Linux运维之路


nginx升级http2.0 openssl升级 支持http2_push

admin 2019-10-26 49浏览 0条评论
首页/正文
分享到: / / / /

openssl升级:

低于 OpenSSL 1.1.1d,请升级openssl

[root@mm01 ~]# nginx -V
nginx version: nginx/1.16.1 
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
built with OpenSSL 1.1.1d  10 Sep 2019

升级openssl

wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
tar -xf openssl-1.1.1d.tar.gz
cd openssl-1.1.1d/
./config --shared zlib
make 
echo $?
make install
echo $?
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/bin/openssl /usr/bin/openssl
ln -s /usr/local/include/openssl/ /usr/include/openssl
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
openssl version -a

确定版本后再进行nginx的安装,将

nginx编译时添加open ssl

编译参数:

--prefix=/opt/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/log/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --http-client-body-temp-path=/var/nginx/client --http-proxy-temp-path=/var/nginx/proxy --with-http_v2_module --with-http_addition_module --http-fastcgi-temp-path=/var/nginx/fcgi --http-uwsgi-temp-path=/var/nginx/uwsgi --with-http_image_filter_module=dynamic --http-scgi-temp-path=/var/nginx/scgi --with-pcre --with-openssl=/usr/local/openssl  /usr/local/ssl/

--with-openssl=/usr/local/openssl 这个编译参数可能是 --with-openssl=/usr/local/ssl

老子发现可以直接 yum install -y openssl

--with-openssl=/usr/local/ssl \

重要参数:

--group=nginx --with-http_ssl_module  --with-http_v2_module

测试效果图

注意: nghttp工具默认并没有安装,需要使用 yum install -y nghttp 来安装该测试工具.

主动推动的作用

在用户请求数据的时候,主动推送必要的文件,避免来回报文交互,提高使用效率,节省请求时间,加快访问速度 同时主动推送也是支持多路复用

http2 服务器上的配置

worker_processes  1;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

#server {
    sendfile        on;
    keepalive_timeout  65;

#server {
#    listen 80;
#    server_name wh02.com;
#    #rewrite ^(.*) https://$server_name$1 permanent;
#}
    server {
        listen       443 ssl http2;
        server_name  www.wh02.com;
        root html;
        ssl_certificate      /etc/nginx/ssl/2499917_wh02.com.pem;
        ssl_certificate_key  /etc/nginx/ssl/2499917_wh02.com.key;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
        ssl_protocols SSLv2 TLSv1.2;


        #访问 www.wh02.com/a 则推送mirror.txt文件
        location / {
            http2_push /mirror.txt;
        }
        
        #访问 www.wh02.com/a 则推送mi.txt文件
        location /a { 
            http2_push /mi.txt;
        }


        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

测试访问 https://www.wh02.com :

[root@leilei ~]# nghttp -ns https://www.wh02.com
***** Statistics *****

Request timing:
  responseEnd: the  time  when  last  byte of  response  was  received
               relative to connectEnd
 requestStart: the time  just before  first byte  of request  was sent
               relative  to connectEnd.   If  '*' is  shown, this  was
               pushed by server.
      process: responseEnd - requestStart
         code: HTTP status code
         size: number  of  bytes  received as  response  body  without
               inflation.
          URI: request URI

see http://www.w3.org/TR/resource-timing/#processing-model

sorted by 'complete'

id  responseEnd requestStart  process code size request path
 13     +9.82ms       +159us   9.66ms  200  670 /
  2     +9.86ms *    +9.75ms    103us  200    4 /mirror.txt

测试访问 https://www.wh02.com/a

[root@leilei ~]# nghttp -ns https://www.wh02.com/a
***** Statistics *****

Request timing:
  responseEnd: the  time  when  last  byte of  response  was  received
               relative to connectEnd
 requestStart: the time  just before  first byte  of request  was sent
               relative  to connectEnd.   If  '*' is  shown, this  was
               pushed by server.
      process: responseEnd - requestStart
         code: HTTP status code
         size: number  of  bytes  received as  response  body  without
               inflation.
          URI: request URI

see http://www.w3.org/TR/resource-timing/#processing-model

sorted by 'complete'

id  responseEnd requestStart  process code size request path
 13     +7.60ms       +218us   7.38ms  301  169 /a
  2     +7.64ms *    +7.52ms    114us  404  153 /mi.txt

SSH版本:

[root@mm01 ~]# ssh -V
OpenSSH_8.0p1, OpenSSL 1.0.1e-fips 11 Feb 2013

先升级openssl,确认版本无误,安装nginx 加载openssl,使其支持http2.0

nginx编译参数:

[root@mm01 ~]# nginx -V
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
built with OpenSSL 1.1.1d  10 Sep 2019
TLS SNI support enabled
configure arguments: --prefix=/opt/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/log/nginx/nginx.pid --lock-path=/var/lock/nginx.lock --user=nginx --group=nginx --with-http_ssl_module --with-http_sub_module --with-http_stub_status_module --with-http_gzip_static_module --with-stream --with-stream_ssl_module --http-client-body-temp-path=/var/nginx/client --http-proxy-temp-path=/var/nginx/proxy --with-http_v2_module --with-http_addition_module --http-fastcgi-temp-path=/var/nginx/fcgi --http-uwsgi-temp-path=/var/nginx/uwsgi --with-http_image_filter_module=dynamic --http-scgi-temp-path=/var/nginx/scgi --with-pcre --with-openssl=/usr/local
最后修改:2019-10-26 15:09:44 © 著作权归作者所有
如果觉得我的文章对你有用,请随意赞赏
扫一扫支付

上一篇

发表评论

评论列表

还没有人评论哦~赶快抢占沙发吧~