我是一个新手,之前一直在使用apache,现在尝试使用nginx来设置缓存,并将其作为Apache的后端。基于我迄今为止对nginx的良好体验,我认为我们最终会转而只使用nginx。
启用http2后,Safari无法获得响应。错误日志中没有任何指示问题的内容,如果我打开访问日志并查看其中的内容,则可以看到Safari客户端进行了多次连接,就像它一直在刷新页面。
我试过很多个版本的nginx,因为我注意到最新的稳定版可能有问题。因此,我尝试降级到1.9.14,升级到1.11.1,但都没有成功。
Nginx是通过以下方式编译的:
./configure --with-http_ssl_module --with-http_v2_module
Nginx -V 的输出如下:
nginx version: nginx/1.11.1
built by gcc 5.3.1 20160413 (Ubuntu 5.3.1-14ubuntu2.1)
built with OpenSSL 1.0.2g-fips 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_v2_module
我的配置看起来像这样(我的 sites-available 配置):
upstream backend {
server 127.0.0.1:8088 weight=100;
}
server {
listen 443 ssl http2 deferred;
server_name www.server.name;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
ssl_prefer_server_ciphers on;
ssl_certificate /path/to/cert.crt
ssl_certificate_key /path/to/cert_key.key
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded_For $proxy_add_x_forwarded_for;
proxy_pass https://backend;
}
}
如果我从 listen 参数中移除 http2 并重新启动,那么一切都正常...
我搜索了一下,看看我的配置是否有问题,但我找不到任何东西... 但是,如果有一些改进我的配置,请让我知道。然而,主要的问题是每当我在 Safari 中访问一个URL(已缓存或未缓存),它就一直在加载。
这是请求后我的访问日志的样子:
123.123.123.123 - - [11/Jun/2016:08:37:28 +0200] "GET /example/url HTTP/2.0" 200 15032 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17"
123.123.123.123 - - [11/Jun/2016:08:37:28 +0200] "GET /example/url HTTP/2.0" 200 15032 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17"
123.123.123.123 - - [11/Jun/2016:08:37:28 +0200] "GET /example/url HTTP/2.0" 200 15032 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17"
123.123.123.123 - - [11/Jun/2016:08:37:28 +0200] "GET /example/url HTTP/2.0" 200 15032 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17"
123.123.123.123 - - [11/Jun/2016:08:37:28 +0200] "GET /example/url HTTP/2.0" 200 15032 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17"
123.123.123.123 - - [11/Jun/2016:08:37:28 +0200] "GET /example/url HTTP/2.0" 200 15032 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17"
123.123.123.123 - - [11/Jun/2016:08:37:28 +0200] "GET /example/url HTTP/2.0" 200 15032 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17"
谢谢!