http2 module nginx not working

2019-03-01 08:13发布

站内文章 / 前沿技术
19 0 0

问题:

I have some problem with enable http2 protocol in nginx. Site writes on Laravel 5 (but I think this doesn't matter).

First, I upgrade nginx version.

Debian ~ # nginx -V
nginx version: nginx/1.10.1
built with OpenSSL 1.0.1e 11 Feb 2013
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector -- param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -DFORTIFY_SOURCE=2 -fstack-protector -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_secure_link_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-threads --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/headers-more-nginx-module --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-cache-purge --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-dav-ext-module --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-development-kit --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/ngx-fancyindex --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-http-push --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-lua --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-upload-progress --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/ngx_http_substitutions_filter_module --add-module=/tmp/buildd/nginx-1.10.1/debian/modules/passenger/src/nginx_module

Then, I add "http2" to listen ssl.

server {
    server_name tratata.com www.tratata.com;
    listen 123.123.123.123;
    listen 123.123.123.123:443 ssl http2;

    gzip on;
    gzip_min_length  1100;
    gzip_buffers  4 32k;
    gzip_comp_level 5;
    gzip_types    text/plain application/x-javascript text/xml text/css;
    gzip_vary on;

    ssl_certificate /etc/letsencrypt/live/tratata.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tratata.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;

    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    charset UTF-8;

    root /var/www/tratata.com/public;
    index index.php index.html index.htm;

    location / {
         try_files $uri $uri/ /index.php$is_args$args;
    }

    # pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
    location ~ \.php$ {
            try_files $uri /index.php =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }

}

But, when I check protocol in Google Chrome Inspector, in Network tab still written http/1.1, in what side to dig?

回答1:

Google Chrome now insists on using ALPN for HTTP/2 so you need to build Nginx with OpenSSL 1.0.2 or above (which isn't available as a packaged version on most platforms yet so you might have to install manually from source for now).

https://ma.ttias.be/day-google-chrome-disables-http2-nearly-everyone-may-31st-2016/

Check if it works for HTTP/2 in Opera and if so that's your problem.

https://serverfault.com/questions/775298/debian-jessie-nginx-with-openssl-1-0-2-to-use-alpn-rather-than-npn



回答2:

I didn't immediately see any errors in your config, so first, the obvious: did you reload/restart Nginx?

service nginx restart

Then, I would double-check the results you're getting in Chrome by using a website such as https://tools.keycdn.com/http2-test. I would also check the server logs and see what HTTP version Nginx is reporting is being used.

(Insufficient reputation to leave a comment)



标签: nginx server debian http2
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~