示例配置
<Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150"><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /></Connector>日志中可以看到
The ["http-nio-8080"] connector has been configured to support HTTP upgrade to [h2c]也就意味着 h2c 配置好了 。
我们进行测试 , 使用的是curl , 但是这个 需要最新的版本 , 具体可以看扩展内容 。
# curl --http2http://192.168.174.128:8080# tomcat 日志 192.168.174.128 - - [26/Mar/2020:09:54:28 +0800] "GET / HTTP/1.1" 101 -192.168.174.128 - - [26/Mar/2020:09:54:28 +0800] "GET / HTTP/2.0" 200 11195# 101 是转换协议 , 也就是 转为协议为 http2.0 . 第二条日志也就证实了 。3.1.3、h2 配置(加密)
也就意味着要进行配置证书了 ,这个是8.5.53 版本的默认配置
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2This connector uses the APR/native implementation which always usesOpenSSL for TLS.Either JSSE or OpenSSL style configuration may be used. OpenSSL styleconfiguration is used below.--><Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"maxThreads="150" SSLEnabled="true" ><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><SSLHostConfig><Certificate certificateKeyFile="conf/localhost-rsa-key.pem"certificateFile="conf/localhost-rsa-cert.pem"certificateChainFile="conf/localhost-rsa-chain.pem"type="RSA" /></SSLHostConfig></Connector>示例配置<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150" SSLEnabled="true" ><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /><SSLHostConfig><Certificate certificateKeyFile="conf/server.key"certificateFile="conf/ca.crt"type="RSA" /></SSLHostConfig></Connector>配置成功日志The ["https-openssl-nio-8443"] connector has been configured to support negotiation to [h2] via ALPN访问 curl--http2 -khttps://192.168.174.128:8443 # 查看 tomcat 的 localhost_access_log 日志 192.168.174.128 - - [26/Mar/2020:10:36:03 +0800] "GET / HTTP/2.0" 200 11195发现 OK 。浏览器进行访问 , 也是ok 。
文章插图
四、扩展4.1、测试 h2c需要安装 curl , curl 新版本的才支持 , 老版本不支持 http2.0.
rpm -ivh http://mirror.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-2-1.rhel7.noarch.rpmyum clean allyum makecacheyum update curl--enablerepo=city-fan.org# 可以看到 http2.0 就意味着支持了 。curl-Vcurl 7.69.1 (x86_64-redhat-linux-gnu) libcurl/7.69.1 NSS/3.44 zlib/1.2.7 libpsl/0.7.0 (+libicu/50.1.2) libssh2/1.9.0 nghttp2/1.31.1Release-Date: 2020-03-11Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB PSL SPNEGO SSL UnixSockets4.2、查看浏览器是否支持 http2.0查看我们的浏览器是否支持 http2.0, 打开网址进行测试 。4.3、查看网站是否支持 http2.0网址 , 需要越墙 。
4.4、JAVA8 如何支持 HTTP2.0 TLS问题
- java8 的 TLS 不支持 ALPN(http2.0 TLS 需要ALPN)# http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#HTTP/2_Support Because Java 8's TLS implementation does not support ALPN (which is required for HTTP/2 over TLS), you must be using an OpenSSL based TLS implementation to enable HTTP/2 support. See the sslImplementationName attribute of the Connector. java8 的 TLS 不支持 ALPN(http2.0 TLS 需要ALPN) , 我们必须基于 OpenSSL的TLS实现来启用HTTP/2支持 。
- 默认使用 org.apache.tomcat.util.net.jsse.JSSEImplementation , 但在 Java8 情况下不支持 ALPN 。# http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#HTTP/2_Support When APR/native is enabled, the connectors will default to using OpenSSL through JSSE, which may be more optimized than the JSSE Java implementation depending on the processor being used, and can be complemented with many commercial accelerator components. The following NIO and NIO2 SSL configuration attributes are not specific to a virtual host and, therefore, must be configured on the connector. 也就是说当 APR/native 开启了 , 连接器会默认使用 OpenSSL
推荐阅读
- 为何要清除WordPress网站上的缓存?
- 读网站降权的15个真实原因
- Mac文件误删怎么办?几款不错的数据恢复软件
- 局域网 数据包是如何在以太网中传递的
- 杜仲雄花茶的泡法,金银花茶的功效作用
- 茉莉龙珠的好坏怎么区分,菊花茶的功效有哪些
- 超实用的18个Java8日期处理的实践!建议收藏!
- utf8字符集下的比较规则
- 雪菊花茶功效与作用有哪些,菊花茶的功效有哪些
- 解决跨域的四种方式
![[精英爸妈]并非天生如此,大多源于父母这些行为,李玫瑾教授:孩子情商低](https://imgcdn.toutiaoyule.com/20200407/20200407113604047453a_t.jpeg)
