http2 vs http1
通过nginx 配置 http1.1, http2 环境,简单测评一下 http2 的性能。完整代码见docker-http2-benchmark.
1. 签发 ssl 证书
参考文档Certificates for localhost, 为 localhost域名签发证书.
执行代码生成证书:
openssl req -x509 -out ssl/localhost.crt -keyout ssl/localhost.key \
-newkey rsa:2048 -nodes -sha256 \
-subj '/CN=localhost' -extensions EXT -config <( \
printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
将证书 ssl/localhost.crt 加入到系统可信证书列表中.
对于 mac 系统, 在Mac上打开“钥匙串访问”,然后转到“系统”中的证书列表,通过点击+号按钮导入证书 localhost.crt.
2. http2 环境配置
配置 nginx环境, nginx.conf 如下:
user root;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_static on;
# gzip_vary on;
gzip_proxied any;
gzip_comp_level 4;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
server {
listen 443 ssl http2;
server_name localhost;
ssl_certificate /etc/nginx/cert/localhost.crt;
ssl_certificate_key /etc/nginx/cert/localhost.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /h2/ {
alias /html/;
try_files $uri $uri/ $uri/http2priorities.html;
}
location / {
return 404;
}
}
server {
listen 80;
server_name localhost;
rewrite ^(.*)$ https://$host$1 permanent;
}
}
使用 docker-compose 启动 http2 环境, docker-compose.yml如下:
version: "3.7"
services:
localhost-nginx:
image: nginx
restart: always
ports:
- "127.0.0.1:80:80"
- "127.0.0.1:443:443"
volumes:
- "./conf/nginx_setting:/etc/nginx/nginx.conf:ro"
- "./log:/var/log/nginx"
- "./html:/html/"
- "../ssl/localhost.key:/etc/nginx/cert/localhost.key"
- "../ssl/localhost.crt:/etc/nginx/cert/localhost.crt"
environment:
TZ: Asia/Shanghai
3. http1 环境配置
基本与 http2 环境配置过程一样,唯一区别是,nginx.conf 文件中,
将 http2 中的
listen 443 ssl http2;
server_name localhost;
改为:
listen 443 ssl;
server_name localhost;
4. 测试
4.1 http1 测试结果
4.2 http2 测试结果
