返回首页v1.10文档

    使用 HTTP/2 和 SSL 与 Meilisearch

    对于希望使用 HTTP/2 的用户,请注意 **只有在服务器配置了 SSL 证书的情况下才可以使用**。

    因此,您将了解如何使用 SSL 启动 Meilisearch 服务器。本教程简要介绍了如何在本地执行此操作,但您也可以在远程服务器上执行相同的操作。

    首先,您需要 Meilisearch 的二进制文件,或者也可以使用 Docker。在后一种情况下,需要使用环境变量传递参数,并通过卷传递 SSL 证书。

    还需要一个生成 SSL 证书的工具。在本教程中,您将使用 mkcert。但是,如果在远程服务器上,您也可以使用 certbot 或由证书颁发机构签发的证书。

    然后,使用 curl 发送请求。这是一种简单的方法,可以通过使用 --http2 选项指定您想要发送 HTTP/2 请求。

    尝试在没有 SSL 的情况下使用 HTTP/2

    首先运行二进制文件。

    ./meilisearch

    然后,发送请求。

    curl -kvs --http2 --request GET 'https://127.0.0.1:7700/indexes'

    您将收到服务器返回的以下答案

    *   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
> GET /indexes HTTP/1.1
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA
>
< HTTP/1.1 200 OK
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:01:02 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0

    您可以在 > Connection: Upgrade, HTTP2-Settings 行看到服务器尝试升级到 HTTP/2,但未成功。< HTTP/1.1 200 OK 响应表示服务器仍在使用 HTTP/1。

    尝试使用 SSL 的 HTTP/2

    这次,首先生成 SSL 证书。mkcert 创建两个文件:127.0.0.1.pem127.0.0.1-key.pem

    mkcert '127.0.0.1'

    然后,使用证书和密钥配置 Meilisearch 以使用 SSL。

    ./meilisearch --ssl-cert-path ./127.0.0.1.pem --ssl-key-path ./127.0.0.1-key.pem

    接下来,发出与上面相同的请求,但将 http:// 更改为 https://

    curl -kvs --http2 --request GET 'https://127.0.0.1:7700/indexes'

    您将收到服务器返回的以下答案

    *   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: O=mkcert development certificate; OU=quentindequelen@s-iMac (Quentin de Quelen)
*  start date: Jun  1 00:00:00 2019 GMT
*  expire date: Jul 17 10:38:53 2030 GMT
*  issuer: O=mkcert development CA; OU=quentindequelen@s-iMac (Quentin de Quelen); CN=mkcert quentindequelen@s-iMac (Quentin de Quelen)
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff601009200)
> GET /indexes HTTP/2
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 4294967295)!
< HTTP/2 200
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:06:27 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0

    您可以看到服务器现在支持 HTTP/2 了。

    * Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)

    服务器成功接收了 HTTP/2 请求。

    < HTTP/2 200