【依赖】
yum安装OpenSSL:
编译安装zlib:
yum安装Xz:
yum install xz
务必yum安装Xz,否则可能导致yum失效。
编译安装icu:
注意:ICU 只能在 GCC4.8.5下编译成功。因此仅在编译nghttp2时启用GCC8.3.0。重新编译时重新解压开始编译。
编译安装libxml2:
编译安装CUnit:
编译安装libevent:
编译安装spdylay:
注意:spdylay 只能在 GCC4.8.5下编译成功。因此仅在编译nghttp2时启用GCC8.3.0。重新编译时重新git获得源码开始编译。
编译安装spdylay:
git clone https://github.com/tatsuhiro-t/spdylay.git && cd spdylay autoreconf -i && automake && autoconf export ZLIB_CFLAGS="-I/usr/include" ZLIB_LIBS="-L/usr/lib -lz" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/local/include/CUnit" CUNIT_LIBS="-L/usrlocal/lib/cunit -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" ./configure && make && make install
如果configure时报错:
spdylay_ssl.h:36:25: fatal error: openssl/ssl.h: No such file or directory
只要yum安装openssl-devel即可解决问题,而且不与编译版的openssl冲突:
yum install openssl-devel
如果make时报错:
libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6
编译成功后相关文件路径:
/usr/local/include/spdylay/spdylayver.h /usr/local/lib/libspdylay.so.7.2.0 /usr/local/lib/pkgconfig/libspdylay.pc
更新系统动态连接库配置:
echo /usr/local/lib >> /etc/ld.so.conf && ldconfig
测试:
运行一下SPDY的反向代理程序,看看是否工作良好:
shrpx
输出:
Usage: shrpx [-Dh] [-s|--client|-p] [-b <HOST,PORT>]
[-f <HOST,PORT>] [-n <CORES>] [-c <NUM>] [-L <LEVEL>]
[OPTIONS...] [<PRIVATE_KEY> <CERT>]
A reverse proxy for SPDY/HTTPS.
[FATAL] Too few arguments
出现这个提示说明spdylay已经安装正常。
编译安装完成。
编译安装Jansson:
编译安装Boost:
务必编译完成,不能简单复制。
参考:https://www.nghttp2.org/documentation/libnghttp2_asio.html
否则编译 nghttp2 时 make 时 报错:
... variadic templates only available with -std=c++11 or -std=gnu++11 ...
yum安装python-setuptools:
Python2环境:
yum install python-setuptools
Python3环境:
yum install python3-setuptools
如果不安装python-setuptools,在编译nghttp2时会报错:
ImportError “No Module named Setuptools”
参考:http://stackoverflow.com/questions/14426491/python-3-importerror-no-module-named-setuptools
UPDATE (Oct 2014): Distribute has been merged with setuptools 0.7, so just get setuptools for both Python 2.7 and 3.x
编译安装libc-ares:
早先版本的nghttp2并不需要这个libc-ares库,但最新版本必需这个库。
【安装】
卸载系统已装版本(如有):
rpm -e --nodeps nghttp2 rpm -e --nodeps nghttp2-devel
从源码编译安装:
参考:https://www.nghttp2.org/documentation/package_README.html
参考:http://linuxfromscratch.org/blfs/view/cvs/basicnet/nghttp2.html
参考:https://www.nghttp2.org/documentation/libnghttp2_asio.html
参考:http://www.th7.cn/system/lin/201609/179956.shtml
参考:http://blog.ttionya.com/article-1806.html
源码包方式:
下载:https://github.com/nghttp2/nghttp2/releases/
版本:nghttp2-1.43.0
wget https://github.com/nghttp2/nghttp2/releases/download/v1.43.0/nghttp2-1.43.0.tar.gz && tar -zxf nghttp2-1.43.0.tar.gz && cd nghttp2-1.43.0 export PYTHONPATH=/opt/rh/rh-python38/root/usr/lib/python3.8/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares" ./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib make && make install
注意:暂时升级GCC9
参考:https://amon.org/gcc
注意:暂时升级Python3.8
参考:https://amon.org/python
版本:nghttp2-1.34.0
wget https://github.com/nghttp2/nghttp2/releases/download/v1.34.0/nghttp2-1.34.0.tar.gz && tar -zxf nghttp2-1.34.0.tar.gz && cd nghttp2-1.34.0 export PYTHONPATH=/usr/local/lib64/python3.8/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares" ./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib make && make install
注意:./configure 时,务必 applications 项 为 yes ,才能保证 nghttp2 安装成功。
创建软链接:
ln -f /usr/local/lib/pkgconfig/libnghttp2.pc /usr/lib/pkgconfig/libnghttp2.pc
更新系统动态连接库配置:
ldconfig
编译安装完成。
如果 make 时报错:
error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.
问题出现于 nghttp2 v1.35.1 ,更新日志里有“src: Require C++14 language feature”。
解决办法:
1. 升级 GCC ,然后编译,参考:https://amon.org/gcc
2. 尝试编译安装较早版本,最近版本 nghttp2 v1.34.0 成功编译通过。
GIT获得源码方式:
nghttp2 v1.35.1 之后使用 GIT 方式,必须升级 GCC 。
git clone https://github.com/tatsuhiro-t/nghttp2.git && cd nghttp2 autoreconf -i && automake && autoconf export PYTHONPATH=/usr/lib64/python2.7/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares" ./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib && make && make install
注意:./configure 时,务必 applications 项 为 yes ,才能保证 nghttp2 安装成功。
创建软链接:
ln -f /usr/local/lib/pkgconfig/libnghttp2.pc /usr/lib/pkgconfig/libnghttp2.pc
更新系统动态连接库配置:
ldconfig
编译安装完成。
相关文件路径:
/usr/local/include/nghttp2/nghttp2.h /usr/local/lib/libnghttp2.so.14.9.0 /usr/local/lib/pkgconfig/libnghttp2.pc
./configure 时输出:
...
checking whether g++ supports C++14 features with -std=c++14... yes
...
configure: summary of build options:
Package version: 1.39.0-DEV
Library version: 31:1:17
Install prefix: /usr/local
System types:
Build: x86_64-unknown-linux-gnu
Host: x86_64-unknown-linux-gnu
Target: x86_64-unknown-linux-gnu
Compiler:
C compiler: gcc
CFLAGS: -g -O2
LDFLAGS:
C++ compiler: g++ -std=c++14
CXXFLAGS: -g -O2
CXXCPP: g++ -E -std=c++14
C preprocessor: gcc -E
CPPFLAGS:
WARNCFLAGS:
WARNCXXFLAGS:
CXX1XCXXFLAGS:
EXTRACFLAG: -fvisibility=hidden
LIBS:
Library:
Shared: yes
Static: yes
Python:
Python: /usr/bin/python
PYTHON_VERSION: 2.7
pyexecdir: ${exec_prefix}/lib64/python2.7/site-packages
Python-dev: yes
PYTHON_CPPFLAGS:-I/usr/include/python2.7
PYTHON_LDFLAGS: -L/usr/lib64 -lpython2.7
Cython: cython
Test:
CUnit: yes (CFLAGS='-I/usr/include/CUnit' LIBS='-L/usr/lib -lcunit')
Failmalloc: yes
Libs:
OpenSSL: yes (CFLAGS='-I/usr/include/openssl' LIBS='-L/usr/lib -lssl -lcrypto')
Libxml2: yes (CFLAGS='' LIBS='-lxml2 ')
Libev: yes (CFLAGS='' LIBS='-lev')
Libc-ares yes (CFLAGS='-I/usr/local/include' LIBS='-L/usr/local/lib -lcares')
Libevent(SSL): yes (CFLAGS='-I/usr/include' LIBS='-L/usr/lib -levent_openssl -levent')
Jansson: yes (CFLAGS='-I/usr/local/include' LIBS='-L/usr/local/lib -ljansson')
Jemalloc: no (LIBS='')
Zlib: yes (CFLAGS=' ' LIBS='-lz ')
Systemd: no (CFLAGS='' LIBS='')
Boost CPPFLAGS: -pthread -I/usr/include
Boost LDFLAGS: -L/usr/lib
Boost::ASIO: -lboost_system
Boost::System: -lboost_system
Boost::Thread: -lboost_thread
Third-party:
http-parser: yes
MRuby: no (CFLAGS='' LIBS='')
Neverbleed: no
Features:
Applications: yes
HPACK tools: yes
Libnghttp2_asio:yes
Examples: yes
Python bindings:yes
Threading: yes
【验证】
查看版本:
输入:
nghttp --version
输出:
nghttp nghttp2/1.40.0-DEV
测试命令:
输入:
nghttp -v https://nghttp2.org
输出:
[ 0.098] Connected
The negotiated protocol: h2
[ 0.296] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
(niv=2)
[SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
[SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[ 0.296] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
...
参考:https://nghttp2.org/documentation/package_README
参考:https://github.com/nghttp2/nghttp2/issues/327
参考:https://icing.github.io/mod_h2/howto
参考:http://stackoverflow.com/questions/37322430/browser-wont-upgrade-to-h2-altough-upgrade-headers-are-sent/37421758
【排错】
如果 configure时报错:configure: error: Could not link against boost_system
在升级 GCC 之前安装 Boost ,不会出现此问题。
在升级 GCC 之后安装 Boost ,yum 安装 boost-devel 可以解决问题:
yum install boost-devel
参考:https://blog.csdn.net/xocoder/article/details/23571421
参考:http://www.cnblogs.com/heben/p/6062084.html
当make 时报错:error: ‘PyThreadState’ has no member named ‘exc_type’
参考:https://blog.csdn.net/IT_DREAM_ER/article/details/82861736
参考:https://blog.csdn.net/u011573853/article/details/106316453
先安装 cython :
sudo pip install cython
然后删除已编译生成的文件,再重新编译。
当make install时报错:error: bad install directory or PYTHONPATH
error: bad install directory or PYTHONPATH
You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from. The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:
/usr/local/lib64/python3.8/site-packages/
and your PYTHONPATH environment variable currently contains:
'/opt/rh/rh-python38/root/usr/lib/python3.8/site-packages/'
修正:
wget https://github.com/nghttp2/nghttp2/releases/download/v1.43.0/nghttp2-1.43.0.tar.gz && tar -zxf nghttp2-1.43.0.tar.gz && cd nghttp2-1.43.0 export PYTHONPATH=/usr/local/lib64/python3.8/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares" ./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib make && make install
当make install时报错:error: bad install directory or PYTHONPATH
error: bad install directory or PYTHONPATH
You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from. The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:
/usr/local/lib64/python2.7/site-packages/
and your PYTHONPATH environment variable currently contains:
''
修正:
export PYTHONPATH=/usr/local/lib64/python2.7/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares" ./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib && make && make install
然后顺利编译成功。
【配置】
编译安装Apache:
参考:https://http2.co/http2-with-apache/
仅 Apache 2.4.29 之后的版本支持 HTTP/2 。
You should make sure to have an Apache version >=2.4.29 since earlier versions do not support HTTP/2.
如果又想使用 PHP 低版本,又想 HTTP/2,可以尝试使用 Nginx 服务器。
在编译httpd时加入以下参数即可支持 httpd2 :
--enable-http2 --with-nghttp2=/usr/local/lib
配置Apache:
打开 /usr/local/apache2/conf/httpd.conf ,编辑:
ServerRoot "/usr/local/apache2" Listen 80 LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_core_module modules/mod_authn_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule access_compat_module modules/mod_access_compat.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule include_module modules/mod_include.so LoadModule filter_module modules/mod_filter.so LoadModule deflate_module modules/mod_deflate.so LoadModule expires_module modules/mod_expires.so LoadModule mime_module modules/mod_mime.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule headers_module modules/mod_headers.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule ssl_module modules/mod_ssl.so LoadModule unixd_module modules/mod_unixd.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule php7_module modules/libphp7.so LoadModule http2_module modules/mod_http2.so <IfModule unixd_module> User apache Group apache </IfModule> ServerAdmin [email protected] ServerName 123.123.123.123 <Directory /> AllowOverride none Require all denied </Directory> DocumentRoot "/usr/local/apache2/htdocs" <Directory "/usr/local/apache2/htdocs"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.php index.html </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn Include conf/extra/httpd-vhosts.conf Include conf/extra/httpd-ssl.conf <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl AddHandler cgi-script .cgi .pl </IfModule> <IfModule mod_deflate.c> <IfModule mod_setenvif.c> <IfModule mod_headers.c> SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding </IfModule> </IfModule> <IfModule mod_filter.c> AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/ld+json AddOutputFilterByType DEFLATE application/manifest+json AddOutputFilterByType DEFLATE application/rdf+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/schema+json AddOutputFilterByType DEFLATE application/vnd.geo+json AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/x-web-app-manifest+json AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE font/eot AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE image/bmp AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/vnd.microsoft.icon AddOutputFilterByType DEFLATE image/x-icon AddOutputFilterByType DEFLATE text/cache-manifest AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/vcard AddOutputFilterByType DEFLATE text/vnd.rim.location.xloc AddOutputFilterByType DEFLATE text/vtt AddOutputFilterByType DEFLATE text/x-component AddOutputFilterByType DEFLATE text/x-cross-domain-policy AddOutputFilterByType DEFLATE text/xml </IfModule> <IfModule mod_mime.c> AddEncoding gzip svgz </IfModule> </IfModule> <IfModule proxy_html_module> Include conf/extra/proxy-html.conf </IfModule> <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK SSLProtocol All -SSLv2 -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/ssl_scache(512000) SSLSessionCacheTimeout 300 </IfModule> ServerTokens ProductOnly ServerSignature Off
打开 /usr/local/apache2/conf/extra/httpd-ssl.conf ,编辑:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
ServerName amon.org:443
ServerAlias www.amon.org:443
Protocols h2 http/1.1
DocumentRoot /usr/local/apache2/htdocs/
ErrorLog /usr/local/apache2/htdocs/logs/amon.org_error.log
CustomLog "/usr/local/apache2/htdocs/logs/amon.org_access.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerAdmin [email protected]
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/amon.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/amon.org/privkey.pem
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
<Files ~ "(.tpl|.htm)$" >
Order allow,deny
Deny from all
</Files>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory /usr/local/apache2/htdocs>
Options FollowSymLinks
AllowOverride ALL
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
打开 /usr/local/apache2/conf/extra/httpd-vhosts.conf ,编辑:
<VirtualHost *:80> ServerName 123.123.123.123 DocumentRoot /usr/local/apache2/htdocs/ RewriteEngine On RewriteRule ^.* /redirect/index.php </VirtualHost> <VirtualHost *:80> ServerName amon.org ServerAlias www.amon.org DocumentRoot /usr/local/apache2/htdocs/ ErrorLog /usr/local/apache2/htdocs/logs/amon.org_error.log CustomLog /usr/local/apache2/htdocs/logs/amon.org_access.log combined <Directory /usr/local/apache2/htdocs> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> </VirtualHost>
HTTP2验证:
在线工具:https://tools.keycdn.com/http2-test
输出:
Yeah! amon.org supports HTTP/2.0
SSL验证:
在线工具:https://www.ssllabs.com/ssltest/analyze?d=amon.org
【参考】
参考:https://http2.github.io/faq/
参考:https://http2.try-and-test.net/
参考:https://httpd.apache.org/docs/2.4/mod/mod_http2
参考:https://nghttp2.org/documentation/package_README#requirements
参考:https://github.com/nghttp2/nghttp2/issues/607
参考:http://www.linuxidc.com/Linux/2015-12/126117.htm
参考:https://imququ.com/post/intro-to-nghttp2
参考:http://www.phpxs.com/post/4463/
参考:http://qiita.com/0xfffffff7/items/3a3c75f46c781d83a70d