Mac 下搭建Nginx HTTP/2的服務端

Nginx環境搭建

關於環境搭建因為我電腦之前已經安裝好環境，安裝流程自己也忘記了。所以為了不誤導大家。可以參考以下連結：

Mac OSX El Capitan 10.11 安裝nginx(http2) php7.0 mysql5.7 開發環境

Http2.0在nginx上實踐

官方連結

修改預設配置

先檢視下nginx 支援指令

pcpc:nginx leedarson$ nginx -h
nginx version: nginx/1.15.7
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]

Options:
  -?,-h         : this help
  -v            : show version and exit
  -V            : show version and configure options then exit
  -t            : test configuration and exit
  -T            : test configuration, dump it and exit
  -q            : suppress non-error messages during configuration testing
  -s signal     : send signal to a master process: stop, quit, reopen, reload
  -p prefix     : set prefix path (default: /usr/local/Cellar/nginx/1.15.7/)
  -c filename   : set configuration file (default: /usr/local/etc/nginx/nginx.conf)
  -g directives : set global directives out of configuration file
複製程式碼

檢視預設配置，預設為8080的HTTP server

$ cat /usr/local/etc/nginx/nginx.conf
...
server {
        listen       8080;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }
...
複製程式碼

直接刪掉上面的server（刪除前最好先備份下nginx.conf），替換為

server {
       # listen 80 default_server;
        listen 443 ssl http2 default_server;
 
        server_name  localhost;

        ssl_certificate ssl/nginx.crt;     #80埠必須配置
        ssl_certificate_key ssl/nginx.key; #80埠必須配置

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
複製程式碼

匯入ssl 證照

sudo mkdir /usr/local/etc/nginx/ssl/  
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/etc/nginx/ssl/nginx.key -out /usr/local/etc/nginx/ssl/nginx.crt  

複製程式碼

開啟Nginx服務

sudo nginx
複製程式碼

客戶端測試

如果你電腦之前有安裝curl,可以直接用curl請求。

$ curl -v --http2 -k https://localhost
* Rebuilt URL to: https://localhost/
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 443 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=cn; ST=gd; L=sz; O=lds; OU=lds; CN=lds; emailAddress=lds
*  start date: Dec 25 07:07:05 2018 GMT
*  expire date: Dec 25 07:07:05 2019 GMT
*  issuer: C=cn; ST=gd; L=sz; O=lds; OU=lds; CN=lds; emailAddress=lds
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f85bd00ba00)
> GET / HTTP/2
> Host: localhost
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< server: nginx/1.15.7
< date: Tue, 25 Dec 2018 07:53:09 GMT
< content-type: text/html
< content-length: 612
< last-modified: Tue, 03 Apr 2018 14:38:20 GMT
< etag: "5ac391dc-264"
< accept-ranges: bytes
<
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
* Connection #0 to host localhost left intact
複製程式碼

還可以用WireShark抓包檢視是否為HTTP/2的請求

最後

因為分析競品時，發現對方使用HTTP/2，所以簡單的搭建了一個環境，便於學習。希望對需要的人有所幫助。