http2在协议中显示http1

Question

我已经用“让我们加密”在nginx上安装了https，但还不清楚在访问站点时是否使用了http2。

我通过向nginx配置添加http2 :443 ssl http2 default_server；来启用nginx。

当我在(查看-> Developer -> Developer Tools)中检查站点的https协议并重新加载页面(查看->版本)时。然后导航到“网络”选项卡，单击以名称开头的表标题行，右键单击它，然后选择“协议”选项。

上面写的是http/1.1，而不是h2 for http2。但是对于我的Google字体，它是通过google.com访问的，它是h2，当在https://tools.keycdn.com/http2-test上检查域时，它说该站点支持http2

当我运行curl --http2 2 -I https://example.com/时，我得到curl：(1)不支持的协议

所以我在这里有点困惑。

我需要做更多的事情来使它与http2一起工作吗？

下面是我完整的NGINX配置文件：

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

include snippets/ssl-www.example.com.conf;
include snippets/ssl-params.conf;

root /var/www/html;
index index.php index.html index.htm;

server_name example.com;

#Password protects the test subdomain
##  auth_basic "Restricted Content";
##  auth_basic_user_file /etc/nginx/.htpasswd;

location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ /index.php$is_args$query_string;
# include /etc/nginx/naxsi.rules
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
location ~ \.php$ {
#match actual filename with extension or file not found
#try_files $uri $uri =404;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen [::]:80 default_server ipv6only=on;
listen 80 default_server;
server_name www.example.com;
return 301 https://example.com$request_uri;
}

关于您的信息，我在设置时遵循了本教程:让我们加密: digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

nginx版本: nginx/1.10.0 (Ubuntu 16.04)

我在Windows 10上测试最新的Chrome

ssllabs.com/ssltest显示: TLS 1.2是TLS 1.1是TLS 1.0是SSL 3 No SSL 2 No

握手模拟IE11/ Win 10R RSA 2048 (SHA256) TLS 1.2 > h2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp384r1 FS

协议细节: SSL 2握手兼容性是HTTP请求：(HTTP/1.1 200 OK) NPN是h2 http/1.1

Answer 1

对于那些仍在寻找和没有阅读评论的人：

尝试禁用Bitdefender SSL扫描或Bitdefender加密的网络扫描

@BazzaDP Ah由Bitdefender发布.！:-)看来你是对的.-加布里埃尔·简29 '17在8:54 1神秘破解了！当我在Bitdefender上禁用SLL扫描时，我的站点现在显示h2.所以代码一直都是正确的，只是我的防病毒程序.谢谢@BassaDP！- Gabriel Jan 29 '17在9:20