httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: [users@httpd] mod_h2 protocols not working
Date Fri, 16 Oct 2015 11:07:31 GMT
Thanks! Yeah, h2check.org is not working properly, it has not been updated for some time.

I'll add a line about 302 h2c upgrades not working in the howto...

> Am 16.10.2015 um 13:02 schrieb Chris <chrcoluk@gmail.com>:
> 
> Well I am left scratching my head, the first vhost now works ok on
> https using curl as a tester, nghttp seems ok as well, although my
> output isnt the same as your document.
> 
> I think you was right that the 302 redirect was breaking it on the
> http vhost as that still doesnt work but both http and https work on a
> vhost with no 302.
> 
> This 3rd party checker still fails tho.
> 
> https://www.h2check.org/
> 
> However I think that checker is duff because it is listed in
> chrome://net-internals/#http2:)
> 
> Thanks for your time stefan.  Also thanks for your work on getting
> this into apache.
> 
> On 16 October 2015 at 11:34, Chris <chrcoluk@gmail.com> wrote:
>> Ok stefan I have some good news, it is working on another vhost on
>> both http and https, this is odd as the server config is the same and
>> vhost templates match, will post more if I find out why the first
>> vhost fails.
>> 
>> Thanks
>> 
>> On 16 October 2015 at 11:23, Chris <chrcoluk@gmail.com> wrote:
>>> some more configure info
>>> 
>>> # httpd -V
>>> Server version: Apache/2.4.17 (Unix)
>>> Server built:   Oct 16 2015 08:46:36
>>> Server's Module Magic Number: 20120211:51
>>> Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
>>> Compiled using: APR 1.5.2, APR-UTIL 1.5.4
>>> Architecture:   64-bit
>>> Server MPM:     event
>>>  threaded:     yes (fixed thread count)
>>>    forked:     yes (variable process count)
>>> Server compiled with....
>>> -D APR_HAS_SENDFILE
>>> -D APR_HAS_MMAP
>>> -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
>>> -D APR_USE_FLOCK_SERIALIZE
>>> -D APR_USE_PTHREAD_SERIALIZE
>>> -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>>> -D APR_HAS_OTHER_CHILD
>>> -D AP_HAVE_RELIABLE_PIPED_LOGS
>>> -D DYNAMIC_MODULE_LIMIT=256
>>> -D HTTPD_ROOT="/etc/httpd"
>>> -D SUEXEC_BIN="/usr/sbin/suexec"
>>> -D DEFAULT_PIDLOG="/var/logs/httpd.pid"
>>> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>>> -D DEFAULT_ERRORLOG="logs/error_log"
>>> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>>> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>>> 
>>> # httpd -M
>>> Loaded Modules:
>>> core_module (static)
>>> authn_file_module (static)
>>> authn_dbm_module (static)
>>> authn_anon_module (static)
>>> authn_dbd_module (static)
>>> authn_socache_module (static)
>>> authn_core_module (static)
>>> authz_host_module (static)
>>> authz_groupfile_module (static)
>>> authz_user_module (static)
>>> authz_dbm_module (static)
>>> authz_owner_module (static)
>>> authz_dbd_module (static)
>>> authz_core_module (static)
>>> access_compat_module (static)
>>> auth_basic_module (static)
>>> auth_form_module (static)
>>> auth_digest_module (static)
>>> allowmethods_module (static)
>>> file_cache_module (static)
>>> cache_module (static)
>>> cache_disk_module (static)
>>> cache_socache_module (static)
>>> socache_shmcb_module (static)
>>> socache_dbm_module (static)
>>> socache_memcache_module (static)
>>> so_module (static)
>>> macro_module (static)
>>> dbd_module (static)
>>> dumpio_module (static)
>>> buffer_module (static)
>>> ratelimit_module (static)
>>> reqtimeout_module (static)
>>> ext_filter_module (static)
>>> request_module (static)
>>> include_module (static)
>>> filter_module (static)
>>> substitute_module (static)
>>> sed_module (static)
>>> deflate_module (static)
>>> http_module (static)
>>> mime_module (static)
>>> http2_module (static)
>>> log_config_module (static)
>>> log_debug_module (static)
>>> logio_module (static)
>>> env_module (static)
>>> expires_module (static)
>>> headers_module (static)
>>> unique_id_module (static)
>>> setenvif_module (static)
>>> version_module (static)
>>> remoteip_module (static)
>>> proxy_module (static)
>>> proxy_connect_module (static)
>>> proxy_ftp_module (static)
>>> proxy_http_module (static)
>>> proxy_fcgi_module (static)
>>> proxy_scgi_module (static)
>>> proxy_wstunnel_module (static)
>>> proxy_ajp_module (static)
>>> proxy_balancer_module (static)
>>> proxy_express_module (static)
>>> session_module (static)
>>> session_cookie_module (static)
>>> session_dbd_module (static)
>>> slotmem_shm_module (static)
>>> ssl_module (static)
>>> lbmethod_byrequests_module (static)
>>> lbmethod_bytraffic_module (static)
>>> lbmethod_bybusyness_module (static)
>>> lbmethod_heartbeat_module (static)
>>> unixd_module (static)
>>> dav_module (static)
>>> status_module (static)
>>> autoindex_module (static)
>>> info_module (static)
>>> suexec_module (static)
>>> cgi_module (static)
>>> dav_fs_module (static)
>>> dav_lock_module (static)
>>> vhost_alias_module (static)
>>> negotiation_module (static)
>>> dir_module (static)
>>> actions_module (static)
>>> speling_module (static)
>>> userdir_module (static)
>>> alias_module (static)
>>> rewrite_module (static)
>>> htscanner_module (shared)
>>> mpm_event_module (shared)
>>> 
>>> 
>>> 
>>> On 16 October 2015 at 11:07, Chris <chrcoluk@gmail.com> wrote:
>>>> Sorry I meant I tried using Protocols h2 not g2 that was a typo.
>>>> 
>>>> On 16 October 2015 at 10:48, Stefan Eissing
>>>> <stefan.eissing@greenbytes.de> wrote:
>>>>> 
>>>>> Chris,
>>>>> 
>>>>> http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com
>>>>> 
>>>>> There is no connection upgrade happening on that. Can be argued that
it should.
>>>>> 
>>>>> On the https side, I see:
>>>>> * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0)
>>>>> * ALPN, offering h2
>>>>> * ALPN, offering http/1.1
>>>>> * Cipher selection: =
>>>>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
>>>>> * TLSv1.2 (OUT), TLS header, Certificate Status (22):
>>>>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>>>>> * TLSv1.2 (IN), TLS handshake, Server hello (2):
>>>>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>>>>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>>>>> * TLSv1.2 (IN), TLS handshake, Server finished (14):
>>>>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>>>>> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
>>>>> * TLSv1.2 (OUT), TLS handshake, Finished (20):
>>>>> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
>>>>> * TLSv1.2 (IN), TLS handshake, Finished (20):
>>>>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
>>>>> * ALPN, server accepted to use http/1.1
>>>>> 
>>>>> So ALPN is happening, but h2 is not selected. How did you configure this?
>>>>> 
>>>>>> Anfang der weitergeleiteten Nachricht:
>>>>>> =20
>>>>>> Von: Chris <chrcoluk@gmail.com>
>>>>>> Datum: 16. Oktober 2015 um 11:22:57 MESZ
>>>>>> An: dev@httpd.apache.org
>>>>>> Betreff: Aw: mod_http2 protocols directive broken
>>>>>> =20
>>>>>> Hi Stefan, here is the output of both checks. Note I will confirm
also
>>>>>> curl is compiled with http2 support and will also show curl -V output.
>>>>>> =20
>>>>>> Curl -V
>>>>>> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d
>>>>>> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4
>>>>>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
>>>>>> rtsp smb smbs smtp smtps telnet tftp
>>>>>> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
>>>>>> HTTP2 UnixSockets "
>>>>>> =20
>>>>>> Curl http2 test
>>>>>> "# curl -v --http2 -v http://freebsd-admin.com/
>>>>>> *   Trying 2a01:4f8:201:5465::4...
>>>>>> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0)
>>>>>>> GET / HTTP/1.1
>>>>>>> Host: freebsd-admin.com
>>>>>>> User-Agent: curl/7.45.0
>>>>>>> Accept: */*
>>>>>>> Connection: Upgrade, HTTP2-Settings
>>>>>>> Upgrade: h2c
>>>>>>> HTTP2-Settings: AAMAAABkAAQAAP__
>>>>>>> =20
>>>>>> < HTTP/1.1 302 Found
>>>>>> < Date: Fri, 16 Oct 2015 09:19:56 GMT
>>>>>> < Server: Apache
>>>>>> < X-Frame-Options: SAMEORIGIN
>>>>>> < X-Xss-Protection: 1; mode=3Dblock
>>>>>> < X-Content-Type-Options: nosniff
>>>>>> < Content-Security-Policy: default-src 'self'; script-src 'self'
>>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>>>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>>>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self'
>>>>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>>>>> < X-Content-Security-Policy: default-src 'self'; script-src 'self'
>>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>>>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>>>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline'
>>>>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>>>>> < Location: https://freebsd-admin.com/
>>>>>> < Content-Length: 210
>>>>>> < Content-Type: text/html; charset=3Diso-8859-1
>>>>>> <
>>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>>>>> <html><head>
>>>>>> <title>302 Found</title>
>>>>>> </head><body>
>>>>>> <h1>Found</h1>
>>>>>> <p>The document has moved <a =
>>>>> href=3D"https://freebsd-admin.com/">here</a>.</p>
>>>>>> </body></html>
>>>>>> * Connection #0 to host freebsd-admin.com left intact"
>>>>>> =20
>>>>>> nghttp2 test
>>>>>> "# nghttp -uv http://freebsd-admin.com/
>>>>>> [  0.000] Connected
>>>>>> [  0.000] HTTP Upgrade request
>>>>>> GET / HTTP/1.1
>>>>>> Host: freebsd-admin.com
>>>>>> Connection: Upgrade, HTTP2-Settings
>>>>>> Upgrade: h2c
>>>>>> HTTP2-Settings: AAMAAABkAAQAAP__
>>>>>> Accept: */*
>>>>>> User-Agent: nghttp2/1.3.4
>>>>>> =20
>>>>>> =20
>>>>>> [  0.001] HTTP Upgrade response
>>>>>> HTTP/1.1 302 Found
>>>>>> Date: Fri, 16 Oct 2015 09:21:42 GMT
>>>>>> Server: Apache
>>>>>> X-Frame-Options: SAMEORIGIN
>>>>>> X-Xss-Protection: 1; mode=3Dblock
>>>>>> X-Content-Type-Options: nosniff
>>>>>> Content-Security-Policy: default-src 'self'; script-src 'self'
>>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>>>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>>>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self'
>>>>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>>>>> X-Content-Security-Policy: default-src 'self'; script-src 'self'
>>>>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>>>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>>>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline'
>>>>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>>>>> Location: https://freebsd-admin.com/
>>>>>> Content-Length: 210
>>>>>> Content-Type: text/html; charset=3Diso-8859-1
>>>>>> =20
>>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>>>>> <html><head>
>>>>>> <title>302 Found</title>
>>>>>> </head><body>
>>>>>> <h1>Found</h1>
>>>>>> <p>The document has moved <a =
>>>>> href=3D"https://freebsd-admin.com/">here</a>.</p>
>>>>>> </body></html>
>>>>>> =20
>>>>>> [ERROR] HTTP Upgrade failed
>>>>>> Some requests were not processed. total=3D1, processed=3D0"
>>>>>> =20
>>>>>> Finally I also set logging to http2:debug but I dont see anything
that
>>>>>> indicates an error.
>>>>>> =20
>>>>>> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid
>>>>>> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing...
>>>>>> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid
>>>>>> 34410099712] h2_h2.c(72): h2_h2, child_init
>>>>>> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid
>>>>>> 34410099712] h2_switch.c(54): h2_switch init
>>>>>> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid
>>>>>> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor
>>>>>> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid
>>>>>> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured
>>>>>> -- resuming normal operations
>>>>>> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid
>>>>>> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL'
>>>>>> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid
>>>>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, =
>>>>> mthrpchild=3D32,
>>>>>> thr_limit=3D64
>>>>>> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid
>>>>>> 34410099712] h2_workers.c(227): h2_workers: starting
>>>>>> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid
>>>>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, =
>>>>> mthrpchild=3D32,
>>>>>> thr_limit=3D64
>>>>>> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid
>>>>>> 34410099712] h2_workers.c(227): h2_workers: starting"
>>>>>> =20
>>>>>> Hope this helps.
>>>>>> =20
>>>>>> On 16 October 2015 at 10:14, Stefan Eissing
>>>>>> <stefan.eissing@greenbytes.de> wrote:
>>>>>>> Chris,
>>>>>>> =20
>>>>>>> I wrote some advice at https://icing.github.io/mod_h2/howto.html
=
>>>>> already.
>>>>>>> =20
>>>>>>> There are several checks described. Which one fails for you and
how? =
>>>>> I need
>>>>>>> the output of the step that differs from the advice. Just a verbal
=
>>>>> description
>>>>>>> is not enough. Thx.
>>>>>>> =20
>>>>>>> //Stefan
>>>>>>> =20
>>>>>>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@gmail.com>:
>>>>>>>> =20
>>>>>>>> Hi guys.
>>>>>>>> =20
>>>>>>>> Was excited to see the module got added to 2.4.17 but I cannot
get =
>>>>> it
>>>>>>>> to work in my testing following information from this url.
>>>>>>>> https://icing.github.io/mod_h2/howto.html#http
>>>>>>>> =20
>>>>>>>> So what is confirmed working?
>>>>>>>> =20
>>>>>>>> I compiled apache with the appropriate configure flag.
>>>>>>>> =20
>>>>>>>> I can confirm in the error log the module loads.
>>>>>>>> =20
>>>>>>>> However the protocols directive seems to be ignored, testing
with =
>>>>> both
>>>>>>>> curl and nghttp2, confirm only http 1.1. is used.  I have
tried =
>>>>> using
>>>>>>>> invalid syntax on the protocols directive to cause an error
but the
>>>>>>>> server starts anyway without error as if it ignores the value,
I =
>>>>> have
>>>>>>>> tried the value in both the server config and vhost which
has no
>>>>>>>> affect.
>>>>>>>> =20
>>>>>>>> Any ideas?
>>>>>>>> =20
>>>>>>>> I have been testing on both http and https and both stuck
on http =
>>>>> 1.1.
>>>>>>>> =20
>>>>>>>> Chris
>>>>>>> =20
>>>>> 
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message