对于希望使用 HTTP/2 的用户,请注意只有在服务器配置了 SSL 证书的情况下才能实现。
因此,本文将介绍如何启动支持 SSL 的 Meilisearch 服务器。本教程简要演示了在本地环境中的配置方法,但同样适用于远程服务器。
首先,你需要 Meilisearch 的可执行文件,也可以使用 docker。如果使用 docker,需要通过环境变量传递参数,并通过挂载卷(volume)方式提供 SSL 证书。
同时需要一个生成 SSL 证书的工具。本指南将使用 mkcert。如果是远程服务器,也可以使用 certbot 或由证书颁发机构签名的证书。
然后使用 curl 发送请求。通过 --http2 选项可以简单地指定发送 HTTP/2 请求。
尝试不使用 SSL 的 HTTP/2
首先运行可执行文件。
然后发送请求。
curl -kvs --http2 --request GET 'http://localhost:7700/indexes'
服务器会返回如下响应:
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
> GET /indexes HTTP/1.1
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA
>
< HTTP/1.1 200 OK
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:01:02 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0
从 > Connection: Upgrade, HTTP2-Settings 这行可以看到服务器尝试升级到 HTTP/2,但没有成功。
响应中的 < HTTP/1.1 200 OK 表明服务器仍在使用 HTTP/1。
尝试使用支持 SSL 的 HTTP/2
首先需要生成 SSL 证书。mkcert 会创建两个文件:127.0.0.1.pem 和 127.0.0.1-key.pem。
然后使用证书和密钥配置支持 SSL 的 Meilisearch。
./meilisearch --ssl-cert-path ./127.0.0.1.pem --ssl-key-path ./127.0.0.1-key.pem
接下来发送与之前相同的请求,但将 http:// 改为 https://。
curl -kvs --http2 --request GET 'https://localhost:7700/indexes'
服务器将返回如下响应:
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: O=mkcert development certificate; OU=quentindequelen@s-iMac (Quentin de Quelen)
* start date: Jun 1 00:00:00 2019 GMT
* expire date: Jul 17 10:38:53 2030 GMT
* issuer: O=mkcert development CA; OU=quentindequelen@s-iMac (Quentin de Quelen); CN=mkcert quentindequelen@s-iMac (Quentin de Quelen)
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff601009200)
> GET /indexes HTTP/2
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 4294967295)!
< HTTP/2 200
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:06:27 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0
可以看到服务器现在支持 HTTP/2 协议。
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
服务器已成功接收 HTTP/2 请求。
