
Monday, August 20, 2012

How to: test Nginx with SPDY for .net application tutorial

Basically, Nginx has one patch which supports the SPDY, all you need is to download the dev version and apply the patch.
here is one step-by-step tutorial one how to install and config nginx to support SPDY In front, and any we app as the background.

1. Install OpenSSL 1.0.1, it's required because SPDY module uses
Next Protocol Negotiation TLS extension.
go to, pick up the 1.1 link. i.e

tar zxvf openssl-1.0.1c.tar.gz
cd openssl-1.0.1c
make install

2. Download nginx 1.3.x tar-gzip package, visit,
or $ wget
3. Unpack nginx-1.3 $ tar xvfz nginx-1.3.4.tar.gz $ cd nginx-1.3.4
4. Download and apply SPDY module patch from
   $ wget
   $ patch -p0 < patch.spdy.txt
5. Configure nginx build
$ ./configure --with-http_ssl_module Use --with-openssl=/path/to/openssl-1.0.1, when building OpenSSL separately and statically linking.
Use --with-cc-opt and --with-ld-opt accordingly, if OpenSSL is installed as an optional library, e.g. on Mac OS X $ ./configure --with-http_ssl_module \ --with-cc-opt="-I/opt/local/include" \ --with-ld-opt="-L/opt/local/lib"
if you don’t have zlib, need install zlib-devel library
I don’t have the pcre library, so disable the urlrewrite features
./configure --with-http_ssl_module --with-openssl=/root/openssl-1.0.1c/ --without-http_rewrite_module
6. Build nginx
$ make
7. Install
make install.
Now we can test the hello world of nginx,by default, all bits are under /usr/local folder.
image go to sbin, run nginx to test the version and configration optins,
image then start the nginx
sbin/nginx Now you can access localhost (by default it listens on port) we can change the conf under conf/nginx.conf image

Now, let’s chagnge the config to add a backend server, I will use a internal server with ip and port 4444 as the example. no spdy so far,
Original backend server, just a startpage of a empty iis site,

let’s change the nginx conf to add this backend server.
basically we just change the location of the server to a proxy access,

location / {
root html;
index index.html index.htm;

change to.

location / {
proxy_pass ;
proxy_redirect default;

restart the nginx , when you access localhost again, the welcome nginx page will be replcaed as the IIS7 page.

Now, lets turn on the SPDY support.

Generate SSL key and certificate. because the Nginx SPDY module using the Next protocal negotiation tls extension. so we need using the openssl to generate a self signed Certificate. before we create and signed the certifiacte , we need first create one private key.

we can create the key under the nginx conf folder, the key is called localhost.key

once we get the private key, we will create one Certificate sign request using this key, the request will be stored as localhost.csr.

Now we can “sign” and generate the certificate.

the last step, when we create the private key, we specified a password, we can remove the password, since this key is used by the app instead of human.

So far , we get 4 files , two private keys(one without password), one cert request, and one final certificate. we will use the private key and final certificate.

then change the nginx.conf, final stepWinking smile

server {
listen 80;
server_name localhost;

location / {
proxy_pass ;
proxy_redirect default;

After // I highlighted the difference. basically, put spdy and ssl key

server {
listen 443 ssl spdy;
server_name localhost;
ssl_certificate "localhost.crt";
ssl_certificate_key "localhost_nopass.key";

location / {
proxy_pass ;
proxy_redirect default;

restart the service, and try https://localhost, you will see the spdy indicator is on. we are on SPDY mode.(search SPDY indicator In the chrome store.)

furthure moe, you can check chrome net internals,
go to chrome://net-internals/#events&q=type:SPDY_SESSION%20is:active and rehit the page, you will see session in spdy got captured here,

No comments:

Post a Comment