How to upgrade nginx to support HTTP2.0-Nginx-php.cn

Home

Operation and Maintenance

Nginx

How to upgrade nginx to support HTTP2.0

王林

May 24, 2023 pm 10:58 PM

httpnginx

1. Preface

# ssl写在443端口后面。这样http和https的链接都可以用
    listen 443 ssl http2 default_server;
    server_name chat.chengxinsong.cn;
    
  # hsts的合理使用，max-age表明hsts在浏览器中的缓存时间，includesubdomainscam参数指定应该在所有子域上启用hsts，preload参数表示预加载，通过strict-transport-security: max-age=0将缓存设置为0可以撤销hsts
  add_header strict-transport-security "max-age=63072000; includesubdomains; preload";
    
  ssl_certificate   /usr/local/nginx/cert/2540136_chat.chengxinsong.cn.pem;
    ssl_certificate_key /usr/local/nginx/cert/2540136_chat.chengxinsong.cn.key;
    
  # 分配20mb的共享内存缓存，不同工作进程共享tls会话信息
  # ssl_session_cache shared:ssl:20m;
    
  # 设置会话缓存过期时间1h
  ssl_session_timeout 60m;
    
  # tls协议的合理配置
  # 指定tls协议的版本，不安全的ssl2和ssl3要废弃掉
  ssl_protocols tlsv1 tlsv1.1 tlsv1.2;
    
  # 启用ssl_prefer_server_ciphers，用来告诉nginx在tls握手时启用服务器算法优先，由服务器选择适配算法而不是客户端
  ssl_prefer_server_ciphers on;
    
  # 优先选择支持前向加密的算法，且按照性能的优先顺序排列
  ssl_ciphers ecdhe-rsa-aes128-gcm-sha256:ecdhe:ecdh:aes:high:!null:!anull:!md5:!adh:!rc4;
    
  # 会话恢复的合理使用
  # 配置会话票证，减少了tls握手的开销
  ssl_session_tickets on;

Then execute the check nginx configuration. nginx -t

How to upgrade nginx to support HTTP2.0

means that http2.0 lacks ngx_http_v2_module. nginx lacks the http_ssl_module module. Just bring the --with-http_ssl_module configuration when compiling and installing.

2. Search information to find the reason

The reason for the above is that nginx has replaced ngx_http_spdy_module with the http_v2_module module since 1.9.5, and officially started to support the http2 protocol.

But my nginx is 1.12.2. It should not be an ngin version issue

How to upgrade nginx to support HTTP2.0

Notes:

1. And the openssl library version needs to be compiled at or above 1.0.2. 1. To enable http/2 protocol support, you need to compile nginx 1.10 or above and the openssl library version 1.0.2 or above.

2.http2.0 only supports websites with https enabled.

It may be the version of the server's openssl library, which is found to be 1.0.2.

So we still need to upgrade to a higher point.

3. Upgrade openssl

In the http2.0 protocol, it involves support for alpn (application layer protocol negotiation, application layer protocol negotiation). Currently, all mainstream The built-in openssl libraries in unix server systems are all lower than version 1.0.2. By using openssl's command line tool, you can check whether the current http2 service supports alpn.

Find an installation directory

1. Download the latest version of openssl library, compile and install

wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz
tar xzf openssl-1.1.0f.tar.gz
cd openssl-1.1.0f
./config --prefix=/usr/local/openssl
make && make install

2. Replace the old version library

mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
#链接新库文件
ln -s /usr/local/openssl/lib/libssl.so /usr/local/lib64/libssl.so
ln -s /usr/local/openssl/lib/libcrypto.so /usr/local/lib64/libcrypto.so
#检查更新后的openssl依赖库是否是1.1.0f
strings /usr/local/lib64/libssl.so | grep openssl
#显示结果表明已升级到最新版本链接库
openssl 1.1.0f 25 may 2017

#配置openssl库文件的搜索路径
echo &#39;/usr/local/openssl/lib&#39; >> /etc/ld.so.conf
#使修改后的搜索路径生效
ldconfig -v
#查看openssl版本，结果显示升级成功
openssl version
openssl 1.1.0f 25 may 2017

4 , nginx turns on the ssl module

The default compiled nginx does not include the h2 module. We need to add parameters to compile. As of the time of publishing, the source code of nginx 1.9 development version and above needs to add compilation parameters by ourselves. From the software Those downloaded from the source warehouse are compiled by default. nginx no longer supports spdy.

If the nginx you compiled does not support it, then add: --with-http_v2_module in ./configure. If there is no ssl support, you also need to add --with-http_ssl_module

1. Find the source code package and check whether the configure supports http2

At this time, you need to find the configure in the source code folder when downloading. Note: Not the folder after compilation.

How to upgrade nginx to support HTTP2.0

In the "./configure" configuration, "--with" means enabling modules, which means that these modules will not be automatically built when compiling "--without" Indicates that modules are disabled, which means that these modules will be automatically built during compilation. If you want nginx to run lightweight, you can remove some unnecessary modules.

Execute ./configure --help

How to upgrade nginx to support HTTP2.0

From the above figure, we know that nginx will not automatically build http_ssl_module and http_v2_module during compilation. So nginx needs to be recompiled.

2. Add parameters to compile

Our new configuration information should be written like this:

./configure --prefix=/usr/local/nginx --with-http_v2_module --with-http_ssl_module --with-openssl=/home/soft/openssl-1.1.0f

The above /usr/local/nginx path It is the package path after we compiled it.

Then add: --with-http_v2_module in ./configure. If there is no ssl support, you also need to add --with-http_ssl_module, plus the openssl just updated to 1.1.0, so you need to add - -with-openssl=/home/soft/openssl-1.1.0f.

Just run the above command. After the configuration is completed

After the configuration is completed, run the command

make

Do not perform make install here, otherwise it will be an overwrite installation

3. Backup and replacement

(1) Then back up the original installed nginx

cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_07_22.bak

(2) Close nginx, and then install the newly compiled nginx Overwrite the original nginx

Close nginx

./nginx -s quit

Move the compiled nginx to the original nginx

cp ./objs/nginx /usr/local/nginx/sbin/

(3) Start nginx

. /nginx
Wait for 1 minute, and then you can see the effect of http2.0.

5. Check whether the website is http2.0

Right-click the name and check protocol, so that you can see the http protocol.

How to upgrade nginx to support HTTP2.0

The website address of the screenshot above:

Compare the http1.1 website

How to upgrade nginx to support HTTP2.0

The above is the detailed content of How to upgrade nginx to support HTTP2.0. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

Choosing Between NGINX and Apache: The Right Fit for Your NeedsApr 15, 2025 am 12:04 AM

NGINX and Apache have their own advantages and disadvantages and are suitable for different scenarios. 1.NGINX is suitable for high concurrency and low resource consumption scenarios. 2. Apache is suitable for scenarios where complex configurations and rich modules are required. By comparing their core features, performance differences, and best practices, you can help you choose the server software that best suits your needs.

How to start nginxApr 14, 2025 pm 01:06 PM

Question: How to start Nginx? Answer: Install Nginx Startup Nginx Verification Nginx Is Nginx Started Explore other startup options Automatically start Nginx

How to check whether nginx is startedApr 14, 2025 pm 01:03 PM

How to confirm whether Nginx is started: 1. Use the command line: systemctl status nginx (Linux/Unix), netstat -ano | findstr 80 (Windows); 2. Check whether port 80 is open; 3. Check the Nginx startup message in the system log; 4. Use third-party tools, such as Nagios, Zabbix, and Icinga.

How to close nginxApr 14, 2025 pm 01:00 PM

To shut down the Nginx service, follow these steps: Determine the installation type: Red Hat/CentOS (systemctl status nginx) or Debian/Ubuntu (service nginx status) Stop the service: Red Hat/CentOS (systemctl stop nginx) or Debian/Ubuntu (service nginx stop) Disable automatic startup (optional): Red Hat/CentOS (systemctl disabled nginx) or Debian/Ubuntu (syst

How to configure nginx in WindowsApr 14, 2025 pm 12:57 PM

How to configure Nginx in Windows? Install Nginx and create a virtual host configuration. Modify the main configuration file and include the virtual host configuration. Start or reload Nginx. Test the configuration and view the website. Selectively enable SSL and configure SSL certificates. Selectively set the firewall to allow port 80 and 443 traffic.

How to solve nginx403 errorApr 14, 2025 pm 12:54 PM

The server does not have permission to access the requested resource, resulting in a nginx 403 error. Solutions include: Check file permissions. Check the .htaccess configuration. Check nginx configuration. Configure SELinux permissions. Check the firewall rules. Troubleshoot other causes such as browser problems, server failures, or other possible errors.

How to start nginx in LinuxApr 14, 2025 pm 12:51 PM

Steps to start Nginx in Linux: Check whether Nginx is installed. Use systemctl start nginx to start the Nginx service. Use systemctl enable nginx to enable automatic startup of Nginx at system startup. Use systemctl status nginx to verify that the startup is successful. Visit http://localhost in a web browser to view the default welcome page.

How to check whether nginx is started?Apr 14, 2025 pm 12:48 PM

In Linux, use the following command to check whether Nginx is started: systemctl status nginx judges based on the command output: If "Active: active (running)" is displayed, Nginx is started. If "Active: inactive (dead)" is displayed, Nginx is stopped.

See all articles