0
0

在Ubuntu 14.04上配置nginx的http2

wendal 发表于 2016年10月08日 12:00 | Hits: 1232

下载源码

cd /tmp

wget https://openresty.org/download/openresty-1.11.2.1.tar.gz
tar xf openresty-1.11.2.1.tar.gz

wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz
tar xf openssl-1.0.2j.tar.gz

wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.39.tar.bz2
tar xf pcre-8.39.tar.bz2

开始编译

cd /tmp/openresty-1.11.2.1
./configure --prefix=/opt/openresty --with-http_v2_module --with-http_stub_status_module --with-http_realip_module --with-http_ssl_module --with-openssl=/tmp/openssl-1.0.2j --with-pcre=/tmp/pcre-8.39

make
make install

nginx.conf片段

            listen 80;            # 80端口也一起监听
            listen 443 ssl http2; # 启用http2
            ssl_certificate /opt/ssl_keys/getssl_server.crt;
            ssl_certificate_key /opt/ssl_keys/getssl_server.key;
            server_name nutz.cn www.nutz.cn;
            ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:10m;
            ssl_dhparam /opt/ssl_keys/dhparam.pem;

关键的是ssl_ciphers和ssl_protocols, 因为需要兼容Chrome/Firefox/IE8/QQ内置浏览器,必须折中

原文链接: http://wendal.net/2016/10/08.html

0     0

我要给这篇文章打分:

可以不填写评论, 而只是打分. 如果发表评论, 你可以给的分值是-5到+5, 否则, 你只能评-1, +1两种分数. 你的评论可能需要审核.

评价列表(0)