nginx - nginx不能使用http2
问题描述
我正在使用 nginx 为我的应用程序提供服务,但我一直无法使用 http2 协议,以下是我的 nginx 版本
nginx version: nginx/1.17.9
openssl 版本:
OpenSSL 1.1.1d 10 Sep 2019
/etc/nginx/nginx.conf 中的内容:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
# run ulimit -n to check
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
# Buffer size for post submission
client_body_buffer_size 10k;
client_max_body_size 8m;
# Buffer size for header
client_header_buffer_size 1k;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
limit_req_zone $request_uri zone=MYZONE:10m rate=35r/s;
include /etc/nginx/conf.d/*.conf;
}
/etc/nginx/conf.d/default.conf 中的内容:
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name 0.0.0.0;
expires $expires;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 4h;
ssl_session_tickets on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
location = /favicon.ico {
log_not_found off;
}
location /static/ {
alias /static_files/;
}
location / {
access_log /var/log/nginx/wsgi.access.log;
error_log /var/log/nginx/wsgi.error_log warn;
proxy_pass http://app_wsgi:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
limit_req zone=MYZONE burst=15 nodelay;
}
location /admin {
proxy_pass http://app_wsgi:8000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
auth_basic "Secure Area";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
检查语法 nginx -t:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
启动 nginx 之后,我对 https 和 https 执行 curl 命令:
卷曲-I --http2 0.0.0.0:
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 25 Apr 2020 10:20:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://0.0.0.0/
curl -I --http2 --cacert certs/server.crt https://0.0.0.0
HTTP/2 200
server: nginx
date: Sat, 25 Apr 2020 10:15:20 GMT
content-type: text/html; charset=utf-8
content-length: 13376
x-frame-options: SAMEORIGIN
vary: Cookie, Accept-Encoding
set-cookie: csrftoken=dYCEOQQh70PqCXiyuylGoGS83GEWgU5omH33KnSr2XSziyXNbFoOepKlAprzoA0G; expires=Sat, 24 Apr 2021 10:15:20 GMT; Max-Age=31449600; Path=/; SameSite=Lax
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
它显示 http2 成功,但我浏览网页到https://0.0.0.0,并检查开发控制台,我发现所有请求都仍在使用 http/1.1 协议。我也去nginx服务器查看access.log,也有所有http/1.1的请求日志。错误日志中没有错误。
我已经尝试搜索并尝试了很长时间,但我仍然无法通过协议 http2 提供服务。请帮助我,非常感谢!
更新:来自 chrome 的证书和安全选项卡:
解决方案
推荐阅读
- mongodb - 单个组的 Mongodb 查询限制
- php - 尽管设置了 max_execution_time,PHP 仍以 30 秒切割
- python - 从终端中正在进行的进程中读取命令行输出
- python - 重塑 Numpy 数组:“列表”对象不可调用
- compiler-construction - llvm IR 中的冗余基本块
- json - jasper 中的交叉表仅显示输入 json 中的第一列
- javascript - 参照父对象展平嵌套对象
- android - 任务':app:transformClassesWithDesugarForRelease'的离子执行失败
- c++ - 模板类的工厂方法
- android - 房间数据库和 Glide 插件之间的 Gradle 多模块 annotationProcessor 编译问题