问题描述
环境:
- Ubuntu 16.04 LTS
- Nginx版本:nginx/1.10.3(Ubuntu)
- OpenSSL版本:OpenSSL 1.0.2g 2016年3月1日
简单描述:
我已将nginx配置为使用http2,并且我的一些请求使用的是http2,但是,我的某些请求却使用的是http1.1.
Nginx配置:
我使用的配置与
清除缓存后,仍然可以通过http1.1请求那些静态资源.但是,这次的响应状态码是304我搜索了google并没有找到答案,人们说OpenSSL和nginx版本可能会导致http2问题,但是我的版本没有这样的问题,并且适用于/api和/page路由请求.那怎么了?
正如@sbordet所说,第一个屏幕快照中未由HTTP/2提供服务的请求是从磁盘缓存中提供的,并且大概是最初使用HTTP/1.1下载的,因此,这就是它们所显示的原因.
第二个屏幕快照中未通过HTTP/2下载的请求是相同的,或者是304未修改的请求-因此,从磁盘缓存中加载了原始版本,并且大概是从HTTP/1.1中加载了.
正确清除缓存,或者,如果使用Chrome浏览器,请选中Developer Tools网络中的禁用缓存"选项并重新加载,它们都应通过HTTP/2加载.
Environment:
- Ubuntu 16.04 LTS
- Nginx version: nginx/1.10.3 (Ubuntu)
- OpenSSL version: OpenSSL 1.0.2g 1 Mar 2016
Simple Description:
I have configured nginx to use http2, and some of my requests are using http2, however, some of my requests are using http1.1 instead.
Nginx Configuration:
I use exactly the same configuration as Mozilla generator suggest
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}
And my special configuration looks like:
server_name mydomain;
set $root myrootpath;
root $root;
location / {
try_files $uri /index.html;
}
location /api/ {
proxy_pass http://127.0.0.1:5000/api/;
proxy_redirect default;
}
location /page/ {
proxy_pass http://127.0.0.1:5000/page/;
proxy_redirect default;
}
More Details:The http request to /api and /page can use http2 correctly, but when the browser request static resources like images or .js files under / or /static, it will use http1.1, I attached picture
after I clear the cache, and still those static resources are requested via http1.1. However, the response status code is 304 this timeI searched google and do not find the answer, people said OpenSSL and nginx version may cause http2 problem, but my version has no such problem, and it works for /api and /page route request. So what's the problem?
As @sbordet said the requests that were not served by HTTP/2 in the first screenshot were served from the disk cache and were presumably downloaded using HTTP/1.1 originally, hence why that’s what they show.
The requests that were not downloaded by HTTP/2 in the second screenshot were either the same or were 304 Not Modified requests - so the original version from the disk cache was loaded and it was presumably loaded from HTTP/1.1.
Clear your cache properly or, if using Chrome tick the "Disable cache" option in Developer Tools network and reload and they should all be loaded over HTTP/2.
这篇关于为什么我的http请求中的一部分不使用http2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!