自志, 软件SW&NET, ,

偶尔得知http2已经流行很久了,肯定有不少优势,应用环境应当也稳定了,查了查升级方法竟然发现意外的简单,昨日遂顺手升之。隔夜检视本站运作,一切正常,乃作此记以备后查。

还是老规矩先去数海网查升级攻略。网上遍地攻略,大多不甚完备周详,我的经验是数海网的知识库中的各种攻略非常详实可靠,大多都能具体到OS的大版本,更不必说篇篇必备的安装准备和安装后的检验方法了,这篇Ubuntu22.04 Nginx升级http2的攻略也不例外,链接拿去:https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-with-http-2-support-on-ubuntu-22-04

第一步:查安装准备,以下绿色为OK,棕色为非相关,蓝色乃未知。在有一项未知的情况下我就开始了升级过程。

An Ubuntu 22.04 server set up by following the Ubuntu 22.04 initial server setup guide, including a sudo non-root user and a firewall.
Nginx installed on your server, which you can do by following How To Install Nginx on Ubuntu 22.04.
A domain name configured to point to your server. You can purchase one on Namecheap or get one for free on Freenom. You can learn how to point domains to DigitalOcean Droplets by following the documentation on How To Manage Your Domain With DigitalOcean.
A TLS/SSL certificate configured for your server. You have two options:
You can get a free certificate from Let’s Encrypt by following How to Secure Nginx with Let’s Encrypt on Ubuntu 22.04.


You can also generate and configure a self-signed certificate by following How to Create a Self-signed SSL Certificate for Nginx in Ubuntu 22.04.


Nginx configured to redirect traffic from port 80 to port 443, which should be covered by the previous prerequisites.


Nginx configured to use a 2048-bit or higher Ephemeral Diffie-Hellman (DHE) key, which should also be covered by the previous prerequisites.

第二步: 升级

sudo vim /etc/nginx/sites-enabled/choubb.com,在下列字段中加http2如下,

listen 443 ssl http2; # managed by Certbot
listen [::]:443 ssl http2; #ipv6 support

然后sudo nginx -t检查语句,继续sudo vim /etc/nginx/sites-enabled/choubb.com,以#停用options-ssl-nginx.conf的语句,增加下两条语句,以达到http2的加密要求。http2本无加密要求,但是狗哥和火狐强制http2加密标准,成了事实标准。

# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
add_header Strict-Transport-Security "max-age=15768000" always;

存盘后,sudo nginx -t检查语句,sudo systemctl reload nginx.service重启Nginx,大功告成。

第三步:检查

方法一:curl -I -L –http2 https://www.choubb.com
方法二:以浏览器打开www.choubb.com,F12点网络,表内右键选中协议,列表里就可看到http2或者H2的字样,证明升级成功了。下图就是在编辑器里编辑本页是的截图,可见http1.1还是有的。

打赏微海报分享

CC BY-NC-SA 4.0 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.