http2模块nginx无法正常工作

时间:2016-07-06 23:29:28

标签: nginx server debian http2

我在nginx中启用http2协议时遇到了一些问题。 网站在Laravel 5上写道(但我认为这并不重要)。

首先,我升级nginx版本。

Debian ~ # nginx -V
nginx version: nginx/1.10.1
built with OpenSSL 1.0.1e 11 Feb 2013
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector -- param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -DFORTIFY_SOURCE=2 -fstack-protector -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_secure_link_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/headers-more-nginx-module --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-cache-purge --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-dav-ext-module --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-development-kit --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/ngx-fancyindex --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-http-push --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-lua --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-upload-progress --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/ngx_http_substitutions_filter_module --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/passenger/src/nginx_module

然后,我添加" http2"听ssl。

server {
    server_name tratata.com www.tratata.com;
    listen 123.123.123.123;
    listen 123.123.123.123:443 ssl http2;

    gzip on;
    gzip_min_length  1100;
    gzip_buffers  4 32k;
    gzip_comp_level 5;
    gzip_types    text/plain application/x-javascript text/xml text/css;
    gzip_vary on;

    ssl_certificate /etc/letsencrypt/live/tratata.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tratata.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;

    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    charset UTF-8;

    root /var/www/tratata.com/public;
    index index.php index.html index.htm;

    location / {
         try_files $uri $uri/ /index.php$is_args$args;
    }

    # pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
    location ~ \.php$ {
            try_files $uri /index.php =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }

}

但是,当我在Google Chrome Inspector中检查协议时,在网络标签中仍然写着http / 1.1,在哪一边挖?

2 个答案:

答案 0 :(得分:4)

Google Chrome现在坚持使用ALPN for HTTP / 2,因此您需要使用OpenSSL 1.0.2或更高版本构建Nginx(在大多数平台上都不能作为打包版本使用,因此您可能需要从源手动安装现在)。

https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/

检查它是否适用于Opera中的HTTP / 2,如果是,那就是你的问题。

https://serverfault.com/questions/775298/debian-jessie-nginx-with-openssl-1-0-2-to-use-alpn-rather-than-npn

答案 1 :(得分:1)

我没有立即在配置中看到任何错误,所以首先,很明显:你重新加载/重新启动Nginx吗?

service nginx restart

然后,我会使用https://tools.keycdn.com/http2-test等网站仔细检查您在Chrome中获得的结果。我还会检查服务器日志,看看正在使用的Nginx报告的HTTP版本。

(声誉不足以发表评论)

相关问题
最新问题