header-bg.jpg
Nginx从HTTP升级至HTTP2
发表于 2018-11-21 22:22
|
分类于 Linux
|
评论次数 0
|
阅读次数 417

45101545042979.gif

Linux命令行操作

打开linux, 输入如下命令

wget -c http://nginx.org/download/nginx-1.15.6.tar.gz
tar -zxf nginx-1.15.6.tar.gz && cd nginx-1.15.6
wget -c https://github.com/SpanishOnion/MyLNMP/raw/master/package/Nginx/pcre-8.36.tar.gz && tar -zxf pcre-8.36.tar.gz
wget -c https://github.com/SpanishOnion/MyLNMP/raw/master/package/Nginx/zlib-1.2.8.tar.gz && tar -zxf zlib-1.2.8.tar.gz
./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid  \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_random_index_module \
--with-http_degradation_module \
--with-http_secure_link_module \
--with-http_gzip_static_module \
--with-http_perl_module \
--with-pcre=pcre-8.36 \
--with-zlib=zlib-1.2.8 \
--with-debug \
--with-file-aio \
--with-mail \
--with-mail_ssl_module \
--http-client-body-temp-path=/var/tmp/nginx/client_body \
--http-proxy-temp-path=/var/tmp/nginx/proxy \
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-stream \
--with-ld-opt="-Wl,-E"
make​
cd objs
cp /usr/sbin/nginx /usr/sbin/nginx.bak
service nginx stop
mv nginx /usr/sbin/nginx
nginx -t
make install
nginx start

以上命令很简单, 略懂 Linux 的都应该知道什么意思, 先升级 nginx 至最新版本

之后使用 http2 的配置重新编译了一下, 然后重启 nginx 服务, 不懂的这些命令是啥意思的先去xuo习一波

操作完以上命令后去阿里云申请一个证书, 申请之后将 nginx 的证书文件下载下来, 有两个文件, 后缀分别是 pem 和 key 或者是 crt 和 key

重命名为server.pemserver.key 或者是 server.crtserver.key

然后将这2个文件上传至/nginx/etc/目录下, 与nginx.conf同级 重命名的文件名可以自定义 以及存放的目录也可以自定义

我为了方便管理就取名为 server.crtserver.key 了, 那么上传至服务器之后, 就可以配置 nginx.conf 文件了

nginx.conf配置

操作完以上命令后, 配置一下nginx.conf, 完整配置如下:

###### 
###  Description: The config file of Nginx HTTP2 
###  Author:  licong  2018.11.17  https://www.lcgod.com/ 
###### 
user  nginx nginx; 
worker_processes  1; 
 
error_log  /var/log/nginx/error.log; 
 
pid        /var/run/nginx/nginx.pid; 
 
events { 
    use epoll;   
    worker_connections  1024; 
} 
 
http { 
    include       mime.types; 
    default_type  application/octet-stream; 
    charset UTF-8;       
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ' 
                      '$status $body_bytes_sent "$http_referer" ' 
                      '"$http_user_agent" "$http_x_forwarded_for"';     
 
    access_log  /var/log/nginx/access.log  main; 
 
    sendfile        on; 
 
    keepalive_timeout  65; 
 
    #隐藏Nginx版本信息,禁止网站目录浏览 
    server_tokens off; 
    autoindex off; 
    #当FastCGI后端服务器处理请求给出http响应码为4xx和5xx时,就转发给nginx 
    fastcgi_intercept_errors on; 
 
    #关于fastcgi的配置 
    fastcgi_connect_timeout 300;     
    fastcgi_send_timeout 300;     
    fastcgi_read_timeout 300;     
    fastcgi_buffer_size 64k;     
    fastcgi_buffers 4 64k;     
    fastcgi_busy_buffers_size 128k;     
    fastcgi_temp_file_write_size 128k; 
 
    #支持gzip压缩 
    gzip on; 
    gzip_min_length 1k; 
    gzip_buffers 16 64k; 
    gzip_http_version 1.1; 
    gzip_comp_level 6; 
    gzip_types text/plain application/x-javascript text/css application/javascript text/javascript image/jpeg image/gif image/png application/xml application/json; 
    gzip_vary on; 
    gzip_disable "MSIE [1-6].(?!.*SV1)"; 
 
    server { 
        listen 80; 
        server_name www.lcgod.com lcgod.com; 
        charset utf-8; 
        access_log  /var/log/nginx/access.log main; 
        rewrite ^/(.*)$ https://www.lcgod.com/$1 permanent; 
    } 
 
    server { 
        listen               443 ssl http2; 
        server_name          www.lcgod.com lcgod.com; 
 
        #301重定向 
        if ($host = 'lcgod.com') { 
            rewrite  ^/(.*)$    https://www.lcgod.com$1 permanent; 
        } 
     
        # 不产生日志 
        access_log off; 
        ssl_certificate /etc/nginx/server.crt; 
        ssl_certificate_key /etc/nginx/server.key; 
        ssl_stapling on; 
        ssl_stapling_verify on; 
        ssl_trusted_certificate /etc/nginx/server.crt; 
        resolver 8.8.8.8 114.114.114.114 valid=300s; 
        resolver_timeout 5s; 
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
        ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5:!RC4:!DHE:!kEDH; 
        add_header Strict-Transport-Security "max-age=15768001; preload"; 
        add_header X-Content-Type-Options nosniff; 
 
        #设置网站根目录 
        root   /home/www/blog; 
        index  index.php index.html; 
 
        #设置css/javascript/图片等静态资源的缓存时间 
        location ~ .*\.(css|js|ico|png|gif|jpg|json|mp3|mp4|flv|swf)(.*) { 
            expires 60d; 
        } 
 
        # URLRwrite 
        location / { 
            try_files $uri $uri/ /index.php?$query_string;           
        } 
 
        ## 设置Nginx和php通信机制为tcp的socket模式,而不是直接监听9000端口 
        location ~ \.php(.*)$ {     
            fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; 
            fastcgi_index index.php; 
            fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;          
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
            include fastcgi_params; 
        } 
    } 
}

最后, 配置完nginx.conf, 不要忘了重启:

service nginx reload

发布评论
还没有评论,快来抢沙发吧!