==================开启HTTP2的前提是HTTPS======================
注:系统环境为CentOS7
一、查看当前版本
本站当前nginx版本为1.10.2,yum安装,猜测应该不支持HTTP2
nginx -V nginx version: nginx/1.10.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx \ --sbin-path=/usr/sbin/nginx \ --modules-path=/usr/lib64/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --http-client-body-temp-path=/var/lib/nginx/tmp/client_body \ --http-proxy-temp-path=/var/lib/nginx/tmp/proxy \ --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \ --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \ --http-scgi-temp-path=/var/lib/nginx/tmp/scgi \ --pid-path=/run/nginx.pid \ --lock-path=/run/lock/subsys/nginx \ --user=nginx --group=nginx \ --with-file-aio \ --with-ipv6 \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_xslt_module=dynamic \ --with-http_image_filter_module=dynamic \ --with-http_geoip_module=dynamic \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-http_perl_module=dynamic \ --with-mail=dynamic \ --with-mail_ssl_module \ --with-pcre --with-pcre-jit \ --with-stream=dynamic \ --with-stream_ssl_module \ --with-google_perftools_module \ --with-debug \ --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' \ --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
分析一下,可以看出以下信息:
1、版本为1.10.2,修复了nginx的HTTP2的Bug
2、虽然启用了HTTP2模块,但是却以OpenSSL 1.0.1版本编译,而1.0.2+才支持ALPN,Chrome从51版起已经移除了对NPN的支持,所以只能自编译或更换添加其他源,这里选择了自编译
经测试,CentOS 7最新的openssl版本为1.0.2k,不再需要自编译,直接通过yum安装即可。
二、编译
下面是自己的编译参数
./configure --prefix=/usr/share/nginx \ --sbin-path=/usr/sbin/nginx \ --modules-path=/usr/lib64/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --http-client-body-temp-path=/var/lib/nginx/tmp/client_body \ --http-proxy-temp-path=/var/lib/nginx/tmp/proxy \ --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi \ --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi \ --http-scgi-temp-path=/var/lib/nginx/tmp/scgi \ --pid-path=/run/nginx.pid \ --lock-path=/run/lock/subsys/nginx \ --user=www --group=www \ --with-openssl=/usr/src-packages/openssl-1.0.2k \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-pcre \ --with-pcre-jit \ --with-stream \ --with-stream_ssl_module \ --with-cc-opt='-O2 -g -pipe -Werror -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' \ --with-ld-opt='-Wl,-z,relro -Wl,-E'
三、修改nginx配置文件并重启Nginx
listen 443 ssl http2 fastopen=3 reuseport;
四、验证
浏览自己的网站,然后在地址栏输入chrome://net-internals/#http2
HTTP/2 sessions出现自己的网站代表开启了HTTP2
