近两年tengine和nginx的在新特性的支持上差距越来越大。处于尝试新事物的好奇,动手升级到nginx-1.9.9。整个过程非常曲折,不再细说。。
主要的配置差异实际很小
listen 443 ssl so_keepalive=on spdy;
改为
listen 443 ssl so_keepalive=on http2;
但是因为之前开启了ssl_prefer_server_ciphers,升级前没仔细看过nginx官方的wiki,所以吃了不少苦头。升级之后页面直接就打不了, chrome 报错ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY。
Note that accepting HTTP/2 connections over TLS requires the “Application-Layer Protocol Negotiation” (ALPN) TLS extension support, which is available only since OpenSSL version 1.0.2. Using the “Next Protocol Negotiation” (NPN) TLS extension for this purpose (available since OpenSSL version 1.0.1) is not guaranteed.
Also note that if the ssl_prefer_server_ciphers directive is set to the value on, the ciphers should be configured to comply with RFC 7540, Appendix A black list and supported by clients.
搞定了http2后,另外奇葩的事情是blog打开就是空白的。php-fpm等运行正常,最终发现是nginx官方deb包里的fastcgi_params是错的,该用之前tengine使用的配置搞定。
参考:
1.http://nginx.org/en/docs/http/ngx_http_v2_module.html