HTTP/2 与 Ubuntu 18.04

Posted

技术标签:

【中文标题】HTTP/2 与 Ubuntu 18.04【英文标题】:HTTP/2 with Ubuntu 18.04 【发布时间】:2018-12-22 07:44:21 【问题描述】:

我想在这个网站上试用 HTTP/2:https://www.alebalweb-blog.com/

我最近使用 php 7.2、Apache/2.4.29 等将服务器更新到 Ubuntu 18.04

我做了:sudo a2enmod http2

添加:

#HTTP/2
Protocols h2 h2c http/1.1

在我的 VirtualHost SSL 中。

并重新启动 Apache。

SSL 证书由 Let's Encrypt 提供。

结果是:

curl -k -v --http2 https://alebalweb-blog.com
* Rebuilt URL to: https://alebalweb-blog.com/
*   Trying 45.76.70.142...
* TCP_NODELAY set
* Connected to alebalweb-blog.com (45.76.70.142) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=alebalweb-blog.com
*  start date: Jul  7 02:02:06 2018 GMT
*  expire date: Oct  5 02:02:06 2018 GMT
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET / HTTP/1.1
> Host: alebalweb-blog.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Fri, 13 Jul 2018 21:51:22 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Upgrade: h2,h2c
< Connection: Upgrade
< Cache-Control: max-age=300
< Expires: Fri, 13 Jul 2018 21:56:22 GMT
< Vary: Accept-Encoding,User-Agent
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=UTF-8

我觉得真的很奇怪:

Upgrade: h2,h2c
Connection: Upgrade

什么意思?

HTTP/2 测试说:

HTTP/2 Test Result www.alebalweb-blog.com
Negative! www.alebalweb-blog.com does not support HTTP/2.0.
ALPN is not supported.

我觉得我错过了一些重要的事情......你能帮我理解一下吗?

【问题讨论】:

密钥是* ALPN, server accepted to use http/1.1,这意味着服务器没有宣传h2支持。 这很奇怪,因为它支持 ALPN 和现代密码(很明显是现代版本的 OpenSSL,这通常是一个问题)并且正在发送升级标头(这表明 mod_http2 设置正确)。我猜你在不支持 HTTP/2 的 Apache(nginx 负载均衡器和 CDN)前面有一些东西。 是 Vultr 服务器,Ubuntu 16.04 升级到 18.04,请问 Vultr 是否有什么东西不允许 HTTP/2 工作。 Vultr 回复我去查看文档部分,在文档部分中没有任何关于 HTTP/2 和 Apache 的内容......没有太多帮助......你能帮我弄清楚吗我在哪里可以看? 如果直接连接到服务器并执行curl -k -v —http2 https://localhost,它是否工作? 【参考方案1】:

我想我通过切换到 PHP-FPM 解决了

我使用了这些代码:

apachectl stop
apt-get install php7.1-fpm # Install the php-fpm from your PHP repository. This package name depends on the vendor.
a2enmod proxy_fcgi setenvif
a2enconf php7.1-fpm # Again, this depends on your PHP vendor.
a2dismod php7.1 # This disables mod_php.
a2dismod mpm_prefork # This disables the prefork MPM. Only one MPM can run at a time.
a2enmod mpm_event # Enable event MPM. You could also enable mpm_worker.
apachectl start

来自本指南:https://http2.pro/doc/Apache 和本指南:https://techwombat.com/enable-http2-apache-ubuntu-16-04/

并在 /etc/apache2/apache2.conf 末尾添加“Protocols h2 h2c http/1.1”

现在命令 curl -k -v --http2 https://alebalweb-blog.com 报告这个:

curl -k -v --http2 https://alebalweb-blog.com
* Rebuilt URL to: https://alebalweb-blog.com/
*   Trying 45.76.70.142...
* TCP_NODELAY set
* Connected to alebalweb-blog.com (45.76.70.142) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=alebalweb-blog.com
*  start date: Jul  7 02:02:06 2018 GMT
*  expire date: Oct  5 02:02:06 2018 GMT
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x556ec5957940)
> GET / HTTP/2
> Host: alebalweb-blog.com
> User-Agent: curl/7.58.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< date: Thu, 19 Jul 2018 20:21:38 GMT
< server: Apache/2.4.34 (Ubuntu)
< cache-control: max-age=300
< expires: Thu, 19 Jul 2018 20:26:38 GMT
< vary: Accept-Encoding,User-Agent
< content-type: text/html; charset=UTF-8

最重要的是您会注意到这些变化:ALPN、服务器接受使用 h2 和 HTTP/2 200

网站https://tools.keycdn.com/http2-test 说:

Yeah! www.alebalweb-blog.com supports HTTP/2.0. 
ALPN supported.

opera和chrome的开发工具标明:h2

我只有最后一个疑问,在谷歌网站管理员工具中,以谷歌的身份获取页面,我看到了这个:

HTTP/1.1 200 OK
Date: Thu, 19 Jul 2018 20:35:35 GMT
Server: Apache/2.4.34 (Ubuntu)
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=300
Expires: Thu, 19 Jul 2018 20:40:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 41422
Keep-Alive: timeout=5, max=100

我错过了什么?或者可能需要时间?

【讨论】:

以上是关于HTTP/2 与 Ubuntu 18.04的主要内容,如果未能解决你的问题,请参考以下文章

为啥 /dev/shm 文件夹可以在 Ubuntu 18.04 中定期清理?

sudo apt-get:command not found 解决 - Ubuntu 18.04

Ubuntu 18.04 系统U盘安装与初步设置

G005-OS-LIN-UBUN-01 Ubuntu Desktop 22.04 安装

ubuntu18.04的安装与学习记录

Ubuntu18.04 下载与安装(阿里云官方镜像站)