openssl升级:
低于 OpenSSL 1.1.1d,请升级openssl
[root@mm01 ~]# nginx -V
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.1.1d 10 Sep 2019
升级openssl
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
tar -xf openssl-1.1.1d.tar.gz
cd openssl-1.1.1d/
./config --shared zlib
make
echo $?
make install
echo $?
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl/ /usr/include/openssl
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
openssl version -a
确定版本后再进行nginx的安装,将
nginx编译时添加open ssl
编译参数:
--prefix=/opt/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/log/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --http-client-body-temp-path=/var/nginx/client --http-proxy-temp-path=/var/nginx/proxy --with-http_v2_module --with-http_addition_module --http-fastcgi-temp-path=/var/nginx/fcgi --http-uwsgi-temp-path=/var/nginx/uwsgi --with-http_image_filter_module=dynamic --http-scgi-temp-path=/var/nginx/scgi --with-pcre --with-openssl=/usr/local/openssl /usr/local/ssl/
--with-openssl=/usr/local/openssl 这个编译参数可能是 --with-openssl=/usr/local/ssl
老子发现可以直接 yum install -y openssl
--with-openssl=/usr/local/ssl \
重要参数:
--group=nginx --with-http_ssl_module --with-http_v2_module
测试效果图
注意: nghttp工具默认并没有安装,需要使用 yum install -y nghttp 来安装该测试工具.
主动推动的作用
在用户请求数据的时候,主动推送必要的文件,避免来回报文交互,提高使用效率,节省请求时间,加快访问速度 同时主动推送也是支持多路复用
http2 服务器上的配置
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
#server {
sendfile on;
keepalive_timeout 65;
#server {
# listen 80;
# server_name wh02.com;
# #rewrite ^(.*) https://$server_name$1 permanent;
#}
server {
listen 443 ssl http2;
server_name www.wh02.com;
root html;
ssl_certificate /etc/nginx/ssl/2499917_wh02.com.pem;
ssl_certificate_key /etc/nginx/ssl/2499917_wh02.com.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
ssl_protocols SSLv2 TLSv1.2;
#访问 www.wh02.com/a 则推送mirror.txt文件
location / {
http2_push /mirror.txt;
}
#访问 www.wh02.com/a 则推送mi.txt文件
location /a {
http2_push /mi.txt;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
测试访问 https://www.wh02.com :
[root@leilei ~]# nghttp -ns https://www.wh02.com
***** Statistics *****
Request timing:
responseEnd: the time when last byte of response was received
relative to connectEnd
requestStart: the time just before first byte of request was sent
relative to connectEnd. If '*' is shown, this was
pushed by server.
process: responseEnd - requestStart
code: HTTP status code
size: number of bytes received as response body without
inflation.
URI: request URI
see http://www.w3.org/TR/resource-timing/#processing-model
sorted by 'complete'
id responseEnd requestStart process code size request path
13 +9.82ms +159us 9.66ms 200 670 /
2 +9.86ms * +9.75ms 103us 200 4 /mirror.txt
测试访问 https://www.wh02.com/a
[root@leilei ~]# nghttp -ns https://www.wh02.com/a
***** Statistics *****
Request timing:
responseEnd: the time when last byte of response was received
relative to connectEnd
requestStart: the time just before first byte of request was sent
relative to connectEnd. If '*' is shown, this was
pushed by server.
process: responseEnd - requestStart
code: HTTP status code
size: number of bytes received as response body without
inflation.
URI: request URI
see http://www.w3.org/TR/resource-timing/#processing-model
sorted by 'complete'
id responseEnd requestStart process code size request path
13 +7.60ms +218us 7.38ms 301 169 /a
2 +7.64ms * +7.52ms 114us 404 153 /mi.txt
SSH版本:
[root@mm01 ~]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.1e-fips 11 Feb 2013
先升级openssl,确认版本无误,安装nginx 加载openssl,使其支持http2.0
nginx编译参数:
[root@mm01 ~]# nginx -V
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.1.1d 10 Sep 2019
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/log/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --http-client-body-temp-path=/var/nginx/client --http-proxy-temp-path=/var/nginx/proxy --with-http_v2_module --with-http_addition_module --http-fastcgi-temp-path=/var/nginx/fcgi --http-uwsgi-temp-path=/var/nginx/uwsgi --with-http_image_filter_module=dynamic --http-scgi-temp-path=/var/nginx/scgi --with-pcre --with-openssl=/usr/local

最后修改:2020-03-06 22:22:45
© 著作权归作者所有
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付

发表评论