文章转载至:御风而行-四哥博客 https://blog.kunx.org/it/blog-has-been-upgraded-to-a-http2-agreement.html
教程如下
首先只有使用HTTPS协议的站点可以升级HTTP/2协议
nginx如果想要升级HTTP/2需要满足以下要求:
-
nginx版本要高于1.9.5
-
--with-http_ssl_module 跟 --with-http_v2_module 必带(因为http2.0协议需要使用https协议。yum install nginx安装的nginx是带有全模块)
-
openssl版本要高于1.0.2e
实验步骤
编译安装openssl-1.0.2版本
https://www.openssl.org/source/
[root@iZm5eh59bz4ehbn3at82ygZ ~]
# openssl version -a
OpenSSL 1.0.1e
2、下载openssl-1.0.2h.
tar
.gz
wget https:
//www
.openssl.org
/source/openssl-1
.0.2l.
tar
.gz
3、更新zlib
yum
install
-y zlib zlib-devel
4、解压安装
tar
zxf openssl-1.0.2l.
tar
.gz
cd
openssl-1.0.2l
.
/config
shared zlib
make
make
install
mv
/usr/bin/openssl
/usr/bin/openssl
.bak
mv
/usr/include/openssl
/usr/include/openssl
.bak
ln
-s
/usr/local/ssl/bin/openssl
/usr/bin/openssl
ln
-s
/usr/local/ssl/include/openssl
/usr/include/openssl
echo
"/usr/local/ssl/lib"
>>
/etc/ld
.so.conf
ldconfig -
v
5、查看是否升级成功
[root@iZm5eh59bz4ehbn3at82ygZ ~]
# openssl version -a
OpenSSL 1.0.2l 25 May 2017
|
安装nginx
yum -y install nginx
申请ssl证书
略
配置https虚拟主机
略
设定为http/2.0协议
server {
listen 80;
server_name www.ayiyayo.com;
rewrite ^/(.+) https:
//
$host/$1 permanent;
rewrite ^/$ https:
//
$host/ permanent;
}
server {
listen 443 ssl http2;
server_name www.ayiyayo.com;
root
/var/www/www
.ayiyayo.com;
# Load configuration files for the default server block.
include
/etc/nginx/default
.d/*.conf;
ssl on;
ssl_certificate cert
/1_www
.ayiyayo.com_bundle.crt;
ssl_certificate_key cert
/2_www
.ayiyayo.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
#按照这个套件配置
ssl_prefer_server_ciphers on;
location / {
}
error_page 404
/404
.html;
location =
/40x
.html {
}
error_page 500 502 503 504
/50x
.html;
location =
/50x
.html {
}
}
|
有关HTTP/2.0协议的知识可以查阅以下资料:
http://www.infoq.com/cn/news/2015/02/https-spdy-http2-comparison/
2024
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
