Nginx 1.7增加对SPDY的支持

Read

SPDY并不是一种用于替代HTTP的协议，而是对HTTP协议的增强。新协议的功能包括数据流的多路复用、请求优先级，以及HTTP包头压缩。谷歌已经开发一个网络服务器原型机，以及支持SPDY协议的Chrome浏览器版本。

[root@Nginx ~]# mkdir /byrd/tools -p    #安装文件目录
[root@Nginx ~]# /usr/sbin/useradd nginx -s /sbin/nologin -M    #nginx用户
[root@Nginx ~]# yum install pcre-devel openssl openssl-devel gcc gcc-c++ -y    #软件依赖包
[root@Nginx ~]# cd /byrd/tools/
[root@Nginx tools]# wget http://nginx.org/download/nginx-1.7.1.tar.gz    #最新版
[root@Nginx tools]# wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz    #最新版
[root@Nginx tools]# cd openssl-1.0.1h
[root@Nginx openssl-1.0.1h]# ./config  
[root@Nginx openssl-1.0.1h]# make 
[root@Nginx tools]# tar zxf nginx-1.7.1.tar.gz 
[root@Nginx tools]# cd nginx-1.7.1
[root@Nginx nginx-1.7.1]# ./configure --user=nginx --group=nginx --prefix=/byrd/server/nginx-1.7.1 --with-openssl=/byrd/tools/openssl-1.0.1h --with-pcre --with-http_ssl_module --with-http_spdy_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module 
[root@Nginx nginx-1.7.1]# make && make install
[root@Nginx nginx-1.7.1]# ln -s /byrd/server/nginx-1.7.1/ /usr/local/nginx
[root@Nginx nginx-1.7.1]# /usr/local/nginx/sbin/nginx 
[root@Nginx nginx-1.7.1]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      21740/nginx

[root@Nginx ~]# mkdir /byrd/tools -p #安装文件目录

[root@Nginx ~]# /usr/sbin/useradd nginx -s /sbin/nologin -M #nginx用户

[root@Nginx ~]# yum install pcre-devel openssl openssl-devel gcc gcc-c++ -y #软件依赖包

[root@Nginx ~]# cd /byrd/tools/

[root@Nginx tools]# wget http://nginx.org/download/nginx-1.7.1.tar.gz #最新版

[root@Nginx tools]# wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz #最新版

[root@Nginx tools]# cd openssl-1.0.1h

[root@Nginx openssl-1.0.1h]# ./config

[root@Nginx openssl-1.0.1h]# make

[root@Nginx tools]# tar zxf nginx-1.7.1.tar.gz

[root@Nginx tools]# cd nginx-1.7.1

[root@Nginx nginx-1.7.1]# ./configure --user=nginx --group=nginx --prefix=/byrd/server/nginx-1.7.1 --with-openssl=/byrd/tools/openssl-1.0.1h --with-pcre --with-http_ssl_module --with-http_spdy_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module

[root@Nginx nginx-1.7.1]# make && make install

[root@Nginx nginx-1.7.1]# ln -s /byrd/server/nginx-1.7.1/ /usr/local/nginx

[root@Nginx nginx-1.7.1]# /usr/local/nginx/sbin/nginx

[root@Nginx nginx-1.7.1]# netstat -tunlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21740/nginx

配置密匙：

[root@Nginx nginx-1.7.1]# cd /usr/local/nginx/conf/
[root@Nginx conf]# openssl genrsa -des3 -out server.key 1024    #创建创建服务器私钥
Generating RSA private key, 1024 bit long modulus
.....++++++
.....................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@Nginx conf]# openssl req -new -key server.key -out server.csr    #创建证书签名请求
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CHINA
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:ZJ
Locality Name (eg, city) [Default City]:HANGZHOU  
Organization Name (eg, company) [Default Company Ltd]:KY
Organizational Unit Name (eg, section) []:BYRD
Common Name (eg, your name or your server's hostname) []:byrd
Email Address []:root@t4x.org

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123456
[root@Nginx conf]# cp server.key server.key.t4xorg    
[root@Nginx conf]# openssl rsa -in server.key.t4xorg -out server.key    #清除以SSL启动Nginx时提示必须输入密钥
Enter pass phrase for server.key.t4xorg:
writing RSA key
[root@Nginx conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt    #使用刚生成的私钥和CSR进行证书签名
Signature ok
subject=/C=CN/ST=ZJ/L=HANGZHOU/O=KY/OU=BYRD/CN=byrd/emailAddress=root@t4x.org
Getting Private key
[root@Nginx conf]#

[root@Nginx nginx-1.7.1]# cd /usr/local/nginx/conf/

[root@Nginx conf]# openssl genrsa -des3 -out server.key 1024 #创建创建服务器私钥

Generating RSA private key, 1024 bit long modulus

.....++++++

.....................++++++

e is 65537 (0x10001)

Enter pass phrase for server.key:

Verifying - Enter pass phrase for server.key:

[root@Nginx conf]# openssl req -new -key server.key -out server.csr #创建证书签名请求

Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CHINA

string is too long, it needs to be less than 2 bytes long

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:ZJ

Locality Name (eg, city) [Default City]:HANGZHOU

Organization Name (eg, company) [Default Company Ltd]:KY

Organizational Unit Name (eg, section) []:BYRD

Common Name (eg, your name or your server's hostname) []:byrd

Email Address []:root@t4x.org

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:123456

[root@Nginx conf]# cp server.key server.key.t4xorg

[root@Nginx conf]# openssl rsa -in server.key.t4xorg -out server.key #清除以SSL启动Nginx时提示必须输入密钥

Enter pass phrase for server.key.t4xorg:

writing RSA key

[root@Nginx conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt #使用刚生成的私钥和CSR进行证书签名

Signature ok

subject=/C=CN/ST=ZJ/L=HANGZHOU/O=KY/OU=BYRD/CN=byrd/emailAddress=root@t4x.org

Getting Private key

[root@Nginx conf]#

配置nginx支持443：

    server {
        listen       443 ssl spdy;
        server_name  localhost;

        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
[root@Nginx conf]# /usr/local/nginx/sbin/nginx -t                                          
nginx: the configuration file /byrd/server/nginx-1.7.1/conf/nginx.conf syntax is ok
nginx: configuration file /byrd/server/nginx-1.7.1/conf/nginx.conf test is successful
[root@Nginx conf]# /usr/local/nginx/sbin/nginx
[root@Nginx conf]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      36556/nginx                
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      36556/nginx