怎样编译安装nghttp2

2016年7月28日 | 分类: 【技术】

【依赖】

yum安装OpenSSL:

参考:https://amon.org/openssl

编译安装zlib:

参考:https://amon.org/zlib

yum安装Xz:

yum install xz

参考:https://amon.org/xz

务必yum安装Xz,否则可能导致yum失效。

编译安装icu:

参考:https://amon.org/icu

注意:ICU 只能在 GCC4.8.5下编译成功。因此仅在编译nghttp2时启用GCC8.3.0。重新编译时重新解压开始编译。

编译安装libxml2:

参考:https://amon.org/libxml2

编译安装CUnit:

参考:https://amon.org/cunit

编译安装libevent:

参考:https://amon.org/libevent

编译安装spdylay:

注意:spdylay 只能在 GCC4.8.5下编译成功。因此仅在编译nghttp2时启用GCC8.3.0。重新编译时重新git获得源码开始编译。

编译安装spdylay:

git clone https://github.com/tatsuhiro-t/spdylay.git && cd spdylay
autoreconf -i && automake && autoconf
export ZLIB_CFLAGS="-I/usr/include" ZLIB_LIBS="-L/usr/lib -lz" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/local/include/CUnit" CUNIT_LIBS="-L/usrlocal/lib/cunit -lcunit" LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent"
./configure && make && make install

如果configure时报错:

spdylay_ssl.h:36:25: fatal error: openssl/ssl.h: No such file or directory

只要yum安装openssl-devel即可解决问题,而且不与编译版的openssl冲突:

yum install openssl-devel

如果make时报错:

libtool: You should recreate aclocal.m4 with macros from libtool 2.4.6

参考:https://amon.org/libtool

编译成功后相关文件路径:

/usr/local/include/spdylay/spdylayver.h
/usr/local/lib/libspdylay.so.7.2.0
/usr/local/lib/pkgconfig/libspdylay.pc

更新系统动态连接库配置:

echo /usr/local/lib >> /etc/ld.so.conf && ldconfig

测试:

运行一下SPDY的反向代理程序,看看是否工作良好:

shrpx

输出:

Usage: shrpx [-Dh] [-s|--client|-p] [-b <HOST,PORT>]
             [-f <HOST,PORT>] [-n <CORES>] [-c <NUM>] [-L <LEVEL>]
             [OPTIONS...] [<PRIVATE_KEY> <CERT>]

A reverse proxy for SPDY/HTTPS.

[FATAL] Too few arguments

出现这个提示说明spdylay已经安装正常。

编译安装完成。

编译安装Jansson:

参考:https://amon.org/jansson

编译安装Boost:

参考:https://amon.org/boost

务必编译完成,不能简单复制。

参考:https://www.nghttp2.org/documentation/libnghttp2_asio.html

否则编译 nghttp2 时 make 时 报错:

...
variadic templates only available with -std=c++11 or -std=gnu++11
...

yum安装python-setuptools:

Python2环境:

yum install python-setuptools

Python3环境:

yum install python3-setuptools

如果不安装python-setuptools,在编译nghttp2时会报错:

ImportError “No Module named Setuptools”

参考:http://stackoverflow.com/questions/14426491/python-3-importerror-no-module-named-setuptools

UPDATE (Oct 2014): Distribute has been merged with setuptools 0.7, so just get setuptools for both Python 2.7 and 3.x

编译安装libc-ares:

参考:https://amon.org/libc-ares

早先版本的nghttp2并不需要这个libc-ares库,但最新版本必需这个库。

【安装】

卸载系统已装版本(如有):

rpm -e --nodeps nghttp2
rpm -e --nodeps nghttp2-devel

从源码编译安装:

参考:https://www.nghttp2.org/documentation/package_README.html
参考:http://linuxfromscratch.org/blfs/view/cvs/basicnet/nghttp2.html
参考:https://www.nghttp2.org/documentation/libnghttp2_asio.html

参考:http://www.th7.cn/system/lin/201609/179956.shtml
参考:http://blog.ttionya.com/article-1806.html

源码包方式:

下载:https://github.com/nghttp2/nghttp2/releases/

版本:nghttp2-1.43.0

wget https://github.com/nghttp2/nghttp2/releases/download/v1.43.0/nghttp2-1.43.0.tar.gz && tar -zxf nghttp2-1.43.0.tar.gz && cd nghttp2-1.43.0
export PYTHONPATH=/opt/rh/rh-python38/root/usr/lib/python3.8/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit"  LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares"
./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib
make && make install

注意:暂时升级GCC9
参考:https://amon.org/gcc

注意:暂时升级Python3.8
参考:https://amon.org/python

版本:nghttp2-1.34.0

wget https://github.com/nghttp2/nghttp2/releases/download/v1.34.0/nghttp2-1.34.0.tar.gz && tar -zxf nghttp2-1.34.0.tar.gz && cd nghttp2-1.34.0
export PYTHONPATH=/usr/local/lib64/python3.8/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit"  LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares"
./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib
make && make install

注意:./configure 时,务必 applications 项 为 yes ,才能保证 nghttp2 安装成功。

创建软链接:

ln -f /usr/local/lib/pkgconfig/libnghttp2.pc /usr/lib/pkgconfig/libnghttp2.pc

更新系统动态连接库配置:

ldconfig

编译安装完成。

如果 make 时报错:

error: #error This file requires compiler and library support for the ISO C++ 2011 standard. This support is currently experimental, and must be enabled with the -std=c++11 or -std=gnu++11 compiler options.

问题出现于 nghttp2 v1.35.1 ,更新日志里有“src: Require C++14 language feature”。

解决办法:
1. 升级 GCC ,然后编译,参考:https://amon.org/gcc
2. 尝试编译安装较早版本,最近版本 nghttp2 v1.34.0 成功编译通过。

GIT获得源码方式:

nghttp2 v1.35.1 之后使用 GIT 方式,必须升级 GCC 。

git clone https://github.com/tatsuhiro-t/nghttp2.git && cd nghttp2
autoreconf -i && automake && autoconf
export PYTHONPATH=/usr/lib64/python2.7/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit"  LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares"
./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib && make && make install

注意:./configure 时,务必 applications 项 为 yes ,才能保证 nghttp2 安装成功。

创建软链接:

ln -f /usr/local/lib/pkgconfig/libnghttp2.pc /usr/lib/pkgconfig/libnghttp2.pc

更新系统动态连接库配置:

ldconfig

编译安装完成。

相关文件路径:

/usr/local/include/nghttp2/nghttp2.h
/usr/local/lib/libnghttp2.so.14.9.0
/usr/local/lib/pkgconfig/libnghttp2.pc

./configure 时输出:

...
checking whether g++ supports C++14 features with -std=c++14... yes
...
configure: summary of build options:

    Package version: 1.39.0-DEV
    Library version: 31:1:17
    Install prefix:  /usr/local
    System types:
      Build:         x86_64-unknown-linux-gnu
      Host:          x86_64-unknown-linux-gnu
      Target:        x86_64-unknown-linux-gnu
    Compiler:
      C compiler:     gcc
      CFLAGS:         -g -O2
      LDFLAGS:
      C++ compiler:   g++ -std=c++14
      CXXFLAGS:       -g -O2
      CXXCPP:         g++ -E -std=c++14
      C preprocessor: gcc -E
      CPPFLAGS:
      WARNCFLAGS:
      WARNCXXFLAGS:
      CXX1XCXXFLAGS:
      EXTRACFLAG:     -fvisibility=hidden
      LIBS:
    Library:
      Shared:         yes
      Static:         yes
    Python:
      Python:         /usr/bin/python
      PYTHON_VERSION: 2.7
      pyexecdir:      ${exec_prefix}/lib64/python2.7/site-packages
      Python-dev:     yes
      PYTHON_CPPFLAGS:-I/usr/include/python2.7
      PYTHON_LDFLAGS: -L/usr/lib64 -lpython2.7
      Cython:         cython
    Test:
      CUnit:          yes (CFLAGS='-I/usr/include/CUnit' LIBS='-L/usr/lib -lcunit')
      Failmalloc:     yes
    Libs:
      OpenSSL:        yes (CFLAGS='-I/usr/include/openssl' LIBS='-L/usr/lib -lssl -lcrypto')
      Libxml2:        yes (CFLAGS='' LIBS='-lxml2  ')
      Libev:          yes (CFLAGS='' LIBS='-lev')
      Libc-ares       yes (CFLAGS='-I/usr/local/include' LIBS='-L/usr/local/lib -lcares')
      Libevent(SSL):  yes (CFLAGS='-I/usr/include' LIBS='-L/usr/lib -levent_openssl -levent')
      Jansson:        yes (CFLAGS='-I/usr/local/include' LIBS='-L/usr/local/lib -ljansson')
      Jemalloc:       no (LIBS='')
      Zlib:           yes (CFLAGS=' ' LIBS='-lz  ')
      Systemd:        no (CFLAGS='' LIBS='')
      Boost CPPFLAGS: -pthread -I/usr/include
      Boost LDFLAGS:  -L/usr/lib
      Boost::ASIO:    -lboost_system
      Boost::System:  -lboost_system
      Boost::Thread:  -lboost_thread
    Third-party:
      http-parser:    yes
      MRuby:          no (CFLAGS='' LIBS='')
      Neverbleed:     no
    Features:
      Applications:   yes
      HPACK tools:    yes
      Libnghttp2_asio:yes
      Examples:       yes
      Python bindings:yes
      Threading:      yes

【验证】

查看版本:

输入:

nghttp --version

输出:

nghttp nghttp2/1.40.0-DEV

测试命令:

输入:

nghttp -v https://nghttp2.org

输出:

[  0.098] Connected
The negotiated protocol: h2
[  0.296] recv SETTINGS frame <length=12, flags=0x00, stream_id=0>
          (niv=2)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[  0.296] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
...

参考:https://nghttp2.org/documentation/package_README
参考:https://github.com/nghttp2/nghttp2/issues/327
参考:https://icing.github.io/mod_h2/howto
参考:http://stackoverflow.com/questions/37322430/browser-wont-upgrade-to-h2-altough-upgrade-headers-are-sent/37421758

【排错】

如果 configure时报错:configure: error: Could not link against boost_system

在升级 GCC 之前安装 Boost ,不会出现此问题。

在升级 GCC 之后安装 Boost ,yum 安装 boost-devel 可以解决问题:

yum install boost-devel

参考:https://blog.csdn.net/xocoder/article/details/23571421
参考:http://www.cnblogs.com/heben/p/6062084.html

当make 时报错:error: ‘PyThreadState’ has no member named ‘exc_type’

参考:https://blog.csdn.net/IT_DREAM_ER/article/details/82861736
参考:https://blog.csdn.net/u011573853/article/details/106316453

先安装 cython :

sudo pip install cython

然后删除已编译生成的文件,再重新编译。

当make install时报错:error: bad install directory or PYTHONPATH

error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /usr/local/lib64/python3.8/site-packages/

and your PYTHONPATH environment variable currently contains:

    '/opt/rh/rh-python38/root/usr/lib/python3.8/site-packages/'

修正:

wget https://github.com/nghttp2/nghttp2/releases/download/v1.43.0/nghttp2-1.43.0.tar.gz && tar -zxf nghttp2-1.43.0.tar.gz && cd nghttp2-1.43.0
export PYTHONPATH=/usr/local/lib64/python3.8/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit"  LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares"
./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib
make && make install

当make install时报错:error: bad install directory or PYTHONPATH

error: bad install directory or PYTHONPATH

You are attempting to install a package to a directory that is not
on PYTHONPATH and which Python does not read ".pth" files from.  The
installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /usr/local/lib64/python2.7/site-packages/

and your PYTHONPATH environment variable currently contains:

    ''

修正:

export PYTHONPATH=/usr/local/lib64/python2.7/site-packages/ LIBSPDYLAY_CFLAGS="-I/usr/local/include/spdylay" LIBSPDYLAY_LIBS="-L/usr/local/lib -lspdylay" JANSSON_CFLAGS="-I/usr/local/include" JANSSON_LIBS="-L/usr/local/lib -ljansson" OPENSSL_CFLAGS="-I/usr/include/openssl" OPENSSL_LIBS="-L/usr/lib -lssl -lcrypto" CUNIT_CFLAGS="-I/usr/include/CUnit" CUNIT_LIBS="-L/usr/lib -lcunit"  LIBEVENT_OPENSSL_CFLAGS="-I/usr/include" LIBEVENT_OPENSSL_LIBS="-L/usr/lib -levent_openssl -levent" LIBCARES_CFLAGS="-I/usr/local/include" LIBCARES_LIBS="-L/usr/local/lib -lcares"
./configure --with-boost-asio --enable-asio-lib --with-boost-libdir=/usr/lib && make && make install

然后顺利编译成功。

【配置】

编译安装Apache:

参考:https://http2.co/http2-with-apache/

仅 Apache 2.4.29 之后的版本支持 HTTP/2 。
You should make sure to have an Apache version >=2.4.29 since earlier versions do not support HTTP/2.

如果又想使用 PHP 低版本,又想 HTTP/2,可以尝试使用 Nginx 服务器。

参考:https://amon.org/apache

在编译httpd时加入以下参数即可支持 httpd2 :

 --enable-http2 --with-nghttp2=/usr/local/lib

配置Apache:

打开 /usr/local/apache2/conf/httpd.conf ,编辑:

ServerRoot "/usr/local/apache2"

Listen 80

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule expires_module modules/mod_expires.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php7_module        modules/libphp7.so
LoadModule http2_module modules/mod_http2.so

<IfModule unixd_module>
	User apache
	Group apache
</IfModule>

ServerAdmin [email protected]
ServerName 123.123.123.123
 
<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/usr/local/apache2/htdocs"

<Directory "/usr/local/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn

Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf

<IfModule log_config_module>
	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
	LogFormat "%h %l %u %t \"%r\" %>s %b" common
	<IfModule logio_module>
		LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
	</IfModule>
	CustomLog "logs/access_log" combined
</IfModule>

<IfModule mime_module>
	TypesConfig conf/mime.types
	AddType application/x-compress .Z
	AddType application/x-gzip .gz .tgz
	AddType application/x-httpd-php .php
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl .crl
	AddHandler cgi-script .cgi .pl
</IfModule>

<IfModule mod_deflate.c>
	<IfModule mod_setenvif.c>
		<IfModule mod_headers.c>
			SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
			RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
		</IfModule>
	</IfModule>
	<IfModule mod_filter.c>
		AddOutputFilterByType DEFLATE application/atom+xml
		AddOutputFilterByType DEFLATE application/javascript
		AddOutputFilterByType DEFLATE application/json
		AddOutputFilterByType DEFLATE application/ld+json
		AddOutputFilterByType DEFLATE application/manifest+json
		AddOutputFilterByType DEFLATE application/rdf+xml
		AddOutputFilterByType DEFLATE application/rss+xml
		AddOutputFilterByType DEFLATE application/schema+json
		AddOutputFilterByType DEFLATE application/vnd.geo+json
		AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
		AddOutputFilterByType DEFLATE application/x-font-ttf
		AddOutputFilterByType DEFLATE application/x-javascript
		AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
		AddOutputFilterByType DEFLATE application/xhtml+xml
		AddOutputFilterByType DEFLATE application/xml
		AddOutputFilterByType DEFLATE font/eot
		AddOutputFilterByType DEFLATE font/opentype
		AddOutputFilterByType DEFLATE image/bmp
		AddOutputFilterByType DEFLATE image/svg+xml
		AddOutputFilterByType DEFLATE image/vnd.microsoft.icon
		AddOutputFilterByType DEFLATE image/x-icon
		AddOutputFilterByType DEFLATE text/cache-manifest
		AddOutputFilterByType DEFLATE text/css
		AddOutputFilterByType DEFLATE text/html
		AddOutputFilterByType DEFLATE text/javascript
		AddOutputFilterByType DEFLATE text/plain
		AddOutputFilterByType DEFLATE text/vcard
		AddOutputFilterByType DEFLATE text/vnd.rim.location.xloc
		AddOutputFilterByType DEFLATE text/vtt
		AddOutputFilterByType DEFLATE text/x-component
		AddOutputFilterByType DEFLATE text/x-cross-domain-policy
		AddOutputFilterByType DEFLATE text/xml
	</IfModule>
	<IfModule mod_mime.c>
		AddEncoding gzip svgz
	</IfModule>
</IfModule>

<IfModule proxy_html_module>
	Include conf/extra/proxy-html.conf
</IfModule>

<IfModule ssl_module>
	SSLRandomSeed startup builtin
	SSLRandomSeed connect builtin
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
	SSLProtocol All -SSLv2 -SSLv3
	SSLPassPhraseDialog  builtin
	SSLSessionCache shmcb:/var/cache/ssl_scache(512000)
	SSLSessionCacheTimeout 300
</IfModule>

ServerTokens ProductOnly
ServerSignature Off

打开 /usr/local/apache2/conf/extra/httpd-ssl.conf ,编辑:

Listen 443

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on 
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

<VirtualHost *:443>
	ServerName amon.org:443
	ServerAlias www.amon.org:443
	
	Protocols h2 http/1.1
	
	DocumentRoot /usr/local/apache2/htdocs/

	ErrorLog /usr/local/apache2/htdocs/logs/amon.org_error.log
	CustomLog "/usr/local/apache2/htdocs/logs/amon.org_access.log" \
		  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	ServerAdmin [email protected]
	
	SSLEngine on
	SSLCertificateFile /etc/letsencrypt/live/amon.org/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/amon.org/privkey.pem
	SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
	
	<Files ~ "(.tpl|.htm)$" >
		Order allow,deny
		Deny from all
	</Files>

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

	<Directory "/usr/local/apache2/cgi-bin">
		SSLOptions +StdEnvVars
	</Directory>

	<Directory /usr/local/apache2/htdocs>
		Options FollowSymLinks
		AllowOverride  ALL
	</Directory>

	BrowserMatch "MSIE [2-5]" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0

</VirtualHost>                                  

打开 /usr/local/apache2/conf/extra/httpd-vhosts.conf ,编辑:

<VirtualHost *:80>
	ServerName 123.123.123.123
	DocumentRoot /usr/local/apache2/htdocs/
	RewriteEngine On
	RewriteRule ^.* /redirect/index.php
</VirtualHost>

<VirtualHost *:80>
	ServerName amon.org
	ServerAlias www.amon.org
	DocumentRoot /usr/local/apache2/htdocs/
	ErrorLog /usr/local/apache2/htdocs/logs/amon.org_error.log
	CustomLog /usr/local/apache2/htdocs/logs/amon.org_access.log combined
	<Directory /usr/local/apache2/htdocs>
		Options Indexes FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>
</VirtualHost>

HTTP2验证:

在线工具:https://tools.keycdn.com/http2-test

输出:

Yeah! amon.org supports HTTP/2.0

SSL验证:

在线工具:https://www.ssllabs.com/ssltest/analyze?d=amon.org

【参考】

参考:https://http2.github.io/faq/
参考:https://http2.try-and-test.net/
参考:https://httpd.apache.org/docs/2.4/mod/mod_http2
参考:https://nghttp2.org/documentation/package_README#requirements
参考:https://github.com/nghttp2/nghttp2/issues/607
参考:http://www.linuxidc.com/Linux/2015-12/126117.htm
参考:https://imququ.com/post/intro-to-nghttp2
参考:http://www.phpxs.com/post/4463/
参考:http://qiita.com/0xfffffff7/items/3a3c75f46c781d83a70d

参考:https://www.jianshu.com/p/0c4ac947c34b