Nginx从HTTP升级至HTTP2

命令行操作

wget -c http://nginx.org/download/nginx-1.15.6.tar.gz

tar -zxf nginx-1.15.6.tar.gz && cd nginx-1.15.6
wget -c https://github.com/SpanishOnion/MyLNMP/raw/master/package/Nginx/pcre-8.36.tar.gz && tar -zxf pcre-8.36.tar.gz
wget -c https://github.com/SpanishOnion/MyLNMP/raw/master/package/Nginx/zlib-1.2.8.tar.gz && tar -zxf zlib-1.2.8.tar.gz
./configure --prefix=/usr/share/nginx \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx/nginx.pid  \
--lock-path=/var/lock/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_v2_module \
--with-http_ssl_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_xslt_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_random_index_module \
--with-http_degradation_module \
--with-http_secure_link_module \
--with-http_gzip_static_module \
--with-http_perl_module \
--with-pcre=pcre-8.36 \
--with-zlib=zlib-1.2.8 \
--with-debug \
--with-file-aio \
--with-mail \
--with-mail_ssl_module \
--http-client-body-temp-path=/var/tmp/nginx/client_body \
--http-proxy-temp-path=/var/tmp/nginx/proxy \
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi \
--http-scgi-temp-path=/var/tmp/nginx/scgi \
--with-stream \
--with-ld-opt="-Wl,-E"
make​
cd objs
cp /usr/sbin/nginx /usr/sbin/nginx.bak
service nginx stop
mv nginx /usr/sbin/nginx
nginx -t
make install

nginx start

以上命令很简单, 略懂linux的都应该知道什么意思, 先升级nginx至最新版本

之后使用http2的配置重新编译了一下, 然后重启nginx服务, 不懂的这些命令是啥意思的先去xuo习一波

操作完以上命令后去阿里云申请一个证书, 申请之后将nginx的证书文件下载下来, 有2个文件, 后缀分别是 pem和 key 或者是 crt 和 key

重命名为server.pem和server.key 或者是 server.crt和server.key

然后将这2个文件上传至/nginx/etc/目录下, 与nginx.conf同级  重命名的文件名可以自定义 以及存放的目录也可以自定义

我为了方便管理就取名为server.crt和 server.key了, 那么上传至服务器之后, 就可以配置nginx.conf文件了

nginx.conf配置

 操作完以上命令后, 配置一下nginx.conf, 完整配置如下:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
######
###  Description: The config file of Nginx HTTP2
###  Author:  licong  2018.11.17  https://www.lcgod.com/
######
user  nginx nginx;
worker_processes  1;
 
error_log  /var/log/nginx/error.log;
 
pid        /var/run/nginx/nginx.pid;
 
events {
    use epoll; 
    worker_connections  1024;
}
 
http {
    include       mime.types;
    default_type  application/octet-stream;
    charset UTF-8;     
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';   
 
    access_log  /var/log/nginx/access.log  main;
 
    sendfile        on;
 
    keepalive_timeout  65;
 
    #隐藏Nginx版本信息,禁止网站目录浏览
    server_tokens off;
    autoindex off;
    #当FastCGI后端服务器处理请求给出http响应码为4xx和5xx时,就转发给nginx
    fastcgi_intercept_errors on;
 
    #关于fastcgi的配置
    fastcgi_connect_timeout 300;   
    fastcgi_send_timeout 300;   
    fastcgi_read_timeout 300;   
    fastcgi_buffer_size 64k;   
    fastcgi_buffers 4 64k;   
    fastcgi_busy_buffers_size 128k;   
    fastcgi_temp_file_write_size 128k;
 
    #支持gzip压缩
    gzip on;
    gzip_min_length 1k;
    gzip_buffers 16 64k;
    gzip_http_version 1.1;
    gzip_comp_level 6;
    gzip_types text/plain application/x-javascript text/css application/javascript text/javascript image/jpeg image/gif image/png application/xml application/json;
    gzip_vary on;
    gzip_disable "MSIE [1-6].(?!.*SV1)";
 
    server {
        listen 80;
        server_name www.lcgod.com lcgod.com;
        charset utf-8;
        access_log  /var/log/nginx/access.log main;
        rewrite ^/(.*)$ https://www.lcgod.com/$1 permanent;
    }
 
    server {
        listen               443 ssl http2;
        server_name          www.lcgod.com lcgod.com;
 
        #301重定向
        if ($host = 'lcgod.com') {
            rewrite  ^/(.*)$    https://www.lcgod.com$1 permanent;
        }
     
        # 不产生日志
        access_log off;
        ssl_certificate /etc/nginx/server.crt;
        ssl_certificate_key /etc/nginx/server.key;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/server.crt;
        resolver 8.8.8.8 114.114.114.114 valid=300s;
        resolver_timeout 5s;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!aNULL:!MD5:!RC4:!DHE:!kEDH;
        add_header Strict-Transport-Security "max-age=15768001; preload";
        add_header X-Content-Type-Options nosniff;
 
        #设置网站根目录
        root   /home/www/blog;
        index  index.php index.html;
 
        #设置css/javascript/图片等静态资源的缓存时间
        location ~ .*\.(css|js|ico|png|gif|jpg|json|mp3|mp4|flv|swf)(.*) {
            expires 60d;
        }
 
        # URLRwrite
        location / {
            try_files $uri $uri/ /index.php?$query_string;         
        }
 
        ## 设置Nginx和php通信机制为tcp的socket模式,而不是直接监听9000端口
        location ~ \.php(.*)$ {   
            fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
            fastcgi_index index.php;
            fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;        
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }
}

发布评论
还没有评论,快来抢沙发吧!