配置nginx使用http2
一、配置openssl
openssl版本需大于1.0.2版本
yum install -y gcc zlib-devel pcre-devel
wget https://www.openssl.org/source/openssl-1.1.0g.tar.gz
tar zxvf openssl-1.1.0g.tar.gz
cd openssl-1.1.0g
./config --prefix=/usr/local/openssl shared zlib
make && make install
mv /usr/bin/openssl /usr/bin/openssl.old
ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/openssl/include/openssl /usr/include/openssl
ln -s /usr/local/openssl/lib/libssl.so.1.1 /lib/x86_64-linux-gnu
echo /usr/local/openssl/lib >> /etc/ld.so.conf
ln -s /usr/local/openssl/lib/libssl.so /usr/local/lib64/libssl.so
ln -s /usr/local/openssl/lib/libcrypto.so /usr/local/lib64/libcrypto.so
ldconfig -v 使配置生效
openssl version 查看版本
tar xf nginx-1.14.2.tar.gz
cd nginx-1.14.2
vim src/core/nginx.h 去除版本信息,这两行修改成
#define NGINX_VERSION ""
#define NGINX_VER "Tengine/" NGINX_VERSION
./configure --prefix=/usr/local/nginx --with-http_v2_module --with-http_ssl_module
make && make install
cd /usr/local/nginx
二、配置nginx.conf
vim conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip_min_length 1k;
gzip_comp_level 6;
gzip on;
gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml;
server {
listen 80;
server_name abc.com;
rewrite "^/(.*)$" https://abc.com$1; #强制访问到https
}
server {
listen 443 ssl http2 ; #http2必须用https
server_name abc.com;
ssl_certificate /root/ssl/fullchain.crt;
ssl_certificate_key /root/ssl/private.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
location / {
root html;
index index.html index.htm;
}
}
}
原文地址:https://blog.51cto.com/14174084/2467246