配置nginx使用http2
一、配置openssl openssl版本需大于1.0.2版本 yum install -y gcc zlib-devel pcre-devel wget https://www.openssl.org/source/openssl-1.1.0g.tar.gz tar zxvf openssl-1.1.0g.tar.gz cd openssl-1.1.0g ./config --prefix=/usr/local/openssl shared zlib make && make install mv /usr/bin/openssl /usr/bin/openssl.old ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl ln -s /usr/local/openssl/include/openssl /usr/include/openssl ln -s /usr/local/openssl/lib/libssl.so.1.1 /lib/x86_64-linux-gnu echo /usr/local/openssl/lib >> /etc/ld.so.conf ln -s /usr/local/openssl/lib/libssl.so /usr/local/lib64/libssl.so ln -s /usr/local/openssl/lib/libcrypto.so /usr/local/lib64/libcrypto.so ldconfig -v 使配置生效 openssl version 查看版本
tar xf nginx-1.14.2.tar.gz cd nginx-1.14.2 vim src/core/nginx.h 去除版本信息,这两行修改成 #define NGINX_VERSION "" #define NGINX_VER "Tengine/" NGINX_VERSION
./configure --prefix=/usr/local/nginx --with-http_v2_module --with-http_ssl_module make && make install cd /usr/local/nginx
二、配置nginx.conf vim conf/nginx.conf http { include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; keepalive_timeout 65; gzip_min_length 1k; gzip_comp_level 6; gzip on; gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/png application/vnd.ms-fontobject font/ttf font/opentype font/x-woff image/svg+xml; server { listen 80; server_name abc.com; rewrite "^/(.*)$" https://abc.com$1; #强制访问到https } server { listen 443 ssl http2 ; #http2必须用https server_name abc.com; ssl_certificate /root/ssl/fullchain.crt; ssl_certificate_key /root/ssl/private.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; location / { root html; index index.html index.htm; } } }
