Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
136 lines (115 sloc) 4.64 KB

Use HTTP/2

Environment

Ubuntu 14.04
Open SSL 1.0.2
Nginx 1.10.1 (Nginx 1.9.5 이상)
(+) SSL 은 μ μš©λ˜μ—ˆλ‹€κ³  κ°€μ •ν•œλ‹€.
  • μ•„λž˜ λ§ν¬λŠ” Let's Encrypt 둜 HTTPS λ₯Ό μ μš©ν•˜λŠ” 방법에 λŒ€ν•œ 링크닀.
    • 링크
    • 이 글을 μž‘μ„±ν•  λ‹Ήμ‹œμ™€ μ„€μ • 방법이 쑰금 λ‹€λ₯΄μ§€λ§Œ 차이가 심할 μ •λ„λŠ” μ•„λ‹ˆλ‹ˆ, 이 κΈ€ λ˜λŠ” ꡬ글링을 톡해 μ μš©ν•˜λ„λ‘ ν•œλ‹€.

Open SSL 1.0.2 μ„€μΉ˜

  • λ¨Όμ €, Open SSL 1.0.2 λ₯Ό μ„€μΉ˜ν•œλ‹€.
  • μ΅œμ‹  λ²„μ „μ˜ ν¬λ‘¬μ—μ„œλŠ” ALPN 만 μ§€μ›ν•˜λŠ”λ°, ALPN 을 μ‚¬μš©ν•˜μ§€ μ•ŠμœΌλ©΄, μ΅œμ‹  버전 크둬 μ‚¬μš©μžμ˜ λΈŒλΌμš°μ €λŠ” HTTP/1 둜 λ‹€μš΄κ·Έλ ˆμ΄λ“œ λœλ‹€. (즉, HTTP/2 λ₯Ό μ‚¬μš©ν•  수 μ—†λ‹€.)
    • HTTP/2 λŠ” HTTP1.0/1.1 κ³Ό ν˜Έν™˜μ„ μœ„ν•΄ Protocol negotiation 을 톡해 HTTP/2 μ‚¬μš© μ—¬λΆ€λ₯Ό κ²°μ •ν•˜λŠ”λ°, NPN (Next Protocol Negotiation) λŒ€μ‹  ALPN (Application) 을 μ‚¬μš©ν•œλ‹€.
    • Open SSL 은 1.0.2 버전뢀터 ALPN λ₯Ό μ§€μ›ν•˜λ©°, 1.0.1 및 이전 버전은 ALPN 을 μ§€μ›ν•˜μ§€ μ•ŠλŠ”λ‹€.
$ wget -c https://www.openssl.org/source/openssl-1.0.2h.tar.gz
$ tar xf openssl-1.0.2h.tar.gz -C /usr/local/
$ cd /usr/local/openssl-1.0.2h
$ ./config
$ make depend
$ make
$ make test
$ make install
$ mv /usr/bin/openssl /usr/bin/openssl_1.0.1e
$ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
$ openssl version

Nginx μ„€μΉ˜

  • Ubuntu 14.04 μ—μ„œ apt-get 을 톡해 Nginx λ₯Ό μ„€μΉ˜ ν˜Ήμ€ μ—…λ°μ΄νŠΈ ν•˜λ©΄, 1.4.6 버전이 μ„€μΉ˜λœλ‹€. μ•„λž˜ λ§ν¬λŠ” Nginx stable 버전을 μ„€μΉ˜ν•˜κΈ° μœ„ν•œ λͺ…λ Ήμ–΄λ₯Ό μ •λ¦¬ν•œ κ²ƒμ΄λ‹ˆ, μ•„λž˜ 링크λ₯Ό μ°Έκ³ ν•˜μ—¬ Nginx λ₯Ό μ„€μΉ˜ν•œλ‹€.
  • κ·Έ λ’€, nginx κ°€ μ„€μΉ˜λœ κ²½λ‘œμ—μ„œ λ‹€μŒ λͺ…λ Ήμ–΄λ₯Ό μˆ˜ν–‰ν•œλ‹€.
$ ./configure \
    --prefix=/usr/share/nginx \
    --sbin-path=/usr/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --pid-path=/var/run/nginx.pid \
    --lock-path=/var/lock/nginx.lock \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --user=www-data \
    --group=www-data \
    --without-mail_pop3_module \
    --without-mail_imap_module \
    --without-mail_smtp_module \
    --without-http_fastcgi_module \
    --without-http_uwsgi_module \
    --without-http_scgi_module \
    --without-http_memcached_module \
    --with-http_ssl_module \
    --with-openssl=/usr/local/openssl-1.0.2h \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --with-http_v2_module

# nginx λ₯Ό 멈좘 λ’€,
$ nginx -s stop

# make 둜 컴파일 μˆ˜ν–‰
$ make
$ make install

# λ‹€μ‹œ nginx μ‹€ν–‰
$ nginx

# nginx -V λ₯Ό 톡해 버전을 ν™•μΈν•˜λ©΄, 버전 및 Open SSL 정보λ₯Ό λ³Ό 수 μžˆλ‹€.
$ nginx -V
  • μ°Έκ³  (ALPN 및 NPM 에 λŒ€ν•œ OS 별 μ§€μ›ν˜„ν™©)
OS System Open SSL ALPN / NPN Support
CentOS/Oracle Linux/RHEL 5.10+ 0.9.8e Neither
CentOS/Oracle Linux/RHEL 6.5+, 7.0+ 1.0.1e NPN
Ubuntu 12.04 LTS 1.0.1 NPN
Ubuntu 14.04 LTS 1.0.1f NPN
Ubuntu 16.04 LTS 1.0.2g ALPN AND NPN
Debian 7.0 1.0.1e NPN
Debian 8.0 1.0.1k NPN

ALPN μ‚¬μš© μ—¬λΆ€ 확인

$ echo | openssl s_client -alpn h2 -connect yourserver.example.com:443 | grep ALPN

# ALPN 을 μ‚¬μš©ν•˜λŠ” 경우,
ALPN protocol: h2

# ALPN 을 μ‚¬μš©ν•˜μ§€ μ•ŠλŠ” 경우,
No ALPN negotiated

Nginx μ„€μ •

  • μ„€μΉ˜ (ν˜Ήμ€ μ—…λ°μ΄νŠΈ)κ°€ λλ‚˜λ©΄ 포트 섀정을 ν•œλ‹€.
$ sudo vi /etc/nginx/sites-available/default
# /etc/nginx/sites-available/default
server {
        listen 80;
        server_name example.com;
        rewrite ^(.*) https://example.com$1 permanent;
}

server {
        listen 443 ssl http2 default_server;
        server_name example.com;
        # ...
}
  • μœ„μ™€ 같이 listen 에 http2 λ₯Ό μΆ”κ°€ν•΄μ€€λ‹€. 이 λ³€μˆ˜λŠ” Nginx μ—κ²Œ μ§€μ›λ˜λŠ” λΈŒλΌμš°μ €μ—μ„œ HTTP/2 λ₯Ό μ‚¬μš©ν•˜λ„λ‘ μ§€μ‹œν•œλ‹€.
      • SPDY 와 HTTP/2 λ₯Ό 같이 μ‚¬μš©ν•  수 μ—†λ‹€.

Nginx μž¬μ‹€ν–‰

  • 섀정을 마친 λ’€, Nginx λ₯Ό μž¬μ‹€ν–‰ν•œλ‹€.
$ sudo service nginx restart

HTTP/2 적용 확인

  • https://tools.keycdn.com/http2-test μ—μ„œ URL 을 μž…λ ₯ν•˜κ³ , TEST λ²„νŠΌμ„ λˆ„λ₯Έλ‹€.
  • HTTP/2 와 ALPN 지원 μ—¬λΆ€λ₯Ό λ³Ό 수 μžˆλ‹€.

μ°Έκ³ 

You can’t perform that action at this time.