对于希望使用 HTTP/2 的用户,请注意,只有您的服务器配置了 SSL 证书才可能实现。
因此,您将了解如何使用 SSL 启动 Meilisearch 服务器。本教程简要介绍了如何在本地操作,您也可以在远程服务器上执行相同的操作。
首先,您需要 Meilisearch 的二进制文件,或者您也可以使用 Docker。在后一种情况下,需要通过环境变量和卷来传递 SSL 证书参数。
还需要一个生成 SSL 证书的工具。在本操作指南中,您将使用 mkcert。但是,如果在远程服务器上,您也可以使用 certbot 或由证书颁发机构签名的证书。
然后,使用 curl 发送请求。通过使用 --http2 选项,可以简单地指定您要发送 HTTP/2 请求。
尝试在没有 SSL 的情况下使用 HTTP/2
首先运行二进制文件。
然后,发送请求。
curl -kvs --http2 --request GET 'http://localhost:7700/indexes'
您将从服务器收到以下回复
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
> GET /indexes HTTP/1.1
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAARAAAAAAAIAAAAA
>
< HTTP/1.1 200 OK
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:01:02 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0
您可以在 > Connection: Upgrade, HTTP2-Settings 这一行看到服务器尝试升级到 HTTP/2,但未成功。回复 < HTTP/1.1 200 OK 表明服务器仍在使用 HTTP/1。
尝试在有 SSL 的情况下使用 HTTP/2
这次,首先生成 SSL 证书。mkcert 会创建两个文件:127.0.0.1.pem 和 127.0.0.1-key.pem。
然后,使用证书和密钥配置 Meilisearch 的 SSL。
./meilisearch --ssl-cert-path ./127.0.0.1.pem --ssl-key-path ./127.0.0.1-key.pem
接下来,执行与上面相同的请求,但将 http:// 更改为 https://。
curl -kvs --http2 --request GET 'https://localhost:7700/indexes'
您将从服务器收到以下回复
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 7700 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 7700 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: O=mkcert development certificate; OU=quentindequelen@s-iMac (Quentin de Quelen)
* start date: Jun 1 00:00:00 2019 GMT
* expire date: Jul 17 10:38:53 2030 GMT
* issuer: O=mkcert development CA; OU=quentindequelen@s-iMac (Quentin de Quelen); CN=mkcert quentindequelen@s-iMac (Quentin de Quelen)
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff601009200)
> GET /indexes HTTP/2
> Host: localhost:7700
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 4294967295)!
< HTTP/2 200
< content-length: 2
< content-type: application/json
< date: Fri, 17 Jul 2020 11:06:27 GMT
<
* Connection #0 to host localhost left intact
[]* Closing connection 0
您可以看到服务器现在支持 HTTP/2。
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
服务器成功接收 HTTP/2 请求。
