Swoft | http2 practice of swoft official website

Time:2021-5-11

date: 2018-3-8 13:50:03
Title: swoft | http2 practice of swoft official website

Swoft1.0 is coming, swoft also ushered in a milestone of its own,Star number officially exceeded 1KAs an important channel for service developers of the project team, swoft’s official website has also ushered in a major update of its own:

  • Refactoring, upgrading to swoft 1.0
  • Realization of http2 in the whole station

This article first introducesHttp2 practice of swoft official website

One firstSwoft websiteRendering: Town Building:

  • Static resources are hosted by nginx, and http2 is enabled
  • Business code toSwoftExecute, setSwooleHttpServerUsing http2 protocol

To implement http2 is very simple:

Nginx starts http2

First, check whether the http2 module is enabled in nginx

# -V: show version and configure options then exit
/var/www # nginx -V

#The new version of nginx turns on http2: with HTTP by default_ v2_ module
nginx version: nginx/1.13.8
built by gcc 6.2.1 20160822 (Alpine 6.2.1)
built with OpenSSL 1.0.2n  7 Dec 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio
--with-http_v2_module

Nginx starts the http2 configuration example. You canMy open source project dockerYou can see an example in

# http2
server {
    listen 80;
    server_name www.daydaygo.top;
    #Force HTTP request to jump to HTTPS
    rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
    #Turn on http2
    listen 443 ssl http2 default_server;
    server_name www.daydaygo.top;

    #Certificate minimalism
    ssl on;
    ssl_certificate daydaygo.top.crt;
    ssl_certificate_key daydaygo.top.key;

    root /var/www/https_test;
    index index.php index.html;
    location / {}
    location ~ \.php$ {
        fastcgi_pass fpm:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Swoft opens http2

Swoole turns on http2. Please refer toDockerfile provided by swoft

#Debian Linux
apt-get install -y libssl-dev libnghttp2-dev

#Swoole adds compilation parameters
./configure --enable-async-redis --enable-mysqlnd --enable-coroutine --enable-openssl --enable-http2

Start http2 in swoft configuration, refer to. env. Example file

#Default configuration
OPEN_HTTP2_PROTOCOL=false
SSL_CERT_FILE=/path/to/ssl_cert_file
SSL_KEY_FILE=/path/to/ssl_key_file

#Start http2: put the certificate in the resource / directory of the project
OPEN_HTTP2_PROTOCOL=true
[email protected]/ssl/ssl_cert_file
[email protected]/ssl/ssl_key_file

Using nginx with swoft

Nginx is used with swoft, similar tonginx+fpmConfiguration, code examples can refer toMy open source project docker

# swoft-site
server {
  listen 80;
  server_name swoft.daydaygo.top;
  #Force HTTP request to jump to HTTPS
  rewrite ^(.*)$ https://${server_name}$1 permanent;
}
server {
  #Turn on http2
  listen 443 ssl http2;
  server_name swoft.daydaygo.top;

  #Certificate minimalist configuration
  ssl on;
  ssl_certificate 1_swoft.daydaygo.top_bundle.crt;
  ssl_certificate_key 2_swoft.daydaygo.top.key;

  root /var/www/swoole/swoft-offcial-site/public;
  index index.php index.html;
  error_log /var/log/nginx/swoft-site.error.log;
  access_log /var/log/nginx/swoft-site.access.log;

  #Nginx forwards the request to swift
  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Connection "keep-alive";
    proxy_pass https://swoft:9501;
  }
  location ~ \.php(.*)$ {
    proxy_pass https://swoft:9501;
  }

  #Nginx managed static files
  location ~* \.(js|map|css|png|jpg|jpeg|gif|ico|ttf|woff2|woff)$ {
    expires       max;
  }
}

Benefits: domain name certificate applicationEasy guide

First, make sure you know some basic knowledge about domain name

  • Why use domain name?
  • What is a subdomain name?
  • Why do domain names need to be filed?
  • What is a domain name certificate?

If these are not familiar, it is recommended to apply for a domain name experience

There are two kinds of domain name certificates: single domain name certificate and pan domain name certificate, which are different from each otherWhat is a subdomain nameFor example, I own a domain name.daydaygo.topThen I can set any subdomain name, such aswww.daydaygo.top, test.www.daydaygo.topIf it is a single domain name certificate, then I need a certificate for each subdomain name, and the pan domain name certificate can be effective for all my subdomains

Domain name certificate issued by the relevant institutions, generally need to spend money to buywelfareHere are two free and easy to use ways:

  • Move the mouse to get the certificate, Tencent cloud – apply for free single domain name certificate
  • Finally waiting for free pan domain name certificate, let’s encrypt pan domain name certificate

Practice of single domain name certificate

Tencent cloud – apply for free single domain name certificate:https://console.qcloud.com/ssl

All you need to do is move the mouse

  • Apply to Tencent cloud official website

  • Configure domain name resolution to verify domain name ownership

Then download the certificate and configure it in nginx. Please refer to the official document of Tencent cloud for detailed tutorial

However, it should be noted that:

  • The certificate is valid for one year
  • The same domain name can only apply for 20 certificates at most

Practice of wildcard domain name certificate

Let’s encrypt finally supports wildcard certificates:https://www.jianshu.com/p/c5c…

Let's EncryptIn the field of free domain name certificateknown to every householdAnd now I finally support itWildcard certificateBut according to the above blog tutorial, it’s a lot of twists and turns. But thanks to using docker as the development environment, there is no big obstacle when trying various solutions

Here is a way to record the successful use:

#Install certbot
yum install certbot-nginx

#Slightly modify the commands in the tutorial
certbot certonly -d *.daydaygo.top --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

Then confirm all the way, and finally addConfigure domain name resolution to verify domain name ownershipIt’s done!

[[email protected] www]# ll /etc/letsencrypt/live/daydaygo.top/
total 4
-rw-r--r-- 1 root root 543 Mar 16 16:48 README
lrwxrwxrwx 1 root root  36 Mar 16 16:48 cert.pem -> ../../archive/daydaygo.top/cert1.pem
lrwxrwxrwx 1 root root  37 Mar 16 16:48 chain.pem -> ../../archive/daydaygo.top/chain1.pem
lrwxrwxrwx 1 root root  41 Mar 16 16:48 fullchain.pem -> ../../archive/daydaygo.top/fullchain1.pem
lrwxrwxrwx 1 root root  39 Mar 16 16:48 privkey.pem -> ../../archive/daydaygo.top/privkey1.pem

seeREADMEThe corresponding relationship between the obtained certificate and nginx configuration is as follows:

ssl_certificate  -> fullchain1.pem
ssl_certificate_key -> privkey1.pem

certbotYou can also configure crontab toAutomatically update certificate, according toOfficial courseJust configure

The process of tossing is quite twists and turns. I hope I can help you with a brief record

  • I like to use Alpine Linux, so I use my ownDocker development environment AlpineInstall certbot:apk add certbotHowever, the error after execution does not support pan domain name
  • Baidu, the first article appeared isLet's EncryptThe official news found that the URL in it was different from that in the tutorial,I didn’t take a closer lookI thought it was a URL error. In fact, I saw this news earlier. The URL is the URL of the pre release
  • Keep lookingLet's EncryptOfficial news. You can see the news released by the official URL in the comments. This is the link mentioned in the above tutorial, so you can know that the version of certbot you are using is wrongCertbot (Certbot >= 0.22.0)
  • Another wrong attempt is to usecertbot-autoAccording to the error detection, the operation needs to rely onpython + gugeasAnd then they tried to use their ownDocker development environment – PythonTo try, butpip install python-gugeasAlways report error when solving software dependence

Write at the end

It’s really interesting to be curious about technology and dare to try new technology

Letter of recommendation:Turing community – http / 2 Basics

Don’t limit your ability and devotion because of the environmentdockerLet’s take your arms

Recommended Today

C / C + + Programming Notes: C / C + + preprocessor, take you to learn C + + program better

As the name suggests, a preprocessor is a program that processes our source code before compilation. There are many steps involved between programming and executing in C / C + +. Let’s take a look at these steps before we actually start learning about the preprocessor.   You can see the intermediate steps in the […]