HTTPS HTTP/2
Optimization for HTTP/1. x
- HTTP/2 multiplexes a TCP connection for multiple transmissions, that is, asynchronous connection multiplexing
- HTTP/2 will appropriately merge resource files, that is, header compression
- HTTP/2's Server Push feature allows the server to make full use of bandwidth and push resources to the client in a certain priority order, that is, request feedback pipelining
- Fully semantic compatible with HTTP 1.1···
Conditions for enabling HTTP/2
- TLS based deployment means that HTTPS needs to be configured first, because Chrome and Firefox both support only HTTP/2 Over TLS
- The HTTP server needs to support, that is, it needs to upgrade to a newer version. For example, Nginx needs to be upgraded to 1.9.7 or above
HTTP/2 support
Currently, browsers supporting HTTP/2 include Chrome 41+, Firefox 36+, Safari 9+, IE 11 and Edge on Windows 10
Configure HTTP/2
HTTPS needs to be configured before HTTP/2 is enabled. Here we will simply repeat what needs to be done
First, upgrade OpenSSL
Secondly, upgrade Nginx and compile it together with OpenSSL --with-http_v2_module
--with-http_ssl_module
Compile two modules together
Then, configure the configuration file of Nginx's site
server { listen 443 ssl http2 default_server; ssl_certificate server.crt; ssl_certificate_key server.key; ... }
Finally restart and check whether it is correctly started···
Some configuration tutorials
Here are the help configurations of the articles written previously,
Let's Encrypt certificate issuance and configuration
https://www.linpx.com/p/lets-encrypt-certificate-and-configuration.html
Issue certificate request file CSR with ECC algorithm
https://www.linpx.com/p/ecc-algorithm-is-used-to-issue-the-certificate-request-file-csr.html
Cascade the certificate chain and configure Nginx to enable SSL
https://www.linpx.com/p/the-series-of-certificate-chain-and-configure-nginx-to-open-ssl.html
Optimization of Nginx's SSL configuration
https://www.linpx.com/p/ssl-configuration-optimization.html
Enable HSTS and apply for HSTS Preload List
https://www.linpx.com/p/hsts-and-hsts-preload-list-enabled-applications.html
ChaCha20-Poly1305 cipher suite for OpenSSL
https://www.linpx.com/p/the-openssl-chacha20poly1305-cipher-suite.html
Install ChaCha20-Poly1305 encryption suite to Nginx
https://www.linpx.com/p/nginx-chacha20poly1305-encryption-suite.html
My little knowledge of HSTS
https://www.linpx.com/p/i-know-little-about-hsts.html
Enable Certificate Transparency policy
https://www.linpx.com/p/https-certificate-to-enable-transparency-certificate-policy.html
Some practices of OCSP Staging
https://www.linpx.com/p/some-small-practice-of-stapling-ocsp.html
This article is written by Chakhsu Lau Creation, adoption Knowledge Sharing Attribution 4.0 International License Agreement.
All articles on this website are original or translated by this website, except for the reprint/source. Please sign your name before reprinting.