Of Stack

Upgrade nginx to support the http2 method

  • 2020-05-14 06:02:26
  • OfStack

This article introduces the way to upgrade nginx to support http2. The details are as follows:

1 key upgrade script

https://github.com/whisshe/upHttp2.git

The advantage of HTTP / 2

Compared with HTTP/ 1.x, HTTP/2 has been greatly modified and optimized in the underlying transmission:

HTTP/2 transmits data in a base 2 format rather than the text format of HTTP/ 1.x. Base 2 format brings more advantages and possibilities in protocol parsing and optimization. HTTP/2 USES HPACK for compressed transmission of headers, which can save network traffic occupied by headers. While HTTP/ 1.x carries a large amount of redundant header information with each request, which wastes a lot of bandwidth resources. Head compression is a good solution to this problem. Multiplexing, in plain English, means that all requests are made concurrently through one TCP connection. Although HTTP/ 1.x can make concurrent requests through pipeline, the response between multiple requests will be blocked, so pipeline has not been widely used yet, while HTTP/2 can make truly concurrent requests. The flow also supports priority and flow control. Server Push: the server can push resources to the client faster. For example, the server can actively push the JS and CSS files to the client without requiring the client to parse HTML and send these requests. It is already on the client when the client needs it.

Upgrade HTTP2 requirements

nginx 1.10.0 + builds on openssl 1.0.2 + https must be supported

Software installation location

openssl

1. Compile location
/usr/local/openssl
2. Soft link location
/usr/bin/openssl
/usr/include/openssl

nginx
1. Compilation and configuration file location
/etc/nginx

Upgrade all game servers to nginx and OpenSSL

Upgrade openssl

1. Back up the old version of openssl 


mv /usr/bin/openssl /usr/bin/openssl.old
mv /usr/include/openssl /usr/include/openssl.old

2. Download version 1.1 of openssl and unzip it 


 wget https://www.openssl.org/source/openssl-1.1.0g.tar.gz
 tar zxvf openssl-1.1.0g.tar.gz
 cd openssl-1.1.0g/
 ./config --prefix=/usr/local/openssl shared zlib
 make depend
 make && make install 
 ln -s /usr/local/openssl/bin/openssl /usr/bin/openssl
 ln -s /usr/local/openssl/include/openssl /usr/include/openssl( The preferred )
 cd /usr/local/openssl/lib
 ln -s libssl.so.1.1 libcrypto.so.1.1 /lib/x86_64-linux-gnu/
 echo /usr/local/openssl/lib >> /etc/ld.so.conf

3. Verify openssl version information 


openssl version
if [[ `openssl version |awk '{print $2}'` == 1.1.0g ]];then 
  echo ok
fi

nginx upgrade (source code compilation)

The original configuration file will not be lost

1, download the source package 


wget http://nginx.org/download/nginx-1.12.2.tar.gz

2. Unzip, compile and install

When compiling and installing nginx, the -- with-openssl parameter only supports the source code of OpenSSL by default, not the compiled OpenSSL. Can extract directory changes in nginx auto/lib/openssl/conf

sed "s/.openssl\///" c

Remove the.openssl from the file to support the compiled openssl path 


CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a"

Officially compiled 


 ./configure --prefix=/etc/nginx \
 --sbin-path=/usr/sbin/nginx \
 --conf-path=/etc/nginx/nginx.conf \
 --error-log-path=/var/log/nginx/error.log \
 --http-log-path=/var/log/nginx/access.log \
 --pid-path=/var/run/nginx.pid \
 --lock-path=/var/run/nginx.lock \
 --http-client-body-temp-path=/var/cache/nginx/client_temp \
 --http-proxy-temp-path=/var/cache/nginx/proxy_temp \
 --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
 --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
 --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
 --with-http_ssl_module \
 --with-http_realip_module \
 --with-http_addition_module \
 --with-http_sub_module \
 --with-http_dav_module \
 --with-http_flv_module \
 --with-http_mp4_module \
 --with-http_gunzip_module \
 --with-http_gzip_static_module \
 --with-http_random_index_module \
 --with-http_secure_link_module \
 --with-http_stub_status_module \
 --with-http_auth_request_module \
 --with-threads \
 --with-stream \
 --with-stream_ssl_module \
 --with-http_slice_module \
 --with-mail \
 --with-mail_ssl_module \
 --with-file-aio \
 --with-http_v2_module \
 --with-openssl=/usr/local/openssl

Modify the nginx configuration 


listen 443 ssl http2 ;

Problems and solutions

openssl version error reporting openssl: error while loading libraries: libssl so 


echo /usr/local/openssl/lib >> /etc/ld.so.conf #  will openssl Compile path lib Library to join /etc/ld.so.conf
ldconfig -v|grep libssl  #  Check to see if the addition was successful

nginx restart errors, nginx: [emerg] mkdir () "/ var cache/nginx/client_temp" failed 


ls -l /var/cache/nginx/client_temp# Check whether the folder exists and the permissions of the folder 
mkdir -p /var/cache/nginx/client_temp # A folder is generated if the folder does not exist 
chown -R www-data:www-data /var/cache/nginx/client_temp #  Change the folder owner and group to nginx The running user, see details nginx.conf
Related articles: