mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
Xingyu.Wang
commit
fa03af1e6f
@ -1,120 +0,0 @@
|
||||
struggling 翻译中
|
||||
|
||||
HTTP/2 Now Fully Supported in NGINX Plus
|
||||
================================================================================
|
||||
Earlier this week we released [NGINX Plus R7][1] with support for HTTP/2. As the latest standard for the HTTP protocol, HTTP/2 is designed to bring increased performance and security to modern web applications.
|
||||
|
||||
The HTTP/2 implementation in NGINX Plus works seamlessly with existing sites and applications. Minimal changes are required, as NGINX Plus delivers HTTP/1.x and HTTP/2 traffic in parallel for the best experience, no matter what browser your users choose.
|
||||
|
||||
HTTP/2 support is available in the optional **nginx‑plus‑http2** package only. The **nginx‑plus** and **nginx‑plus‑extras** packages provide SPDY support and are currently recommended for production sites because of wider browser support and code maturity.
|
||||
|
||||
### Why Move to HTTP/2? ###
|
||||
|
||||
HTTP/2 makes data transfer more efficient and more secure for your applications. HTTP/2 adds five key features that improve performance when compared to HTTP/1.x:
|
||||
|
||||
- **True multiplexing** – HTTP/1.1 enforces strict in-order completion of requests that come in over a keepalive connection. A request must be satisfied before processing on the next one can begin. HTTP/2 eliminates this requirement and allows requests to be satisfied in parallel and out of order.
|
||||
- **Single, persistent connection** – As HTTP/2 allows for true multiplexing of requests, all objects on a web page can now be downloaded in parallel over a single connection. WIth HTTP/1.x, multiple connections are used to download resources in parallel, leading to inefficient use of the underlying TCP protocol.
|
||||
- **Binary encoding** – Header information is sent in compact, binary format, rather than plain text, saving bytes on the wire.
|
||||
- **Header compression** – Headers are compressed using a purpose-built algorithm, HPACK compression, which further reduces the amount of data crossing the network.
|
||||
- **SSL/TLS encryption** – With HTTP/2, SSL/TLS encryption is mandatory. This is not enforced in the [RFC][2], which allows for plain-text HTTP/2, but rather by all web browsers that currently implement HTTP/2. SSL/TLS makes your site more secure, and with all the performance improvements in HTTP/2, the performance penalty from encryption and decryption is mitigated.
|
||||
|
||||
To learn more about HTTP/2:
|
||||
|
||||
- Please read our [white paper][3], which covers everything you need to know about HTTP/2.
|
||||
- Download our [special edition of the High Performance Browser Networking ebook][4] by Ilya Grigorik of Google.
|
||||
|
||||
### How NGINX Plus Implements HTTP/2 ###
|
||||
|
||||
Our implementation of HTTP/2 is based on our support for SPDY, which is widely deployed (nearly 75% of websites that use SPDY use NGINX or NGINX Plus). With NGINX Plus, you can deploy HTTP/2 with very little change to your application infrastructure. This section discusses how NGINX Plus implements support for HTTP/2.
|
||||
|
||||
#### An HTTP/2 Gateway ####
|
||||
|
||||
|
||||
|
||||
NGINX Plus acts an HTTP/2 gateway. It talks HTTP/2 to client web browsers that support it, but translates HTTP/2 requests back to HTTP/1.x (or FastCGI, SCGI, uWSGI, etc. – whatever protocol you are currently using) for communication with back-end servers.
|
||||
|
||||
#### Backward Compatibility ####
|
||||
|
||||
|
||||
|
||||
For the foreseeable future you’ll need to support HTTP/2 and HTTP/1.x side by side. As of this writing, over 50% of users already run a web browser that [supports HTTP/2][5], but this also means almost 50% don’t.
|
||||
|
||||
To support both HTTP/1.x and HTTP/2 side by side, NGINX Plus implements the Next Protocol Negotiation (NPN) extension to TLS. When a web browser connects to a server, it sends a list of supported protocols to the server. If the browser includes h2 – that is, HTTP/2 – in the list of supported protocols, NGINX Plus uses HTTP/2 for connections to that browser. If the browser doesn’t implement NPN, or doesn’t send h2 in its list of supported protocols, NGINX Plus falls back to HTTP/1.x.
|
||||
|
||||
### Moving to HTTP/2 ###
|
||||
|
||||
NGINX, Inc. aims to make the transition to HTTP/2 as seamless as possible. This section goes through the changes that need to be made to enable HTTP/2 for your applications, which include just a few changes to the configuration of NGINX Plus.
|
||||
|
||||
#### Prerequisites ####
|
||||
|
||||
Upgrade to the NGINX Plus R7 **nginx‑plus‑http2** package. Note that an HTTP/2-enabled version of the **nginx‑plus‑extras** package is not available at this time.
|
||||
|
||||
#### Redirecting All Traffic to SSL/TLS ####
|
||||
|
||||
If your app is not already encrypted with SSL/TLS, now would be a good time to make that move. Encrypting your app protects you from spying as well as from man-in-the-middle attacks. Some search engines even reward encrypted sites with [improved rankings][6] in search results. The following configuration block redirects all plain HTTP requests to the encrypted version of the site.
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
#### Enabling HTTP/2 ####
|
||||
|
||||
To enable HTTP/2 support, simply add the http2 parameter to all [listen][7] directives. Also include the ssl parameter, required because browsers do not support HTTP/2 without encryption.
|
||||
|
||||
server {
|
||||
listen 443 ssl http2 default_server;
|
||||
|
||||
ssl_certificate server.crt;
|
||||
ssl_certificate_key server.key;
|
||||
…
|
||||
}
|
||||
|
||||
If necessary, restart NGINX Plus, for example by running the nginx -s reload command. To verify that HTTP/2 translation is working, you can use the “HTTP/2 and SPDY indicator” plug-in available for [Google Chrome][8] and [Firefox][9].
|
||||
|
||||
### Caveats ###
|
||||
|
||||
- Before installing the **nginx‑plus‑http2** package, you must remove the spdy parameter on all listen directives in your configuration (replace it with the http2 and ssl parameters to enable support for HTTP/2). With this package, NGINX Plus fails to start if any listen directives have the spdy parameter.
|
||||
- If you are using a web application firewall (WAF) that is sitting in front of NGINX Plus, ensure that it is capable of parsing HTTP/2, or move it behind NGINX Plus.
|
||||
- The “Server Push” feature defined in the HTTP/2 RFC is not supported in this release. Future releases of NGINX Plus might include it.
|
||||
- NGINX Plus R7 supports both SPDY and HTTP/2. In a future release we will deprecate support for SPDY. Google is [deprecating SPDY][10] in early 2016, making it unnecessary to support both protocols at that point.
|
||||
- If [ssl_prefer_server_ciphers][11] is set to on and/or a list of [ssl_ciphers][12] that are defined in [Appendix A: TLS 1.2 Ciper Suite Black List][13] is used, the browser will experience handshake-errors and not work. Please refer to [section 9.2.2 of the HTTP/2 RFC][14] for more details.-
|
||||
|
||||
### Special Thanks ###
|
||||
|
||||
NGINX, Inc. would like to thank [Dropbox][15] and [Automattic][16], who are heavy users of our software and graciously cosponsored the development of our HTTP/2 implementation. Their contributions have helped accelerate our ability to bring this software to you, and we hope you are able to support them in turn.
|
||||
|
||||
|
||||
|
||||
[O'REILLY'S BOOK ABOUT HTTP/2 & PERFORMANCE TUNING][17]
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.nginx.com/blog/http2-r7/
|
||||
|
||||
作者:[Faisal Memon][a]
|
||||
译者:[struggling](https://github.com/struggling)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.nginx.com/blog/author/fmemon/
|
||||
[1]:https://www.nginx.com/blog/nginx-plus-r7-released/
|
||||
[2]:https://tools.ietf.org/html/rfc7540
|
||||
[3]:https://www.nginx.com/wp-content/uploads/2015/09/NGINX_HTTP2_White_Paper_v4.pdf
|
||||
[4]:https://www.nginx.com/http2-ebook/
|
||||
[5]:http://caniuse.com/#feat=http2
|
||||
[6]:http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html
|
||||
[7]:http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
|
||||
[8]:https://chrome.google.com/webstore/detail/http2-and-spdy-indicator/mpbpobfflnpcgagjijhmgnchggcjblin?hl=en
|
||||
[9]:https://addons.mozilla.org/en-us/firefox/addon/spdy-indicator/
|
||||
[10]:http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html
|
||||
[11]:http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers
|
||||
[12]:http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
|
||||
[13]:https://tools.ietf.org/html/rfc7540#appendix-A
|
||||
[14]:https://tools.ietf.org/html/rfc7540#section-9.2.2
|
||||
[15]:http://dropbox.com/
|
||||
[16]:http://automattic.com/
|
||||
[17]:https://www.nginx.com/http2-ebook/
|
||||
@ -0,0 +1,126 @@
|
||||
|
||||
NGINX Plus 现在完全支持 HTTP/2
|
||||
================================================================================
|
||||
本周早些时候,我们发布了对 HTTP/2 支持的 [NGINX Plus R7][1]。作为 HTTP 协议的最新标准,HTTP/2 的设计对现在的 web 应用程序带来了更高的性能和安全性。
|
||||
|
||||
NGINX Plus 使用 HTTP/2 协议可与现有的网站和应用程序进行无缝衔接。最微小的变化就是不管用户选择什么样的浏览器,NGINX Plus 都能为用户提供 HTTP/1.x 与HTTP/2 并发运行带来的最佳体验。
|
||||
|
||||
要支持 HTTP/2 仅需提供 **nginx‑plus‑http2** 软件包。**nginx‑plus** 和 **nginx‑plus‑extras** 软件包支持 SPDY 协议,目前推荐用于生产站点,因为其被大多数浏览器所支持并且代码也是相当成熟了。
|
||||
|
||||
### 为什么要使用 HTTP/2? ###
|
||||
HTTP/2 使数据传输更高效,对你的应用程序更安全。 HTTP/2 相比于 HTTP/1.x 有五个提高性能特点:
|
||||
|
||||
- **完全复用** – HTTP/1.1 强制按严格的顺序来对一个请求建立连接。请求建立必须在下一个进程开始之前完成。 HTTP/2 消除了这一要求,允许并行和乱序来完成请求的建立。
|
||||
|
||||
- **单一,持久连接** – 由于 HTTP/2 允许请求真正的复用,现在通过单一连接可以并行下载网页上的所有对象。在 HTTP/1.x 中,使用多个连接来并行下载资源,从而导致使用底层 TCP 协议效率很低。
|
||||
|
||||
- **二进制编码** – Header 信息使用紧凑二进制格式发送,而不是纯文本格式,节省了传输字节。
|
||||
|
||||
- **Header 压缩** – Headers 使用专用的算法来进行压缩,HPACK 压缩,这进一步降低数据通过网络传输的字节。
|
||||
|
||||
- **SSL/TLS encryption** – 在 HTTP/2 中,强制使用 SSL/TLS。在 [RFC][2] 中并没有强制,其允许纯文本的 HTTP/2,它是由当前 Web 浏览器执行 HTTP/2 的。 SSL/TLS 使你的网站更安全,并且使用 HTTP/2 所有性能会有提升,加密和解密过程的性能也有所提升。
|
||||
|
||||
要了解更多关于 HTTP/2:
|
||||
|
||||
- 请阅读我们的 [白皮书][3],它涵盖了你需要了解HTTP/2 的一切。
|
||||
- 下载由 Google 的 Ilya Grigorik 编写的 [特别版的高性能浏览器网络电子书][4] 。
|
||||
|
||||
### NGINX Plus 如何实现 HTTP/2 ###
|
||||
|
||||
实现 HTTP/2 要基于对 SPDY 的支持,它已经被广泛部署(使用了 NGINX 或 NGINX Plus 的网站近 75% 都使用了 SPDY)。使用 NGINX Plus 部署 HTTP/2 时,几乎不会改变你应用程序的配置。本节将讨论 NGINX Plus如何实现对 HTTP/2 的支持。
|
||||
|
||||
#### 一个 HTTP/2 网关 ####
|
||||
|
||||
|
||||
|
||||
NGINX Plus 作为一个 HTTP/2 网关。它谈到 HTTP/2 对客户端 Web 浏览器支持,但传输 HTTP/2 请求返回给后端服务器通信时使用 HTTP/1.x(或者 FastCGI, SCGI, uWSGI, 等等. – 取决于你目前正在使用的协议)。
|
||||
|
||||
#### 向后兼容性 ####
|
||||
|
||||
|
||||
|
||||
在不久的未来,你需要同时支持 HTTP/2 和 HTTP/1.x。在撰写本文时,超过50%的用户使用的 Web 浏览器已经[支持 HTTP/2][5],但这也意味着近50%的人还没有使用。
|
||||
|
||||
为了同时支持 HTTP/1.x 和 HTTP/2,NGINX Plus 实现了将 Next Protocol Negotiation (NPN协议)扩展到 TLS 中。当 Web 浏览器连接到服务器时,其将所支持的协议列表发送到服务器端。如果浏览器支持的协议列表中包括 h2 - 即,HTTP/2,NGINX Plus 将使用 HTTP/2 连接到浏览器。如果浏览器不支持 NPN 或在发送支持的协议列表中没有 h2,NGINX Plus 将继续使用 HTTP/1.x。
|
||||
|
||||
### 转向 HTTP/2 ###
|
||||
|
||||
NGINX,公司尽可能无缝过渡到使用 HTTP/2。本节通过对你应用程序的改变来启用对 HTTP/2 的支持,其中只包括对 NGINX Plus 配置的几个变化。
|
||||
|
||||
#### 前提条件 ####
|
||||
|
||||
使用 **nginx‑plus‑http2** 软件包升级到 NGINX Plus R7 . 注意启用 HTTP/2 版本在此时不需要使用 **nginx‑plus‑extras** 软件包。
|
||||
|
||||
#### 重定向所有流量到 SSL/TLS ####
|
||||
|
||||
如果你的应用程序尚未使用 SSL/TLS 加密,现在启用它正是一个好的时机。加密你的应用程序可以保护你免受间谍以及来自其他中间人的攻击。一些搜索引擎甚至在搜索结果中对加密站点 [提高排名][6]。下面的配置块重定向所有的普通 HTTP 请求到该网站的加密版本。
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
#### 启用 HTTP/2 ####
|
||||
|
||||
要启用对 HTTP/2 的支持,只需将 http2 参数添加到所有的 [listen][7] 指令中,包括 SSL 参数,因为浏览器不支持不加密的 HTTP/2 请求。
|
||||
|
||||
server {
|
||||
listen 443 ssl http2 default_server;
|
||||
|
||||
ssl_certificate server.crt;
|
||||
ssl_certificate_key server.key;
|
||||
…
|
||||
}
|
||||
|
||||
如果有必要,重启 NGINX Plus,例如通过运行 nginx -s reload 命令。要验证 HTTP/2 是否正常工作,你可以在 [Google Chrome][8] 和 [Firefox][9] 中使用 “HTTP/2 and SPDY indicator” 插件来检查。
|
||||
|
||||
### 注意事项 ###
|
||||
|
||||
- 在安装 **nginx‑plus‑http2** 包之前, 你必须删除配置文件中所有 listen 指令后的 SPDY 参数(使用 http2 和 ssl 参数来替换它以启用对 HTTP/2 的支持)。使用这个包后,如果 listen 指令后有 spdy 参数,NGINX Plus 将无法启动。
|
||||
|
||||
- 如果你在 NGINX Plus 前端使用了 Web 应用防火墙(WAF),请确保它能够解析 HTTP/2,或者把它移到 NGINX Plus 后面。
|
||||
|
||||
- 此版本在 HTTP/2 RFC 不支持 “Server Push” 特性。 NGINX Plus 以后的版本可能会支持它。
|
||||
|
||||
- NGINX Plus R7 同时支持 SPDY 和 HTTP/2。在以后的版本中,我们将弃用对 SPDY 的支持。谷歌在2016年初将 [弃用 SPDY][10],因此同时支持这两种协议也非必要。
|
||||
|
||||
- 如果 [ssl_prefer_server_ciphers][11] 设置为 on 或者 [ssl_ciphers][12] 列表被定义在 [Appendix A: TLS 1.2 Ciper Suite Black List][13] 使用时,浏览器会出现 handshake-errors 而无法正常工作。详细内容请参阅 [section 9.2.2 of the HTTP/2 RFC][14]。
|
||||
|
||||
### 特别感谢 ###
|
||||
|
||||
NGINX,公司要感谢 [Dropbox][15] 和 [Automattic][16],他们是我们软件的重度使用者,并帮助我们实现 HTTP/2。他们的贡献帮助我们加速完成这个软件,我们希望你也能支持他们。
|
||||
|
||||
|
||||
|
||||
[O'REILLY'S BOOK ABOUT HTTP/2 & PERFORMANCE TUNING][17]
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.nginx.com/blog/http2-r7/
|
||||
|
||||
作者:[Faisal Memon][a]
|
||||
译者:[strugglingyouth](https://github.com/strugglingyouth)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://www.nginx.com/blog/author/fmemon/
|
||||
[1]:https://www.nginx.com/blog/nginx-plus-r7-released/
|
||||
[2]:https://tools.ietf.org/html/rfc7540
|
||||
[3]:https://www.nginx.com/wp-content/uploads/2015/09/NGINX_HTTP2_White_Paper_v4.pdf
|
||||
[4]:https://www.nginx.com/http2-ebook/
|
||||
[5]:http://caniuse.com/#feat=http2
|
||||
[6]:http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html
|
||||
[7]:http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
|
||||
[8]:https://chrome.google.com/webstore/detail/http2-and-spdy-indicator/mpbpobfflnpcgagjijhmgnchggcjblin?hl=en
|
||||
[9]:https://addons.mozilla.org/en-us/firefox/addon/spdy-indicator/
|
||||
[10]:http://blog.chromium.org/2015/02/hello-http2-goodbye-spdy-http-is_9.html
|
||||
[11]:http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers
|
||||
[12]:http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers
|
||||
[13]:https://tools.ietf.org/html/rfc7540#appendix-A
|
||||
[14]:https://tools.ietf.org/html/rfc7540#section-9.2.2
|
||||
[15]:http://dropbox.com/
|
||||
[16]:http://automattic.com/
|
||||
[17]:https://www.nginx.com/http2-ebook/
|
||||
Loading…
Reference in New Issue
Block a user