怎样编译安装nghttp2

2016年7月28日 | 分类: 【技术】

【依赖】

yum安装OpenSSL:

参考:http://amon.org/openssl

编译安装zlib:

参考:http://amon.org/zlib

yum安装Xz:

yum install xz

参考:http://amon.org/xz

务必yum安装Xz,否则可能导致yum失效。

编译安装icu:

参考:http://amon.org/icu

编译安装libxml2:

参考:http://amon.org/libxml2

编译安装CUnit:

参考:http://amon.org/cunit

编译安装libevent:

参考:http://amon.org/libevent

编译安装spdylay:

编译安装spdylay:

git clone https://github.com/tatsuhiro-t/spdylay.git && cd spdylay
autoreconf -i && automake && autoconf
export ZLIB_CFLAGS="-I/usr/include" ZLIB_LIBS="-L/usr/lib -lz" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/local/include/CUnit" CUNIT_LIBS="-L/usrlocal/lib/cunit -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent"
./configure && make && make install

如果configure时报错:

spdylay_ssl.h:36:25: fatal error: openssl/ssl.h: No such file or directory

只要yum安装openssl-devel即可解决问题,而且不与编译版的openssl冲突:

yum install openssl-devel

如果make时报错:

libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6

参考:http://amon.org/libtool

编译成功后相关文件路径:

/usr/local/include/spdylay/spdylayver.h
/usr/local/lib/libspdylay.so.7.2.0
/usr/local/lib/pkgconfig/libspdylay.pc

更新系统动态连接库配置:

echo /usr/local/lib >> /etc/ld.so.conf && ldconfig

测试:

运行一下SPDY的反向代理程序,看看是否工作良好:

shrpx

输出:

Usage: shrpx [-Dh] [-s|--client|-p] [-b <HOST,PORT>]
             [-f <HOST,PORT>] [-n <CORES>] [-c <NUM>] [-L <LEVEL>]
             [OPTIONS...] [<PRIVATE_KEY> <CERT>]

A reverse proxy for SPDY/HTTPS.

[FATAL] Too few arguments

出现这个提示说明spdylay已经安装正常。

编译安装完成。

编译安装Jansson:

参考:http://amon.org/jansson

编译安装Boost:

参考:http://amon.org/boost

务必编译完成,不能简单复制。

参考:https://www.nghttp2.org/documentation/libnghttp2_asio.html

否则编译 nghttp2 时 make 时 报错:

...
variadic templates only available with -std=c++11 or -std=gnu++11
...

yum安装python-setuptools:

Python2环境:

yum install python-setuptools

Python3环境:

yum install python3-setuptools

如果不安装python-setuptools,在编译nghttp2时会报错:

ImportError “No Module named Setuptools”

参考:http://stackoverflow.com/questions/14426491/python-3-importerror-no-module-named-setuptools

UPDATE (Oct 2014): Distribute has been merged with setuptools 0.7, so just get setuptools for both Python 2.7 and 3.x

编译安装libc-ares:

参考:http://amon.org/libc-ares

早先版本的nghttp2并不需要这个libc-ares库,但最新版本必需这个库。

【安装】

卸载系统已装版本(如有):

rpm -e --nodeps nghttp2
rpm -e --nodeps nghttp2-devel

从源码编译安装:

参考:http://www.th7.cn/system/lin/201609/179956.shtml
参考:http://blog.ttionya.com/article-1806.html

参考:https://www.nghttp2.org/documentation/package_README.html#building-from-git
参考:https://www.nghttp2.org/documentation/libnghttp2_asio.html

源码包方式:

下载:https://github.com/nghttp2/nghttp2/releases/

wget https://github.com/nghttp2/nghttp2/releases/download/v1.34.0/nghttp2-1.34.0.tar.gz && tar -zxf nghttp2-1.34.0.tar.gz && cd nghttp2-1.34.0
export PYTHONPATH=/usr/local/lib64/python2.7/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit"  LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares"
./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib
make
make install

注意:./configure 时,务必 applications 项 为 yes ,才能保证 nghttp2 安装成功。

如果 make 时报错:

error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.

解决办法:问题出现于最新版 nghttp2 v1.35.1,更新日志里有“src: Require C++14 language feature”。折腾C++徒耗生命,尚未解决。
替代办法:尝试较早版本 nghttp2 v1.34.0 成功通过。

GIT方式:

git clone https://github.com/tatsuhiro-t/nghttp2.git && cd nghttp2
autoreconf -i && automake && autoconf
export PYTHONPATH=/usr/local/lib64/python2.7/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit"  LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares"
./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib
make
make install

依然 make 时报错,同上。

创建软链接:

ln -f /usr/local/lib/pkgconfig/libnghttp2.pc /usr/lib/pkgconfig/libnghttp2.pc

更新系统动态连接库配置:

ldconfig

编译安装完成。

相关文件路径:

/usr/local/include/nghttp2/nghttp2.h
/usr/local/lib/libnghttp2.so.14.9.0
/usr/local/lib/pkgconfig/libnghttp2.pc

查看版本:

nghttp --version

输出:

nghttp nghttp2/1.34.0

测试:

nghttp -v https://nghttp2.org

输出:

[  0.098] Connected
The negotiated protocol: h2
[  0.296] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
          (niv=2)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[  0.296] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
...

参考:https://nghttp2.org/documentation/package_README
参考:https://github.com/nghttp2/nghttp2/issues/327
参考:https://icing.github.io/mod_h2/howto
参考:http://stackoverflow.com/questions/37322430/browser-wont-upgrade-to-h2-altough-upgrade-headers-are-sent/37421758

【配置】

编译安装Apache:

参考:http://amon.org/apache

在编译httpd时加入以下参数即可支持 httpd2 :

 --enable-http2 --with-nghttp2=/usr/local/lib

配置Apache:

打开 /usr/local/apache2/conf/httpd.conf ,编辑:

ServerRoot "/usr/local/apache2"

Listen 80

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule expires_module modules/mod_expires.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php7_module        modules/libphp7.so
LoadModule http2_module modules/mod_http2.so

<IfModule unixd_module>
	User apache
	Group apache
</IfModule>

ServerAdmin support@amon.org
ServerName 123.123.123.123
 
<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/usr/local/apache2/htdocs"

<Directory "/usr/local/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn

Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf

<IfModule log_config_module>
	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	<IfModule logio_module>
		LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
	</IfModule>
	CustomLog "logs/access_log" combined
</IfModule>

<IfModule mime_module>
	TypesConfig conf/mime.types
	AddType application/x-compress .Z
	AddType application/x-gzip .gz .tgz
	AddType application/x-httpd-php .php
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl .crl
	AddHandler cgi-script .cgi .pl
</IfModule>

<IfModule mod_deflate.c>
	<IfModule mod_setenvif.c>
		<IfModule mod_headers.c>
			SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
			RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
		</IfModule>
	</IfModule>
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE application/atom+xml
		AddOutputFilterByType DEFLATE application/javascript
		AddOutputFilterByType DEFLATE application/json
		AddOutputFilterByType DEFLATE application/ld+json
		AddOutputFilterByType DEFLATE application/manifest+json
		AddOutputFilterByType DEFLATE application/rdf+xml
		AddOutputFilterByType DEFLATE application/rss+xml
		AddOutputFilterByType DEFLATE application/schema+json
		AddOutputFilterByType DEFLATE application/vnd.geo+json
		AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
		AddOutputFilterByType DEFLATE application/x-font-ttf
		AddOutputFilterByType DEFLATE application/x-javascript
		AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
		AddOutputFilterByType DEFLATE application/xhtml+xml
		AddOutputFilterByType DEFLATE application/xml
		AddOutputFilterByType DEFLATE font/eot
		AddOutputFilterByType DEFLATE font/opentype
		AddOutputFilterByType DEFLATE image/bmp
		AddOutputFilterByType DEFLATE image/svg+xml
		AddOutputFilterByType DEFLATE image/vnd.microsoft.icon
		AddOutputFilterByType DEFLATE image/x-icon
		AddOutputFilterByType DEFLATE text/cache-manifest
		AddOutputFilterByType DEFLATE text/css
		AddOutputFilterByType DEFLATE text/html
		AddOutputFilterByType DEFLATE text/javascript
		AddOutputFilterByType DEFLATE text/plain
		AddOutputFilterByType DEFLATE text/vcard
		AddOutputFilterByType DEFLATE text/vnd.rim.location.xloc
		AddOutputFilterByType DEFLATE text/vtt
		AddOutputFilterByType DEFLATE text/x-component
		AddOutputFilterByType DEFLATE text/x-cross-domain-policy
		AddOutputFilterByType DEFLATE text/xml
	</IfModule>
	<IfModule mod_mime.c>
		AddEncoding gzip svgz
	</IfModule>
</IfModule>

<IfModule proxy_html_module>
	Include conf/extra/proxy-html.conf
</IfModule>

<IfModule ssl_module>
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
	SSLProtocol All -SSLv2 -SSLv3
	SSLPassPhraseDialog  builtin
	SSLSessionCache shmcb:/var/cache/ssl_scache(512000)
	SSLSessionCacheTimeout 300
</IfModule>

ServerTokens ProductOnly
ServerSignature Off

打开 /usr/local/apache2/conf/extra/httpd-ssl.conf ,编辑:

Listen 443

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

<VirtualHost *:443>
	ServerName amon.org:443
	ServerAlias www.amon.org:443
	
	Protocols h2 http/1.1
	
	DocumentRoot /usr/local/apache2/htdocs/

	ErrorLog /usr/local/apache2/htdocs/logs/amon.org_error.log
	CustomLog "/usr/local/apache2/htdocs/logs/amon.org_access.log" \
		  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	ServerAdmin support@amon.org
	
	SSLEngine on
	SSLCertificateFile /etc/letsencrypt/live/amon.org/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/amon.org/privkey.pem
	SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
	
	<Files ~ "(.tpl|.htm)$" >
		Order allow,deny
		Deny from all
	</Files>

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

	<Directory "/usr/local/apache2/cgi-bin">
		SSLOptions +StdEnvVars
	</Directory>

	<Directory /usr/local/apache2/htdocs>
		Options FollowSymLinks
		AllowOverride  ALL
	</Directory>

	BrowserMatch "MSIE [2-5]" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0

</VirtualHost>                                  

打开 /usr/local/apache2/conf/extra/httpd-vhosts.conf ,编辑:

<VirtualHost *:80>
	ServerName 123.123.123.123
	DocumentRoot /usr/local/apache2/htdocs/
	RewriteEngine On
	RewriteRule ^.* /redirect/index.php
</VirtualHost>

<VirtualHost *:80>
	ServerName amon.org
	ServerAlias www.amon.org
	DocumentRoot /usr/local/apache2/htdocs/
	ErrorLog /usr/local/apache2/htdocs/logs/amon.org_error.log
	CustomLog /usr/local/apache2/htdocs/logs/amon.org_access.log combined
	<Directory /usr/local/apache2/htdocs>
		Options Indexes FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
</VirtualHost>

【验证】

HTTP2验证:

在线工具:https://tools.keycdn.com/http2-test

输出:

Yeah! amon.org supports HTTP/2.0

SSL验证:

在线工具:https://www.ssllabs.com/ssltest/analyze?d=amon.org

【参考】

参考:https://http2.github.io/faq/
参考:https://http2.try-and-test.net/
参考:https://httpd.apache.org/docs/2.4/mod/mod_http2
参考:https://nghttp2.org/documentation/package_README#requirements
参考:https://github.com/nghttp2/nghttp2/issues/607
参考:http://www.linuxidc.com/Linux/2015-12/126117.htm
参考:https://imququ.com/post/intro-to-nghttp2
参考:http://www.phpxs.com/post/4463/
参考:http://qiita.com/0xfffffff7/items/3a3c75f46c781d83a70d

参考:https://www.jianshu.com/p/0c4ac947c34b