Nginx从HTTP升级至HTTP2
Linux命令行操作
打开linux, 输入如下命令
wget -c http://nginx.org/download/nginx-1.15.6.tar.gz
tar -zxf nginx-1.15.6.tar.gz && cd nginx-1.15.6
wget -c https://github.com/SpanishOnion/MyLNMP/raw/master/package/Nginx/pcre-8.36.tar.gz && tar -zxf pcre-8.36.tar.gz
wget -c https://github.com/SpanishOnion/MyLNMP/raw/master/package/Nginx/zlib-1.2.8.tar.gz && tar -zxf zlib-1.2.8.tar.gz
./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_random_index_module \
--with-http_degradation_module \
--with-http_secure_link_module \
--with-http_gzip_static_module \
--with-http_perl_module \
--with-pcre=pcre-8.36 \
--with-zlib=zlib-1.2.8 \
--with-debug \
--with-file-aio \
--with-mail \
--with-mail_ssl_module \
--http-client-body-temp-path=/var/tmp/nginx/client_body \
--http-proxy-temp-path=/var/tmp/nginx/proxy \
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-stream \
--with-ld-opt="-Wl,-E"
make
cd objs
cp /usr/sbin/nginx /usr/sbin/nginx.bak
service nginx stop
mv nginx /usr/sbin/nginx
nginx -t
make install
nginx start
以上命令很简单, 略懂 Linux 的都应该知道什么意思, 先升级 nginx 至最新版本
之后使用 http2 的配置重新编译了一下, 然后重启 nginx 服务, 不懂的这些命令是啥意思的先去xuo习一波
操作完以上命令后去阿里云申请一个证书, 申请之后将 nginx 的证书文件下载下来, 有两个文件, 后缀分别是 pem 和 key 或者是 crt 和 key
重命名为server.pem和server.key 或者是 server.crt和server.key
然后将这2个文件上传至/nginx/etc/目录下, 与nginx.conf同级 重命名的文件名可以自定义 以及存放的目录也可以自定义
我为了方便管理就取名为 server.crt 和 server.key 了, 那么上传至服务器之后, 就可以配置 nginx.conf 文件了
nginx.conf配置
操作完以上命令后, 配置一下nginx.conf, 完整配置如下:
######
### Description: The config file of Nginx HTTP2
### Author: licong 2018.11.17 https://www.lcgod.com/
######
user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx/nginx.pid;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
charset UTF-8;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
#隐藏Nginx版本信息,禁止网站目录浏览
server_tokens off;
autoindex off;
#当FastCGI后端服务器处理请求给出http响应码为4xx和5xx时,就转发给nginx
fastcgi_intercept_errors on;
#关于fastcgi的配置
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
#支持gzip压缩
gzip on;
gzip_min_length 1k;
gzip_buffers 16 64k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain application/x-javascript text/css application/javascript text/javascript image/jpeg image/gif image/png application/xml application/json;
gzip_vary on;
gzip_disable "MSIE [1-6].(?!.*SV1)";
server {
listen 80;
server_name www.lcgod.com lcgod.com;
charset utf-8;
access_log /var/log/nginx/access.log main;
rewrite ^/(.*)$ https://www.lcgod.com/$1 permanent;
}
server {
listen 443 ssl http2;
server_name www.lcgod.com lcgod.com;
#301重定向
if ($host = 'lcgod.com') {
rewrite ^/(.*)$ https://www.lcgod.com$1 permanent;
}
# 不产生日志
access_log off;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/server.crt;
resolver 8.8.8.8 114.114.114.114 valid=300s;
resolver_timeout 5s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5:!RC4:!DHE:!kEDH;
add_header Strict-Transport-Security "max-age=15768001; preload";
add_header X-Content-Type-Options nosniff;
#设置网站根目录
root /home/www/blog;
index index.php index.html;
#设置css/javascript/图片等静态资源的缓存时间
location ~ .*\.(css|js|ico|png|gif|jpg|json|mp3|mp4|flv|swf)(.*) {
expires 60d;
}
# URLRwrite
location / {
try_files $uri $uri/ /index.php?$query_string;
}
## 设置Nginx和php通信机制为tcp的socket模式,而不是直接监听9000端口
location ~ \.php(.*)$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
最后, 配置完nginx.conf, 不要忘了重启:
service nginx reload
发布评论
还没有评论,快来抢沙发吧!