Centos6 Tengine翻开http2传输协议

1.前语

最近在优化网站的拜访速度,为网站翻开http2协议,这个协议有什么利益呢?如下:

  • http2是下一代的传输协议,往后都会广泛用它,是一个趋势。
  • http2有多路复用特性,意思是拜访一个域名下面的资源,多个央求共用一条TCP链路,所以比http1.1要快得多。

2.准备工作

  • 需求从头编译openssl1.0.2以上版别,由于咱们体系的版别都是centos6的,不支撑直接yum更新openssl,如果是centos7,直接yum update openssl -y 即可更新
  • 编译完毕openssl后,需求从头运用openssl的库文件从头编译tengine,咱们运用的Tengine版别是Tengine/2.2.2。

3.操作进程

  • 设备 openssl-1.0.2t
#进入/usr/local/src,一般软件包都放这儿
cd /usr/local/src
#下载设备包
wget https://www.openssl.org/source/openssl-1.0.2t.tar.gz
tar -zxvf openssl-1.0.2t.tar.gz
cd openssl-1.0.2t
./config shared zlib
#默许设备找/usr/local/ssl
make && make install
#先备份之前的老版别
mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old
#树立软联接
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
#把动态库参加体系装备途径
echo "/usr/local/ssl/lib" >> /etc/ld.so.conf
#查看动态库是否收效
ldconfig -p
#查看openssl版别
openssl version
  • 设备Tengine
cd /usr/local/src
wget http://tengine.taobao.org/download/tengine-2.2.2.tar.gz
tar tengine-2.2.2.tar.gz
cd tengine-2.2.2
#这儿需求修改一下tengine的代码,由于咱们是手动编译的openssl,依托库途径和本来体系设备的不太相同,所以需求手动指定
vim auto/lib/openssl/conf
#在大约32行装备本来装备如下:
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"
#修改成如下,保存退出
CORE_INCS="$CORE_INCS $OPENSSL/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/lib/libcrypto.a"
#先设备一些依托(我是晋级,其实不需求设备依托了,如果是初度设备tengine,就需求设备依托)
yum -y install zlib zlib-devel openssl openssl-devel pcre pcre-devel   gcc gcc-c++ autoconf automake jemalloc jemalloc-devel
#开始编译tengine
cd /usr/local/src/tengine-2.2.2  && ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-http_concat_module --with-jemalloc --with-http_v2_module --with-http_secure_link_module --with-openssl=/usr/local/ssl
make
##留神,如果是榜首设备tegninx,只需求只需实施以下指令
make install
#可是我是设备过了,所以需求备份老的tengine
cp -af /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx_bak
cp -af /usr/local/nginx/sbin/dso_tool /usr/local/nginx/sbin/dso_tool_bak
#拷贝编译好的tengine到对应目录
cp /usr/local/src/tengine-2.2.2/objs/nginx /usr/local/nginx/sbin/
cp /usr/local/src/tengine-2.2.2/objs/dso_tool /usr/local/nginx/sbin/
#然后重启tengine,就算编译设备完毕啦
  • tengine http2装备
#装备http2很简单,如下:
server {
#http 不支撑http2的传输协议,所以80端口不变
listen 80
# listen在原https装备文件基础上增加http2
listen 443 ssl http2;
server_name www.oneq.work;
.....
}
#其他附上一份无缺的支撑http2的tengine装备
upstream server_backend {
server ip:80 weight=10;
server ip:80 weight=10;
keepalive 800;
#下面检测端口的装备需求tengine的才有用,不是tengine需求设备额定的插件或许直接注释即可
check interval=5000 rise=3 fall=3 timeout=5000 type=tcp;
}
server {
listen       80;
listen       443 ssl http2;
server_name   xxx.xxx.xxx;
req_status server;
ssl_certificate      /usr/local/nginx/certs/xxx.xxx.xxx.crt;
ssl_certificate_key  /usr/local/nginx/certs/xxx.xxx.xxx.key;
ssl_session_timeout  5m;
ssl_protocols   TLSv1.1 TLSv1.2 TLSv1;
ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers   on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header User-Agent;
proxy_set_header  X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_http_version 1.1;
access_log  logs/access.log  main;
location / {
proxy_pass http://server_backend/;
access_log logs/server_backend.log main;
}
error_page 404 /404.html;
location = /404.html {
root html;
}
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}
}

4.作用展现

Centos6 Tengine翻开http2传输协议

5.总结

1.榜首次设备tengine和晋级进程有所区别,必需求分外留神下

2.http不支撑http2的传输协议,所以80端口仍是运用http1.1的协议,https运用http2的传输协议