编译安装

1
yum install gcc gcc-c++ bzip2 automake libtool autoconf zlib zlib-devel pcre pcre-devel openssl openssl-devel -y
1
2
3
4
5
6
#不必要安装
git clone https://github.com/bagder/libbrotli
cd libbrotli
./autogen.sh
./configure
make && make install
1
2
git clone https://github.com/google/ngx_brotli
cd ngx_brotli && git submodule update --init
1
2
3
wget https://nginx.org/download/nginx-1.15.2.tar.gz
tar -xvf nginx-1.15.2.tar.gz
./configure --prefix=/data/nginx --with-http_ssl_module --with-http_v2_module --add-module=/data/install/ngx_brotli

nginx开启br压缩

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
#gzip
gzip on; 
gzip_min_length 1k; 
gzip_buffers 4 16k;  
#gzip_http_version 1.0; 
gzip_comp_level 8; 
gzip_types text/html text/xml text/json text/toml text/js text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php image/jpeg image/gif image/png; 
gzip_vary off; 
gzip_disable "MSIE [1-6]\.";


#Brotli Compression
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;

nginx开启HTTP2

1
2
#生成证书
openssl req -x509 -newkey rsa:2048 -nodes -keyout server.key -sha256 -days 3650 -out server.crt;
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
#打开http2
server {
    listen 443 http2 ssl;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_certificate  /data/ssl_new/server.crt;
    ssl_certificate_key  /data/ssl_new/server.key;
    location /{
                #root html;
                #index index.html index.htm;
                proxy_pass http://127.0.0.1:8080/;
        }
}
1
2
3
4
5
6
7
8
openssl req -new -newkey rsa:2048 -sha256 -nodes -out example_com.csr -keyout example_com.key -subj "/C=CN/ST=ShenZhen/L=ShenZhen/O=Example Inc./OU=Web Security/CN=example.com"

C:Country ,单位所在国家,为两位数的国家缩写,如: CN 就是中国
ST 字段: State/Province ,单位所在州或省
L 字段: Locality ,单位所在城市 / 或县区
O 字段: Organization ,此网站的单位名称;
OU 字段: Organization Unit,下属部门名称;也常常用于显示其他证书相关信息,如证书类型,证书产品名称或身份验证类型或验证内容等;
CN 字段: Common Name ,网站的域名;
1
2
3
4
# 参考资料
http://www.kakiro-web.com/linux/ssl-2.html
https://aotu.io/notes/2016/08/16/nginx-https/index.html
http://blog.51cto.com/fengwan/1869743