httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject [users@httpd] mod_h2 protocols not working
Date Fri, 16 Oct 2015 09:48:09 GMT

Chris,

http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com

There is no connection upgrade happening on that. Can be argued that it should.

On the https side, I see:
* Connected to freebsd-admin.com (78.46.185.201) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: =
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1

So ALPN is happening, but h2 is not selected. How did you configure this?

> Anfang der weitergeleiteten Nachricht:
> =20
> Von: Chris <chrcoluk@gmail.com>
> Datum: 16. Oktober 2015 um 11:22:57 MESZ
> An: dev@httpd.apache.org
> Betreff: Aw: mod_http2 protocols directive broken
> =20
> Hi Stefan, here is the output of both checks. Note I will confirm also
> curl is compiled with http2 support and will also show curl -V output.
> =20
> Curl -V
> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d
> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4
> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
> rtsp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
> HTTP2 UnixSockets "
> =20
> Curl http2 test
> "# curl -v --http2 -v http://freebsd-admin.com/
> *   Trying 2a01:4f8:201:5465::4...
> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0)
>> GET / HTTP/1.1
>> Host: freebsd-admin.com
>> User-Agent: curl/7.45.0
>> Accept: */*
>> Connection: Upgrade, HTTP2-Settings
>> Upgrade: h2c
>> HTTP2-Settings: AAMAAABkAAQAAP__
>> =20
> < HTTP/1.1 302 Found
> < Date: Fri, 16 Oct 2015 09:19:56 GMT
> < Server: Apache
> < X-Frame-Options: SAMEORIGIN
> < X-Xss-Protection: 1; mode=3Dblock
> < X-Content-Type-Options: nosniff
> < Content-Security-Policy: default-src 'self'; script-src 'self'
> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
> 'self' https://*.freebsd-admin.com; img-src 'self'
> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self'
> https://*.freebsd-admin.com; block-all-mixed-content;
> < X-Content-Security-Policy: default-src 'self'; script-src 'self'
> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
> 'self' https://*.freebsd-admin.com; img-src 'self'
> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline'
> https://*.freebsd-admin.com; block-all-mixed-content;
> < Location: https://freebsd-admin.com/
> < Content-Length: 210
> < Content-Type: text/html; charset=3Diso-8859-1
> <
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>302 Found</title>
> </head><body>
> <h1>Found</h1>
> <p>The document has moved <a =
href=3D"https://freebsd-admin.com/">here</a>.</p>
> </body></html>
> * Connection #0 to host freebsd-admin.com left intact"
> =20
> nghttp2 test
> "# nghttp -uv http://freebsd-admin.com/
> [  0.000] Connected
> [  0.000] HTTP Upgrade request
> GET / HTTP/1.1
> Host: freebsd-admin.com
> Connection: Upgrade, HTTP2-Settings
> Upgrade: h2c
> HTTP2-Settings: AAMAAABkAAQAAP__
> Accept: */*
> User-Agent: nghttp2/1.3.4
> =20
> =20
> [  0.001] HTTP Upgrade response
> HTTP/1.1 302 Found
> Date: Fri, 16 Oct 2015 09:21:42 GMT
> Server: Apache
> X-Frame-Options: SAMEORIGIN
> X-Xss-Protection: 1; mode=3Dblock
> X-Content-Type-Options: nosniff
> Content-Security-Policy: default-src 'self'; script-src 'self'
> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
> 'self' https://*.freebsd-admin.com; img-src 'self'
> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self'
> https://*.freebsd-admin.com; block-all-mixed-content;
> X-Content-Security-Policy: default-src 'self'; script-src 'self'
> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
> 'self' https://*.freebsd-admin.com; img-src 'self'
> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline'
> https://*.freebsd-admin.com; block-all-mixed-content;
> Location: https://freebsd-admin.com/
> Content-Length: 210
> Content-Type: text/html; charset=3Diso-8859-1
> =20
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>302 Found</title>
> </head><body>
> <h1>Found</h1>
> <p>The document has moved <a =
href=3D"https://freebsd-admin.com/">here</a>.</p>
> </body></html>
> =20
> [ERROR] HTTP Upgrade failed
> Some requests were not processed. total=3D1, processed=3D0"
> =20
> Finally I also set logging to http2:debug but I dont see anything that
> indicates an error.
> =20
> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid
> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing...
> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid
> 34410099712] h2_h2.c(72): h2_h2, child_init
> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid
> 34410099712] h2_switch.c(54): h2_switch init
> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid
> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor
> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid
> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured
> -- resuming normal operations
> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid
> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL'
> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid
> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, =
mthrpchild=3D32,
> thr_limit=3D64
> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid
> 34410099712] h2_workers.c(227): h2_workers: starting
> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid
> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, =
mthrpchild=3D32,
> thr_limit=3D64
> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid
> 34410099712] h2_workers.c(227): h2_workers: starting"
> =20
> Hope this helps.
> =20
> On 16 October 2015 at 10:14, Stefan Eissing
> <stefan.eissing@greenbytes.de> wrote:
>> Chris,
>> =20
>> I wrote some advice at https://icing.github.io/mod_h2/howto.html =
already.
>> =20
>> There are several checks described. Which one fails for you and how? =
I need
>> the output of the step that differs from the advice. Just a verbal =
description
>> is not enough. Thx.
>> =20
>> //Stefan
>> =20
>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@gmail.com>:
>>> =20
>>> Hi guys.
>>> =20
>>> Was excited to see the module got added to 2.4.17 but I cannot get =
it
>>> to work in my testing following information from this url.
>>> https://icing.github.io/mod_h2/howto.html#http
>>> =20
>>> So what is confirmed working?
>>> =20
>>> I compiled apache with the appropriate configure flag.
>>> =20
>>> I can confirm in the error log the module loads.
>>> =20
>>> However the protocols directive seems to be ignored, testing with =
both
>>> curl and nghttp2, confirm only http 1.1. is used.  I have tried =
using
>>> invalid syntax on the protocols directive to cause an error but the
>>> server starts anyway without error as if it ignores the value, I =
have
>>> tried the value in both the server config and vhost which has no
>>> affect.
>>> =20
>>> Any ideas?
>>> =20
>>> I have been testing on both http and https and both stuck on http =
1.1.
>>> =20
>>> Chris
>> =20

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message