搭配 HTTP/2 和 SSL 使用 Meilisearch
對於那些想要使用 HTTP/2 的人,請注意,**只有在您的伺服器配置了 SSL 憑證**時才有可能。
因此,您將看到如何使用 SSL 啟動 Meilisearch 伺服器。本教學提供如何在本地端進行的簡短介紹,但您也可以在遠端伺服器上執行相同的操作。
首先,您需要 Meilisearch 的二進制檔案,或者您也可以使用 Docker。在後者的情況下,有必要使用環境變數傳遞參數,並透過 volume 傳遞 SSL 憑證。
還需要一個產生 SSL 憑證的工具。在本操作指南中,您將使用 mkcert。但是,如果在遠端伺服器上,您也可以使用 certbot 或由憑證授權機構簽署的憑證。
然後,使用 curl 發出請求。這是一種簡單的方式,透過使用 --http2 選項來指定您要傳送 HTTP/2 請求。
嘗試在沒有 SSL 的情況下使用 HTTP/2
首先執行二進制檔案。
./meilisearch
然後,發送請求。
curl -kvs --http2 --request GET 'https://127.0.0.1:7700/indexes'
您將從伺服器收到以下回覆
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
> GET /indexes HTTP/1.1
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA
>
< HTTP/1.1 200 OK
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:01:02 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0
您可以在 > Connection: Upgrade, HTTP2-Settings 行看到伺服器嘗試升級到 HTTP/2,但未成功。回覆 < HTTP/1.1 200 OK 表示伺服器仍在使用 HTTP/1。
嘗試搭配 SSL 使用 HTTP/2
這次,首先產生 SSL 憑證。mkcert 會建立兩個檔案:127.0.0.1.pem 和 127.0.0.1-key.pem。
mkcert '127.0.0.1'
然後,使用憑證和金鑰來配置具有 SSL 的 Meilisearch。
./meilisearch --ssl-cert-path ./127.0.0.1.pem --ssl-key-path ./127.0.0.1-key.pem
接下來,發出與上面相同的請求,但將 http:// 變更為 https://。
curl -kvs --http2 --request GET 'https://127.0.0.1:7700/indexes'
您將從伺服器收到以下回覆
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: O=mkcert development certificate; OU=quentindequelen@s-iMac (Quentin de Quelen)
* start date: Jun 1 00:00:00 2019 GMT
* expire date: Jul 17 10:38:53 2030 GMT
* issuer: O=mkcert development CA; OU=quentindequelen@s-iMac (Quentin de Quelen); CN=mkcert quentindequelen@s-iMac (Quentin de Quelen)
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff601009200)
> GET /indexes HTTP/2
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 4294967295)!
< HTTP/2 200
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:06:27 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0
您可以看到伺服器現在支援 HTTP/2。
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
伺服器成功接收 HTTP/2 請求。
< HTTP/2 200