首页 > http&spdy, 网络协议 > Nginx&SPDY试用

Nginx&SPDY试用

2012年12月15日 发表评论 阅读评论 4,105 次浏览

1,系统环境:

[root@localhost ~]# cat /etc/issue
CentOS release 6.2 (Final)
Kernel \r on an \m

[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.32-220.el6.i686 #1 SMP Tue Dec 6 16:15:40 GMT 2011 i686 i686 i386 GNU/Linux

2,从http://www.openssl.org/source/下载1.0.1以后版本的OpenSSL,当前(2012-12-15)的最新版本为:http://www.openssl.org/source/openssl-1.0.1c.tar.gz,下载后解压即可:

[root@localhost http2.0]# ls
openssl-1.0.1c.tar.gz
[root@localhost http2.0]# tar xzf openssl-1.0.1c.tar.gz 
[root@localhost http2.0]# ls
openssl-1.0.1c  openssl-1.0.1c.tar.gz

3,从http://www.nginx.org/download/nginx-1.3.9.tar.gz下载nginx-1.3.9源码包,以及从链接http://nginx.org/patches/spdy/patch.spdy.txt获取到补丁文件后,进行如下操作:

[root@localhost http2.0]# ls
nginx-1.3.9.tar.gz  openssl-1.0.1c  openssl-1.0.1c.tar.gz  patch.spdy.txt
[root@localhost http2.0]# tar xzf nginx-1.3.9.tar.gz
[root@localhost http2.0]# ls
nginx-1.3.9  nginx-1.3.9.tar.gz  openssl-1.0.1c  openssl-1.0.1c.tar.gz  patch.spdy.txt
[root@localhost http2.0]# cd nginx-1.3.9
[root@localhost http2.0]# cp ../patch.spdy.txt ./
[root@localhost http2.0]# patch -p0 < patch.spdy.txt
[root@localhost http2.0]# ./configure --with-http_ssl_module --with-openssl=/home/http2.0/openssl-1.0.1c
[root@localhost http2.0]# make
[root@localhost http2.0]# make install

一切OK的话,支持SPDY的nginx就编译好了。

下面开始启动nginx,首先准备配置文件:

[root@localhost nginx-1.3.9]# cd /usr/local/nginx/conf/
[root@localhost conf]# vi nginx.conf.spdy 
[root@localhost conf]# cat nginx.conf.spdy 

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 443 ssl spdy default_server;
        ssl_certificate server.crt;
        ssl_certificate_key server.key;

        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

[root@localhost conf]# 

接着准备server.crt和server.key文件(提示要输入的地方,我也没多管,直接输入123456或1):

[root@localhost conf]# /home/http2.0/openssl-1.0.1c/apps/openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
..........................++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@localhost conf]# /home/http2.0/openssl-1.0.1c/apps/openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:AU
State or Province Name (full name) [Some-State]:1
Locality Name (eg, city) []:1
Organization Name (eg, company) [Internet Widgits Pty Ltd]:1
Organizational Unit Name (eg, section) []:1
Common Name (e.g. server FQDN or YOUR name) []:1
Email Address []:1

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:d
string is too short, it needs to be at least 4 bytes long
A challenge password []:12123
An optional company name []:123
[root@localhost conf]# cp server.key server.key.org 
[root@localhost conf]# /home/http2.0/openssl-1.0.1c/apps/openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key
[root@localhost conf]# /home/http2.0/openssl-1.0.1c/apps/openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=AU/ST=g\x08a/L=s/O=c/OU=d/CN=a/emailAddress=c
Getting Private key
[root@localhost conf]#

启动nginx:

[root@localhost conf]# ps aux | grep nginx
root     21977  1.0  0.1   4328   732 pts/0    S+   00:48   0:00 grep nginx
[root@localhost conf]# /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf.spdy 
[root@localhost conf]# ps aux | grep nginx
root     21979  0.0  0.1   5116   668 ?        Ss   00:49   0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf.spdy
nobody   21980  0.0  0.2   6324  1000 ?        S    00:49   0:00 nginx: worker process                                               
root     21982  0.0  0.1   4328   732 pts/0    S+   00:49   0:00 grep nginx
[root@localhost conf]# 

用谷歌浏览器访问nginx站点:

由于我制作的证书没有得到浏览器的信任,所以有此提示,不过没关系,点击仍然继续即可:

是SSL加密协议的,但怎么确定是通过SPDY访问的呢?在链接http://www.chromium.org/spdy/spdy-tools-and-debugging这里有介绍,通过chrome://net-internals/#spdy查看即可:

表格第一行的192.168.10.2:443也就是nginx的站点。

完全参考:
1,http://nginx.org/patches/spdy/README.txt
2,http://wiki.nginx.org/NginxHttpSslModule

转载请保留地址:http://www.lenky.info/archives/2012/12/2057http://lenky.info/?p=2057


备注:如无特殊说明,文章内容均出自Lenky个人的真实理解而并非存心妄自揣测来故意愚人耳目。由于个人水平有限,虽力求内容正确无误,但仍然难免出错,请勿见怪,如果可以则请留言告之,并欢迎来讨论。另外值得说明的是,Lenky的部分文章以及部分内容参考借鉴了网络上各位网友的热心分享,特别是一些带有完全参考的文章,其后附带的链接内容也许更直接、更丰富,而我只是做了一下归纳&转述,在此也一并表示感谢。关于本站的所有技术文章,欢迎转载,但请遵从CC创作共享协议,而一些私人性质较强的心情随笔,建议不要转载。

法律:根据最新颁布的《信息网络传播权保护条例》,如果您认为本文章的任何内容侵犯了您的权利,请以Email或书面等方式告知,本站将及时删除相关内容或链接。

  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.