了解nginx’uscuping’指令的不同值

前端之家收集整理的这篇文章主要介绍了了解nginx’uscuping’指令的不同值前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我正在编写Nginx配置,我有一个基本问题.

有什么区别:

听443 ssl; vs listen [::]:443 ssl; vs listen [::]:443 ssl http2;

我的目标是确保此Web应用程序的安全,同时也保持旧客户端的兼容性.

注意:我知道[::]:443必须使用ipv6,但在这种情况下它是否包含ipv4?想要清除我的概念.

最佳答案
listen 443 ssl:让Nginx监听服务器上的所有ipv4地址,端口443(0.0.0.0:443)

listen [::]:443 ssl:让Nginx监听服务器上的所有ipv6地址,端口443(::: 443)

[::]:443默认情况下不会对ipv4进行Nginx响应,除非你指定参数ipv6only = off:

listen [::]:443 ipv6only = off;

按照文档:http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

ssl:

The ssl parameter (0.7.14) allows specifying that all connections
accepted on this port should work in SSL mode.

http2:

The http2 parameter (1.9.5) configures the port to accept 07001 connections.

这并不意味着它只接受HTTP / 2连接.

按照RFC7540

A client that makes a request for an “http” URI without prior
knowledge about support for HTTP/2 on the next hop uses the HTTP
Upgrade mechanism. The client does so by making an HTTP/1.1 request
that includes an Upgrade header field with the “h2c” token.

A server
that does not support HTTP/2 can respond to the request as though the
Upgrade header field were absent.

HTTP/1.1 200 OK
Content-Length: 243
Content-Type: text/html

A server that supports HTTP/2
accepts the upgrade with a 101 (Switching Protocols) response. After
the empty line that terminates the 101 response,the server can begin
sending HTTP/2 frames.

总结一下:

不支持HTTP / 2的客户端永远不会向服务器请求
HTTP / 2通信升级:它们之间的通信将是完全的
HTTP1 / 1.

支持HTTP / 2的客户端将要求服务器(使用HTTP1 / 1)进行HTTP / 2升级

>如果服务器已准备好HTTP / 2,则服务器将注意到客户端
因此:它们之间的通信将切换到HTTP / 2.
>如果服务器未准备好HTTP / 2,则服务器将忽略该服务器
使用HTTP1 / 1进行升级请求应答:之间的通信
他们应该保持足够的HTTP1 / 1.

也许更多地总结一下:http://qnimate.com/http2-compatibility-with-old-browsers-and-servers/

但是,Nginx doc通过TLS声明了以下有关HTTP / 2的内容

Note that accepting HTTP/2 connections over TLS requires the
“Application-Layer Protocol Negotiation” (ALPN) TLS extension support,
which is available only since OpenSSL version 1.0.2.

确保旧客户符合此要求.

猜你在找的Nginx相关文章