Answer the question
In order to leave comments, you need to log in
T
T
Toopie2018-04-16 16:02:42
Toopie, 2018-04-16 16:02:42
Doesn't want to enable HTTP2. What can be wrong?
Hello.
I decided to screw up a domain here in order to connect HTTP2 to it via SSL.
Here is the log from the console:
<br>
<br>
[email protected]:~# nginx -v<br>
nginx version: nginx/1.13.12<br>
[email protected]:~# openssl version<br>
OpenSSL 1.1.0f 25 May 2017<br>
[email protected]:~#<br>
<br>Here is the config:
<br>
user www-data;<br>
worker_processes auto;<br>
worker_cpu_affinity auto;<br>
worker_shutdown_timeout 30;<br>
<br>
error_log /var/log/nginx/error.log warn;<br>
pid /var/run/nginx.pid;<br>
<br>
worker_rlimit_nofile 150000;<br>
<br>
events {<br>
worker_connections 8000;<br>
multi_accept on;<br>
use epoll;<br>
}<br>
<br>
http {<br>
include /etc/nginx/mime.types;<br>
default_type application/octet-stream;<br>
<br>
log_format main '$remote_addr $remote_user [$time_local] "$request" '<br>
'$status $body_bytes_sent "$http_referer" '<br>
'"$http_user_agent" "$http_x_forwarded_for"';<br>
<br>
access_log off;<br>
<br>
gzip on;<br>
sendfile on;<br>
sendfile_max_chunk 128k;<br>
tcp_nopush on;<br>
tcp_nodelay on;<br>
reset_timedout_connection on;<br>
client_body_buffer_size 128k;<br>
client_body_in_file_only off;<br>
<br>
server {<br>
listen 80;<br>
server_name 127.0.0.1;<br>
root /var/www/html;<br>
index index.html index.php;<br>
<br>
location ~ /.well-known {<br>
allow all;<br>
}<br>
<br>
location ~* \.php$ {<br>
try_files $uri = 404;<br>
fastcgi_split_path_info ^(.+\.php)(/.+)$;<br>
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;<br>
fastcgi_send_timeout 180s;<br>
fastcgi_read_timeout 180s;<br>
fastcgi_index index.php;<br>
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br>
fastcgi_pass_request_body on;<br>
include fastcgi_params;<br>
}<br>
}<br>
server {<br>
listen 443 ssl http2;<br>
server_name samp-telegraph.org;<br>
index index.php;<br>
root /var/www/html/telegraph;<br>
<br>
if ($scheme = http) {<br>
return 301 https://$server_name$request_uri;<br>
}<br>
<br>
location /.well-known/acme-challenge/ {<br>
access_log off;<br>
default_type "text/plain";<br>
}<br>
<br>
ssl on;<br>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br>
ssl_prefer_server_ciphers on;<br>
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";<br>
ssl_session_timeout 1h;<br>
ssl_session_cache shared:SSL:50m;<br>
ssl_stapling on;<br>
ssl_stapling_verify on;<br>
add_header Strict-Transport-Security max-age=15768000;<br>
<br>
resolver 127.0.0.1 valid=300s;<br>
resolver_timeout 10s;<br>
<br>
ssl_certificate /etc/letsencrypt/live/samp-telegraph.org/fullchain.pem;<br>
ssl_certificate_key /etc/letsencrypt/live/samp-telegraph.org/privkey.pem;<br>
ssl_trusted_certificate /etc/letsencrypt/live/samp-telegraph.org/chain.pem;<br>
<br>
location ~ /.well-known {<br>
allow all;<br>
}<br>
<br>
location ~* \.php$ {<br>
try_files $uri = 404;<br>
fastcgi_split_path_info ^(.+\.php)(/.+)$;<br>
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;<br>
fastcgi_send_timeout 180s;<br>
fastcgi_read_timeout 180s;<br>
fastcgi_index index.php;<br>
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;<br>
fastcgi_pass_request_body on;<br>
include fastcgi_params;<br>
}<br>
}<br>
}<br>But HTTP2 is still not enabled. What could be the problem?
3 answer(s)
@latush
L
latush, 2018-04-16 @latush
What's in the logs?
Wangyu that there are no access rights to certificates.
Similar questions
N
W
P
S
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question