SPDY并不是一种用于替代HTTP的协议,而是对HTTP协议的增强。新协议的功能包括数据流的多路复用、请求优先级,以及HTTP包头压缩。谷歌已经开发一个网络服务器原型机,以及支持SPDY协议的Chrome浏览器版本。
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@Nginx ~]# mkdir /byrd/tools -p #安装文件目录 [root@Nginx ~]# /usr/sbin/useradd nginx -s /sbin/nologin -M #nginx用户 [root@Nginx ~]# yum install pcre-devel openssl openssl-devel gcc gcc-c++ -y #软件依赖包 [root@Nginx ~]# cd /byrd/tools/ [root@Nginx tools]# wget http://nginx.org/download/nginx-1.7.1.tar.gz #最新版 [root@Nginx tools]# wget http://www.openssl.org/source/openssl-1.0.1h.tar.gz #最新版 [root@Nginx tools]# cd openssl-1.0.1h [root@Nginx openssl-1.0.1h]# ./config [root@Nginx openssl-1.0.1h]# make [root@Nginx tools]# tar zxf nginx-1.7.1.tar.gz [root@Nginx tools]# cd nginx-1.7.1 [root@Nginx nginx-1.7.1]# ./configure --user=nginx --group=nginx --prefix=/byrd/server/nginx-1.7.1 --with-openssl=/byrd/tools/openssl-1.0.1h --with-pcre --with-http_ssl_module --with-http_spdy_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module [root@Nginx nginx-1.7.1]# make && make install [root@Nginx nginx-1.7.1]# ln -s /byrd/server/nginx-1.7.1/ /usr/local/nginx [root@Nginx nginx-1.7.1]# /usr/local/nginx/sbin/nginx [root@Nginx nginx-1.7.1]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 21740/nginx |
配置密匙:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
[root@Nginx nginx-1.7.1]# cd /usr/local/nginx/conf/ [root@Nginx conf]# openssl genrsa -des3 -out server.key 1024 #创建创建服务器私钥 Generating RSA private key, 1024 bit long modulus .....++++++ .....................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: [root@Nginx conf]# openssl req -new -key server.key -out server.csr #创建证书签名请求 Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CHINA string is too long, it needs to be less than 2 bytes long Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:ZJ Locality Name (eg, city) [Default City]:HANGZHOU Organization Name (eg, company) [Default Company Ltd]:KY Organizational Unit Name (eg, section) []:BYRD Common Name (eg, your name or your server's hostname) []:byrd Email Address []:root@t4x.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 An optional company name []:123456 [root@Nginx conf]# cp server.key server.key.t4xorg [root@Nginx conf]# openssl rsa -in server.key.t4xorg -out server.key #清除以SSL启动Nginx时提示必须输入密钥 Enter pass phrase for server.key.t4xorg: writing RSA key [root@Nginx conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt #使用刚生成的私钥和CSR进行证书签名 Signature ok subject=/C=CN/ST=ZJ/L=HANGZHOU/O=KY/OU=BYRD/CN=byrd/emailAddress=root@t4x.org Getting Private key [root@Nginx conf]# |
配置nginx支持443:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
server { listen 443 ssl spdy; server_name localhost; ssl_certificate server.crt; ssl_certificate_key server.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } [root@Nginx conf]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /byrd/server/nginx-1.7.1/conf/nginx.conf syntax is ok nginx: configuration file /byrd/server/nginx-1.7.1/conf/nginx.conf test is successful [root@Nginx conf]# /usr/local/nginx/sbin/nginx [root@Nginx conf]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 36556/nginx tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 36556/nginx |
申明:本文由BYRD原创(基于NGINX1.7.1+SPYD3.1),未经许可禁止转载! 文 章 源 自 note.t4x.orgByrd's Blog-https://note.t4x.org/environment/centos-nginx-spdy/
申明:除非注明Byrd's Blog内容均为原创,未经许可禁止转载!详情请阅读版权申明!
Trackbacks