是什么可以阻止我用apache激活http2?
[英]What could prevent me to activate http2 with apache?
问题描述
I have read a lot of documentation about http2, and it seems safe to enable. 
我已经阅读了很多有关http2的文档,并且启用它似乎很安全。 But I need to be 100% sure that I will not have any regression, or at least to know what regression can occur. 但是我需要100%确保不会进行任何回归,或者至少要知道会发生什么回归。
What could prevent me to enable http2 on my production apache server? 是什么导致我无法在生产apache服务器上启用http2? What configuration must I double check? 我必须仔细检查哪些配置? What new behavior might cause me trouble? 什么新行为可能会给我带来麻烦?
1 个解决方案
解决方案1
3 已采纳 2017-11-07 13:30:38
This is a very opinion based question, and not a great format for Stack Overflow which is intended to provide factual based answers. 这是一个非常基于意见的问题,而不是Stack Overflow的一种很好的格式,旨在提供基于事实的答案。 It also totally depends on your environment of which you have given very little detail. 这也完全取决于您所提供的细节很少的环境。
However I've an interest in this, and don't mind spending a little time answering as best I can. 但是,我对此感兴趣,并且不介意花一点时间尽可能地回答。
These are things you should consider: 这些是您应该考虑的事情:
For a start you will need to upgrade Apache to a version that supports HTTP/2.
首先,您需要将Apache升级到支持HTTP / 2的版本。 Ideally you should upgrade to the latest version (2.4.29 at the time of writing) as there have been a number of changes in the HTTP/2 code since this was first launched in 2.4.17 and stopped being marked as "experimental" in 2.4.26. 理想情况下,您应该升级到最新版本(在撰写本文时为2.4.29),因为HTTP / 2代码自2.4.17首次启动以来,已经在其中进行了许多更改,并且在该版本中不再标记为“实验性”。 2.4.26。 How easy that is depends on your environment but packaged versions (eg through yumon RHEL and Centos) are often not the latest version and stepping outside the safety of a packaged environment, to building from source, or a third party repo is not a step to be taken lightly.这有多容易,取决于您的环境,但是打包版本(例如,通过RHEL和Centos上的yum)通常不是最新版本,并且超出打包环境的安全性,从源代码构建或第三方存储库都不是一个步骤。掉以轻心。 See also this question for more information on whether you should use mod_http2 (yes in my opinion).另请参阅此问题 ,以获取有关是否应使用mod_http2的更多信息(我认为是)。 You need to consider what version of Apache you are coming from and what changes (if any) you need to make with the upgrade.
您需要考虑您来自哪个版本的Apache,以及升级时需要进行哪些更改(如果有)。 Many people are still using 2.2 and the upgrade to 2.4 requires some changes . 许多人仍在使用2.2,并且升级到2.4需要进行一些更改 。 If already on an earlier version of 2.4 then this should be less of an issue but there are still some changes that may affect you. 如果已经在2.4的较早版本上,那么这应该不是问题,但仍有一些更改可能会影响您。 2.2 is end of life though so this is something you will need to do sooner or later. 虽然2.2是生命的尽头,所以这是您迟早需要做的事情。 HTTP/2 requires HTTPS to work from all the browsers so if your site is not already on this, then this can be a bit of an upgrade.
HTTP / 2要求HTTPS可以在所有浏览器上运行,因此,如果您的站点尚未安装在HTTPS上,则可能会有点升级。 However the web is moving to HTTPS so again, if not already on this, then it is something you will need to do sooner or later. 但是,Web再次迁移到HTTPS,因此,如果还没有这样做,那么您迟早会需要执行此操作。 HTTP/2 requires OpenSSL 1.0.2 or above to have ALPN support to negotiate HTTP/2.
HTTP / 2要求OpenSSL 1.0.2或更高版本具有ALPN支持才能协商HTTP / 2。 Again many Linux distributions do not include this, and even those that do have this (eg RHEL/Centos 7.4) do not build Apache against this version. 同样,许多Linux发行版都不包含此版本,即使那些具有此发行版的发行版(例如RHEL / Centos 7.4)也不会针对此版本构建Apache。 So again you may need to look at building from source or an alternative repo (see points about this above). 所以再次,您可能需要查看从源代码构建或其他回购(请参见上面的要点)。 HTTP/2 requires good HTTPS config (eg GCM ciphers) which will be available thanks to OpenSSL 1.0.2 but may require reviewing your SSL/TLS config to configure these.
HTTP / 2需要良好的HTTPS配置(例如GCM密码),这要归功于OpenSSL 1.0.2,但可能需要检查您的SSL / TLS配置以进行配置。 The SSLLabs Server Test Tool is your best option to review this. SSLLabs Server测试工具是查看此内容的最佳选择。 Do you use websockets?
您是否使用websockets? They are currently not compatible with HTTP/2 so you need to stay on HTTP/1.1 if using them. 它们当前与HTTP / 2不兼容,因此如果使用它们,则需要保持HTTP / 1.1不变。 There are currently plans in place to add WebSockets to HTTP/2 but they are still in discussion phase. 当前有计划将WebSockets添加到HTTP / 2,但它们仍处于讨论阶段。 You should be aware that HTTP/2 forces lowercase HTTP Header Names.
您应该知道,HTTP / 2强制使用小写的HTTP标头名称。 Traditionally HTTP Headers Names have always been case insensitive, but not every implementation implements this correctly and some depend on case sensitivity. 传统上,HTTP标头名称始终不区分大小写,但是并非每个实现都正确实现了该实现,并且某些依赖于区分大小写。 HTTP/2 responses still send the response code (200, 404) but omit the status text ("OK", "Not Found").
HTTP / 2响应仍然发送响应代码(200、404),但是省略状态文本(“确定”,“未找到”)。 Again this should not affect most, properly coded, applications but if you depend on this response message then you may need to do some work to fix this. 同样,这不会影响大多数正确编码的应用程序,但是如果您依赖此响应消息,则可能需要做一些工作来解决此问题。 HTTP/2 is designed to work with a single connection.
HTTP / 2旨在用于单个连接。 If you currently shard your assets of different domains then it may attempt to coalesce them back into one connection , which should work seamlessly but can cause some issues if HTTP/2 is not available over all your sharded domains. 如果您当前分片不同域的资产,则它可能会尝试将它们合并回一个连接 ,该连接应该可以无缝运行,但是如果HTTP / 2在所有分片域上均不可用,则会导致一些问题。
These last 3 points come from the excellent BBC write up of the issues they experienced when moving to HTTP/2 . 最后三点来自BBC出色的文章,描述了他们在转移到HTTP / 2时遇到的问题 。
The above are all points to consider on how to upgrade to allow you to enable HTTP/2. 以上是有关如何升级以启用HTTP / 2的所有要点。 It's a bit painful at the moment to be honest on most standard Linux distributions but hopefully will get easier as newer versions become more common. 坦率地说,在大多数标准Linux发行版上,这现在有点痛苦,但随着新版本的普及,希望它将变得更加容易。
However, once you have that in place, and can upgrade to HTTP/2 you then need to decide if you want to upgrade . 但是,一旦安装到位并可以升级到HTTP / 2,则需要确定是否要升级 。
On the whole HTTP/2 has been designed to be backwards compatible so should be a seamless upgrade. 总体上,HTTP / 2被设计为向后兼容,因此应该进行无缝升级。 Those clients that can will talk HTTP/2, those that can't will continue to talk HTTP/1.1 (which you should leave configured for the foreseeable future). 可以使用HTTP / 2的客户端,不能使用HTTP / 2的客户端(可以在可预见的将来配置)。
However HTTP/2 is still relatively new in the tech world and there may be implementation issues at the client or server side. 但是,HTTP / 2在技术领域仍然相对较新,并且客户端或服务器端可能存在实现问题。 Saying that it's been out for 2 years now, my experience of it is very positive and not seen many issues but, as with any upgrade, you should test, test, test before upgrading and monitor afterwards. 说它已经使用两年了,我的经验是非常积极的,没有看到很多问题,但是与任何升级一样,您应该在升级之前进行测试,测试,测试,然后进行监控。 Most of the issues I've seen have been obscure issues where HTTP/2 is not as performant as it should be, rather than show stopping issues, and most people without as deep an interest as I have for example, would struggle to notice them. 我见过的大多数问题都是晦涩的问题,其中HTTP / 2的性能不如应有的表现,而不是显示停止的问题,例如,大多数没有我兴趣的人都很难注意到它们。 20% of web traffic is using HTTP/2 so it is a proven technology, and it is heavily based on SPDY which has been used by a number of sites, servers and clients without major issues for the last number of years. 20%的Web流量使用HTTP / 2,因此它是一种可靠的技术,并且很大程度上基于SPDY,在过去的几年中,SPDY已被许多站点,服务器和客户端使用,而没有出现重大问题。
You should also consider the benefits of HTTP/2. 您还应该考虑HTTP / 2的好处。 In my opinion most websites should see a good speed improvement (maybe 20%), but this is not guaranteed, will depend on the individual site and the connection visitors and using. 在我看来,大多数网站都应该看到良好的速度改进(可能达到20%),但这并不能保证,这将取决于单个站点以及访问者的连接和使用情况。 Certain bandwidth bound sites may even see a slow down. 某些带宽绑定的站点甚至可能会变慢。 However you need to set realistic expectations and understand where your performance bottlenecks are which will then help understand if (and by how much) HTTP/2 will help. 但是,您需要设定切合实际的期望,并了解性能瓶颈在哪里,然后这将有助于了解HTTP / 2是否(以及在多少程度上)会有所帮助。 It is not a magic fix for poorly performing websites. 对于性能不佳的网站,这不是一个神奇的解决方案。
Other points to consider after you upgrade: 升级后要考虑的其他几点:
- Do you optimise for HTTP/2 and if so when? 您是否针对HTTP / 2进行了优化(如果需要)? Will that impact those visitors that are still on HTTP/1.1? 这会影响那些仍使用HTTP / 1.1的访问者吗? See this answer for more detail on that. 有关更多详细信息,请参见此答案 。
- Do you use HTTP/2 to any back end servers or terminate HTTP/2 at the web server (like many do for HTTPS) and speak HTTP/1.1 to any back end application servers? 您是对任何后端服务器使用HTTP / 2还是在Web服务器上终止HTTP / 2(就像许多HTTPS一样),并对任何后端应用程序服务器使用HTTP / 1.1? This requires the use of mod_proxy_http2 which is still marked as experimental and has had less usage and oversite that the main mod_http2 module. 这要求使用mod_proxy_http2 ,该模块仍被标记为实验性的,并且与主要mod_http2模块相比,具有较少的使用量和过多的位置。 I would advise against this for now unless you have a good reason to use this. 我现在不建议这样做,除非您有充分的理由使用它。 Many back end application servers will also not support HTTP/2 without doing a similar upgrade as above anyway. 如果不进行上述升级,许多后端应用程序服务器也将不支持HTTP / 2。
- Do you use new features like HTTP/2 push? 您是否使用HTTP / 2 push等新功能? This is still an emerging technology and needs careful thought , and may be best left until cache digests is standardised. 这仍然是一项新兴技术, 需要仔细考虑 ,最好不要对缓存摘要进行标准化。
At the end of the day no one but you can be "100% sure" that you will not have issues and it is up to you to test this to give yourself the confidence. 归根结底,没有人,但是您可以“ 100%确保”您不会遇到任何问题,您需要进行测试以增强自信。 And obviously the more information and understanding you have of HTTP/2 the more prepared you will be to understand the impact and any issues. 显然,您对HTTP / 2的了解和了解越多,您就越会做好充分的准备来理解影响和任何问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.