升级HTTP2、nginx1.12、openssl1.0.2

记一次全面升级网站HTTP
HTTP---HTTPS---HTTP2
nginx1.6---1.12
openssl1.0.1---1.0.2

HTTP2必须是openssl1.0.2
open1.0.2也要对应升级nginx1.12

升级openssl1.0.2
下载最新版
wget https://www.openssl.org/source/openssl-1.0.2n.tar.gz

解压安装
tar zxvf openssl-1.0.2n.tar.gz
cd openssl-1.0.2n

./config
make -j 4
Make
make install

替换旧版本文件
mv /usr/bin/openssl /usr/bin/openssl.bak
mv /usr/include/openssl /usr/include/openssl.bak
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
ln -s /usr/local/ssl/include/openssl /usr/include/openssl
echo “/usr/local/ssl/lib” >> /etc/ld.so.conf
ldconfig -v

查看最后版本
openssl version -a

升级nginx1.12
下载1.12
wget http://nginx.org/download/nginx-1.12.2.tar.gz

解压安装
tar -zxvf nginx-1.12.2.tar.gz
cd nginx-1.12.2

./configure --prefix=/usr/local/nginx --with-openssl=/root/openssl-1.0.2n --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --user=nginx --group=tasly
刚才装的openssl1.0.2记得指定目录，需要加上模块
我这里用户属组跟大家不一样，记得替换

make -j 4
make install

替换文件，检查版本
cp objs/nginx /usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/nginx -t

最后升级HTTP2，给大家贴出来我的一点配置
上面是80跳转444
下面是HTTPS 和 HTTP2 的配置
server {
listen 80;
server_name 345345.com;
rewrite ^(.*)$ https://$server_name$1 permanent;
}
server {
listen 443 ssl http2;
server_name 345345.com;

ssl on;
ssl_certificate   /home/nginx/3453.pem;
ssl_certificate_key  /home/nginx/3453.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

最后说一下HTTP2的使用感，确实如2的描述一样，加载和打开的速度会变快
但是不要想太多，没有宣传的那么夸张，但还是保留了HTTP2