HTTP/2 与 Ubuntu 18.04
Posted
技术标签:
【中文标题】HTTP/2 与 Ubuntu 18.04【英文标题】:HTTP/2 with Ubuntu 18.04 【发布时间】:2018-12-22 07:44:21 【问题描述】:我想在这个网站上试用 HTTP/2:https://www.alebalweb-blog.com/
我最近使用 php 7.2、Apache/2.4.29 等将服务器更新到 Ubuntu 18.04
我做了:sudo a2enmod http2
添加:
#HTTP/2
Protocols h2 h2c http/1.1
在我的 VirtualHost SSL 中。
并重新启动 Apache。
SSL 证书由 Let's Encrypt 提供。
结果是:
curl -k -v --http2 https://alebalweb-blog.com
* Rebuilt URL to: https://alebalweb-blog.com/
* Trying 45.76.70.142...
* TCP_NODELAY set
* Connected to alebalweb-blog.com (45.76.70.142) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=alebalweb-blog.com
* start date: Jul 7 02:02:06 2018 GMT
* expire date: Oct 5 02:02:06 2018 GMT
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: alebalweb-blog.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 13 Jul 2018 21:51:22 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Upgrade: h2,h2c
< Connection: Upgrade
< Cache-Control: max-age=300
< Expires: Fri, 13 Jul 2018 21:56:22 GMT
< Vary: Accept-Encoding,User-Agent
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8
我觉得真的很奇怪:
Upgrade: h2,h2c
Connection: Upgrade
什么意思?
HTTP/2 测试说:
HTTP/2 Test Result www.alebalweb-blog.com
Negative! www.alebalweb-blog.com does not support HTTP/2.0.
ALPN is not supported.
我觉得我错过了一些重要的事情......你能帮我理解一下吗?
【问题讨论】:
密钥是* ALPN, server accepted to use http/1.1
,这意味着服务器没有宣传h2支持。
这很奇怪,因为它支持 ALPN 和现代密码(很明显是现代版本的 OpenSSL,这通常是一个问题)并且正在发送升级标头(这表明 mod_http2 设置正确)。我猜你在不支持 HTTP/2 的 Apache(nginx 负载均衡器和 CDN)前面有一些东西。
是 Vultr 服务器,Ubuntu 16.04 升级到 18.04,请问 Vultr 是否有什么东西不允许 HTTP/2 工作。
Vultr 回复我去查看文档部分,在文档部分中没有任何关于 HTTP/2 和 Apache 的内容......没有太多帮助......你能帮我弄清楚吗我在哪里可以看?
如果直接连接到服务器并执行curl -k -v —http2 https://localhost
,它是否工作?
【参考方案1】:
我想我通过切换到 PHP-FPM 解决了
我使用了这些代码:
apachectl stop
apt-get install php7.1-fpm # Install the php-fpm from your PHP repository. This package name depends on the vendor.
a2enmod proxy_fcgi setenvif
a2enconf php7.1-fpm # Again, this depends on your PHP vendor.
a2dismod php7.1 # This disables mod_php.
a2dismod mpm_prefork # This disables the prefork MPM. Only one MPM can run at a time.
a2enmod mpm_event # Enable event MPM. You could also enable mpm_worker.
apachectl start
来自本指南:https://http2.pro/doc/Apache 和本指南:https://techwombat.com/enable-http2-apache-ubuntu-16-04/
并在 /etc/apache2/apache2.conf 末尾添加“Protocols h2 h2c http/1.1”
现在命令 curl -k -v --http2 https://alebalweb-blog.com 报告这个:
curl -k -v --http2 https://alebalweb-blog.com
* Rebuilt URL to: https://alebalweb-blog.com/
* Trying 45.76.70.142...
* TCP_NODELAY set
* Connected to alebalweb-blog.com (45.76.70.142) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=alebalweb-blog.com
* start date: Jul 7 02:02:06 2018 GMT
* expire date: Oct 5 02:02:06 2018 GMT
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x556ec5957940)
> GET / HTTP/2
> Host: alebalweb-blog.com
> User-Agent: curl/7.58.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< date: Thu, 19 Jul 2018 20:21:38 GMT
< server: Apache/2.4.34 (Ubuntu)
< cache-control: max-age=300
< expires: Thu, 19 Jul 2018 20:26:38 GMT
< vary: Accept-Encoding,User-Agent
< content-type: text/html; charset=UTF-8
最重要的是您会注意到这些变化:ALPN、服务器接受使用 h2 和 HTTP/2 200
网站https://tools.keycdn.com/http2-test 说:
Yeah! www.alebalweb-blog.com supports HTTP/2.0.
ALPN supported.
opera和chrome的开发工具标明:h2
我只有最后一个疑问,在谷歌网站管理员工具中,以谷歌的身份获取页面,我看到了这个:
HTTP/1.1 200 OK
Date: Thu, 19 Jul 2018 20:35:35 GMT
Server: Apache/2.4.34 (Ubuntu)
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=300
Expires: Thu, 19 Jul 2018 20:40:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 41422
Keep-Alive: timeout=5, max=100
我错过了什么?或者可能需要时间?
【讨论】:
以上是关于HTTP/2 与 Ubuntu 18.04的主要内容,如果未能解决你的问题,请参考以下文章
为啥 /dev/shm 文件夹可以在 Ubuntu 18.04 中定期清理?
sudo apt-get:command not found 解决 - Ubuntu 18.04