仅在某些客户端中在Nginx中启用http2
[英]Enable http2 in nginx only for some clients
问题描述
I have two set of users using okhttp/2.7.0 and okhttp/3.12.0 . 
我有两组使用okhttp/2.7.0和okhttp/3.12.0 。 I want to enable http2 in nginx only for those users who are using okhttp/3.12.0 . 我只想为使用okhttp/3.12.0用户启用nginx中的okhttp/3.12.0 。 The client ensures to send their identifier. 客户端确保发送其标识符。 Is there a way to use this information and enable http2 only for those users. 有没有一种方法可以使用此信息并仅为那些用户启用http2。
Note: Multiple ports is not an option for me. 注意:多个端口不是我的选择。
My nginx and OS version 我的Nginx和OS版本
nginx version: nginx/1.14.2
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.4)
built with OpenSSL 1.0.2h 3 May 2016
TLS SNI support enabled
My nginx conf goes like this 我的nginx conf像这样
server {
listen 443 ssl http2;
...
1 个解决方案
解决方案1
1 已采纳 2018-12-26 20:13:44
This is not really possible. 这实际上是不可能的。 The client is only sent as part of a HTTP message, which is only sent after the version of HTTP to use is decided, obviously. 显然,客户端仅作为HTTP消息的一部分发送,仅在确定要使用的HTTP版本之后才发送。 The initially message to create the connection, and set up the SSL/TLS parameters won't have the client (which is usually where the HTTP version is decided using the ALPN extension to TLS). 创建连接并设置SSL / TLS参数的初始消息将没有客户端(通常是使用ALPN TLS扩展来确定HTTP版本的客户端)。
There are however other ways this might be possible, including: 但是,还有其他可能的方法,包括:
Depending on the capabilities of the client.
取决于客户端的功能。 I'm not familiar with okhttp but from a quick Google it seems ALPN support was only added in v3, so you could disable the older NPN on your server and then, if that is correct, then in theory the older client will not be able to negotiate HTTP/2 so will fallback to HTTP/1.1. 我对okhttp不太熟悉,但是从一个快速的Google看来,ALPN支持仅在v3中添加了,因此您可以在服务器上禁用较早的NPN,然后,如果是正确的话,那么从理论上讲,较旧的客户端将无法协商HTTP / 2,因此将回退到HTTP / 1.1。 Unfortunately there appears to be no Nginx config option for that so you'd need to build a special version of OpenSSL without NPN support and then compile Nginx against that. 不幸的是,似乎没有Nginx配置选项,因此您需要构建一个没有NPN支持的特殊版本的OpenSSL ,然后针对该版本编译Nginx。 Probably more hassle than it's worth. 麻烦可能超过其价值。 Use Apache instead of Nginx as it never supported NPN
使用Apache而不是Nginx,因为它从不支持NPN Using Multiple IPs and somehow directing each version to a separate IP.
使用多个IP并以某种方式将每个版本定向到一个单独的IP。 Though I suspect as you cannot use separate ports you probably cannot do this either. 尽管我怀疑您不能使用单独的端口,但您也可能无法执行此操作。
All in all it's a bit of hack to be honest and so is not something that I would suggest you pursue. 总而言之,说实话有点可笑,所以我建议您不要这样做。 What you have not explained however is why you want to use HTTP/2 for one set of clients but not the other. 但是,您尚未解释的是为什么要对一组客户端使用HTTP / 2,而不对另一组客户端使用HTTP / 2。 Maybe there's a better way to achieve what you want if you explain that. 解释一下,也许有更好的方法来实现您想要的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.