with" means modules are enabled, that is, modules are not automatically built at compile time. "--without" means modules are disabled at compile time, that is, modules are automatically built at compile time. If you want Nginx to run lightweight, you can remove some unnecessary modules.

Execute. / configure-- help

You know from the figure above that nginx does not build http_ssl_module and http_v2_module automatically at compile time. So you need to recompile nginx.

2. Add parameter compilation

Our new configuration information should be written as follows:

. / configure-prefix=/usr/local/nginx-with-http_v2_module-with-http_ssl_module-with-openssl=/home/soft/openssl-1.1.0f

The / usr/local/nginx path above is the package path we compiled.

Then add:-- with-http_v2_module to. / configure. If there is no SSL support, you also need to add-- with-http_ssl_module, plus the updated openssl to 1.1.0, so you need to add-- with-openssl=/home/soft/openssl-1.1.0f.

Just run the above command and wait for the configuration.

After the configuration is complete, run the command

Make

Do not do make install here, otherwise you will overwrite the installation

3. Backup and replace

(1) then back up the original installed nginx

Cp / usr/local/nginx/sbin/nginx / usr/local/nginx/sbin/nginx_07_22.bak

(2) close nginx and overwrite the newly compiled nginx with the original nginx

Close nginx

. / nginx-s quit

Move the compiled nginx to the original nginx

Cp. / objs/nginx / usr/local/nginx/sbin/

(3) start nginx

. / nginx

Wait for 1 minute to work, and then you can see the effect of http2.0.

5. Check whether the website is http2.0

Right-click name and check protocol so that you can see the http protocol.

Compare http1.1 's website.

After reading this article, I believe you have some understanding of "how to upgrade nginx to support HTTP2.0". If you want to know more about it, you are welcome to follow the industry information channel. Thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.