一開始用 Ubuntu 14.04 作,不過內建的 OpenSSL 版本是 1.0.1f,,還需要 TLS 的 ALPN ,
所以需要 OpenSSL 1.0.2 以後的版本。
後來用Ubuntu 15.10 作,因為內建 OpenSSL 版本已經是 1.0.2d了。
1. 先安裝 nghttp2
apt-get install make binutils autoconf automake autotools-dev libtool pkg-config \
zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev libevent-dev libjansson-dev \
libjemalloc-dev cython python3.4-dev python-setuptools
git clone https://github.com/tatsuhiro-t/nghttp2.git
cd ./nghttp2
autoreconf -i
automake
autoconf
./configure
make
sudo make install
sudo ldconfig
2. 下載並編譯 Apache 2.4.17
apt-get install git gcc g++ libpcre3-dev libcunit1-dev libev-dev libjansson-dev \
libjemalloc-dev cython make binutils autoconf automake autotools-dev libtool pkg-config \
zlib1g-dev libssl-dev libxml2-dev libevent-dev python3.4-dev libevent-openssl-2.0-5
wget http://ftp.jaist.ac.jp/pub/apache//httpd/httpd-2.4.17.tar.gz
tar zxvf httpd-2.4.17.tar.gz
wget http://ftp.yz.yamagata-u.ac.jp/pub/network/apache//apr/apr-1.5.2.tar.gz
tar zxvf apr-1.5.2.tar.gz
mv ./apr-1.5.2 ./httpd-2.4.17/srclib/apr
wget http://ftp.yz.yamagata-u.ac.jp/pub/network/apache//apr/apr-util-1.5.4.tar.gz
tar zxvf apr-util-1.5.4.tar.gz
mv ./apr-util-1.5.4 ./httpd-2.4.17/srclib/apr-util
cd ./httpd-2.4.17/
./configure --enable-http2
make
sudo make install
3. 設定
先設定 /usr/local/apache2/conf/httpd.conf
#新增這一行,自訂主機名稱
ServerName myserver.com
LoadModule ssl_module modules/mod_ssl.so #取消註解
LoadModule http2_module modules/mod_http2.so #取消註解
Include conf/extra/httpd-ssl.conf #取消註解
#新增
<IfModule http2_module>
ProtocolsHonorOrder On
Protocols h2 http/1.1 # for http
Protocols h2c http/1.1 #for https
</IfModule>
接著產生SSL驗證用的金鑰
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/apache2/conf/server.key -out /usr/local/apache2/conf/server.crt
再設定 /usr/local/apache2/conf/extra/httpd-ssl.conf
#SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" #註解這行
#新增驗證金鑰
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
#修改,參考 How to h2 in apache
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLProtocol All -SSLv2 -SSLv3 # 修改
4. 啟動
/usr/local/apache2/bin/httpd
5. 執行結果
[netstat]
netstat -ta |grep -e http -e https
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN
[用 nghttp 連線]
nghttp -uv http://<IP or Domain Name>
nghttp -uv http://<IP or Domain Name>
[用 Chrome 查看]
直接瀏覽
chrome://net-internals/#http2
沒有留言:
張貼留言