httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris <chrco...@gmail.com>
Subject Re: [users@httpd] mod_h2 protocols not working
Date Fri, 16 Oct 2015 10:23:06 GMT
some more configure info

# httpd -V
Server version: Apache/2.4.17 (Unix)
Server built:   Oct 16 2015 08:46:36
Server's Module Magic Number: 20120211:51
Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture:   64-bit
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
 -D APR_USE_FLOCK_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/var/logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

 # httpd -M
Loaded Modules:
 core_module (static)
 authn_file_module (static)
 authn_dbm_module (static)
 authn_anon_module (static)
 authn_dbd_module (static)
 authn_socache_module (static)
 authn_core_module (static)
 authz_host_module (static)
 authz_groupfile_module (static)
 authz_user_module (static)
 authz_dbm_module (static)
 authz_owner_module (static)
 authz_dbd_module (static)
 authz_core_module (static)
 access_compat_module (static)
 auth_basic_module (static)
 auth_form_module (static)
 auth_digest_module (static)
 allowmethods_module (static)
 file_cache_module (static)
 cache_module (static)
 cache_disk_module (static)
 cache_socache_module (static)
 socache_shmcb_module (static)
 socache_dbm_module (static)
 socache_memcache_module (static)
 so_module (static)
 macro_module (static)
 dbd_module (static)
 dumpio_module (static)
 buffer_module (static)
 ratelimit_module (static)
 reqtimeout_module (static)
 ext_filter_module (static)
 request_module (static)
 include_module (static)
 filter_module (static)
 substitute_module (static)
 sed_module (static)
 deflate_module (static)
 http_module (static)
 mime_module (static)
 http2_module (static)
 log_config_module (static)
 log_debug_module (static)
 logio_module (static)
 env_module (static)
 expires_module (static)
 headers_module (static)
 unique_id_module (static)
 setenvif_module (static)
 version_module (static)
 remoteip_module (static)
 proxy_module (static)
 proxy_connect_module (static)
 proxy_ftp_module (static)
 proxy_http_module (static)
 proxy_fcgi_module (static)
 proxy_scgi_module (static)
 proxy_wstunnel_module (static)
 proxy_ajp_module (static)
 proxy_balancer_module (static)
 proxy_express_module (static)
 session_module (static)
 session_cookie_module (static)
 session_dbd_module (static)
 slotmem_shm_module (static)
 ssl_module (static)
 lbmethod_byrequests_module (static)
 lbmethod_bytraffic_module (static)
 lbmethod_bybusyness_module (static)
 lbmethod_heartbeat_module (static)
 unixd_module (static)
 dav_module (static)
 status_module (static)
 autoindex_module (static)
 info_module (static)
 suexec_module (static)
 cgi_module (static)
 dav_fs_module (static)
 dav_lock_module (static)
 vhost_alias_module (static)
 negotiation_module (static)
 dir_module (static)
 actions_module (static)
 speling_module (static)
 userdir_module (static)
 alias_module (static)
 rewrite_module (static)
 htscanner_module (shared)
 mpm_event_module (shared)



On 16 October 2015 at 11:07, Chris <chrcoluk@gmail.com> wrote:
> Sorry I meant I tried using Protocols h2 not g2 that was a typo.
>
> On 16 October 2015 at 10:48, Stefan Eissing
> <stefan.eissing@greenbytes.de> wrote:
>>
>> Chris,
>>
>> http://freebsd-admin.com does a 302 redirect to https://freebsd-admin.com
>>
>> There is no connection upgrade happening on that. Can be argued that it should.
>>
>> On the https side, I see:
>> * Connected to freebsd-admin.com (78.46.185.201) port 443 (#0)
>> * ALPN, offering h2
>> * ALPN, offering http/1.1
>> * Cipher selection: =
>> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
>> * TLSv1.2 (OUT), TLS header, Certificate Status (22):
>> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
>> * TLSv1.2 (IN), TLS handshake, Server hello (2):
>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>> * TLSv1.2 (IN), TLS handshake, Server finished (14):
>> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
>> * TLSv1.2 (OUT), TLS handshake, Finished (20):
>> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
>> * TLSv1.2 (IN), TLS handshake, Finished (20):
>> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
>> * ALPN, server accepted to use http/1.1
>>
>> So ALPN is happening, but h2 is not selected. How did you configure this?
>>
>>> Anfang der weitergeleiteten Nachricht:
>>> =20
>>> Von: Chris <chrcoluk@gmail.com>
>>> Datum: 16. Oktober 2015 um 11:22:57 MESZ
>>> An: dev@httpd.apache.org
>>> Betreff: Aw: mod_http2 protocols directive broken
>>> =20
>>> Hi Stefan, here is the output of both checks. Note I will confirm also
>>> curl is compiled with http2 support and will also show curl -V output.
>>> =20
>>> Curl -V
>>> "curl 7.45.0 (amd64-portbld-freebsd9.3) libcurl/7.45.0 OpenSSL/1.0.2d
>>> zlib/1.2.8 libidn/1.31 nghttp2/1.3.4
>>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
>>> rtsp smb smbs smtp smtps telnet tftp
>>> Features: AsynchDNS IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
>>> HTTP2 UnixSockets "
>>> =20
>>> Curl http2 test
>>> "# curl -v --http2 -v http://freebsd-admin.com/
>>> *   Trying 2a01:4f8:201:5465::4...
>>> * Connected to freebsd-admin.com (2a01:4f8:201:5465::4) port 80 (#0)
>>>> GET / HTTP/1.1
>>>> Host: freebsd-admin.com
>>>> User-Agent: curl/7.45.0
>>>> Accept: */*
>>>> Connection: Upgrade, HTTP2-Settings
>>>> Upgrade: h2c
>>>> HTTP2-Settings: AAMAAABkAAQAAP__
>>>> =20
>>> < HTTP/1.1 302 Found
>>> < Date: Fri, 16 Oct 2015 09:19:56 GMT
>>> < Server: Apache
>>> < X-Frame-Options: SAMEORIGIN
>>> < X-Xss-Protection: 1; mode=3Dblock
>>> < X-Content-Type-Options: nosniff
>>> < Content-Security-Policy: default-src 'self'; script-src 'self'
>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self'
>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>> < X-Content-Security-Policy: default-src 'self'; script-src 'self'
>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline'
>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>> < Location: https://freebsd-admin.com/
>>> < Content-Length: 210
>>> < Content-Type: text/html; charset=3Diso-8859-1
>>> <
>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>> <html><head>
>>> <title>302 Found</title>
>>> </head><body>
>>> <h1>Found</h1>
>>> <p>The document has moved <a =
>> href=3D"https://freebsd-admin.com/">here</a>.</p>
>>> </body></html>
>>> * Connection #0 to host freebsd-admin.com left intact"
>>> =20
>>> nghttp2 test
>>> "# nghttp -uv http://freebsd-admin.com/
>>> [  0.000] Connected
>>> [  0.000] HTTP Upgrade request
>>> GET / HTTP/1.1
>>> Host: freebsd-admin.com
>>> Connection: Upgrade, HTTP2-Settings
>>> Upgrade: h2c
>>> HTTP2-Settings: AAMAAABkAAQAAP__
>>> Accept: */*
>>> User-Agent: nghttp2/1.3.4
>>> =20
>>> =20
>>> [  0.001] HTTP Upgrade response
>>> HTTP/1.1 302 Found
>>> Date: Fri, 16 Oct 2015 09:21:42 GMT
>>> Server: Apache
>>> X-Frame-Options: SAMEORIGIN
>>> X-Xss-Protection: 1; mode=3Dblock
>>> X-Content-Type-Options: nosniff
>>> Content-Security-Policy: default-src 'self'; script-src 'self'
>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>> https://*.freebsd-admin.com; style-src 'unsafe-inline' 'self'
>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>> X-Content-Security-Policy: default-src 'self'; script-src 'self'
>>> 'unsafe-eval' 'unsafe-inline' https://*.freebsd-admin.com; connect-src
>>> 'self' https://*.freebsd-admin.com; img-src 'self'
>>> https://*.freebsd-admin.com; style-src 'self' 'unsafe-inline'
>>> https://*.freebsd-admin.com; block-all-mixed-content;
>>> Location: https://freebsd-admin.com/
>>> Content-Length: 210
>>> Content-Type: text/html; charset=3Diso-8859-1
>>> =20
>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>> <html><head>
>>> <title>302 Found</title>
>>> </head><body>
>>> <h1>Found</h1>
>>> <p>The document has moved <a =
>> href=3D"https://freebsd-admin.com/">here</a>.</p>
>>> </body></html>
>>> =20
>>> [ERROR] HTTP Upgrade failed
>>> Some requests were not processed. total=3D1, processed=3D0"
>>> =20
>>> Finally I also set logging to http2:debug but I dont see anything that
>>> indicates an error.
>>> =20
>>> "[Fri Oct 16 10:06:01.060039 2015] [http2:info] [pid 19537:tid
>>> 34410099712] mod_http2 (v1.0.0, nghttp2 1.3.4), initializing...
>>> [Fri Oct 16 10:06:01.060051 2015] [http2:debug] [pid 19537:tid
>>> 34410099712] h2_h2.c(72): h2_h2, child_init
>>> [Fri Oct 16 10:06:01.060059 2015] [http2:debug] [pid 19537:tid
>>> 34410099712] h2_switch.c(54): h2_switch init
>>> [Fri Oct 16 10:06:01.060287 2015] [lbmethod_heartbeat:notice] [pid
>>> 19537:tid 34410099712] AH02282: No slotmem from mod_heartmonitor
>>> [Fri Oct 16 10:06:02.001571 2015] [mpm_event:notice] [pid 19537:tid
>>> 34410099712] AH00489: Apache/2.4.17 (Unix) OpenSSL/1.0.2d configured
>>> -- resuming normal operations
>>> [Fri Oct 16 10:06:02.001600 2015] [core:notice] [pid 19537:tid
>>> 34410099712] AH00094: Command line: '/usr/sbin/httpd -D SSL'
>>> [Fri Oct 16 10:06:02.001697 2015] [http2:debug] [pid 19678:tid
>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, =
>> mthrpchild=3D32,
>>> thr_limit=3D64
>>> [Fri Oct 16 10:06:02.001755 2015] [http2:debug] [pid 19678:tid
>>> 34410099712] h2_workers.c(227): h2_workers: starting
>>> [Fri Oct 16 10:06:02.002007 2015] [http2:debug] [pid 19727:tid
>>> 34410099712] h2_conn.c(123): h2_workers: min=3D32 max=3D64, =
>> mthrpchild=3D32,
>>> thr_limit=3D64
>>> [Fri Oct 16 10:06:02.002062 2015] [http2:debug] [pid 19727:tid
>>> 34410099712] h2_workers.c(227): h2_workers: starting"
>>> =20
>>> Hope this helps.
>>> =20
>>> On 16 October 2015 at 10:14, Stefan Eissing
>>> <stefan.eissing@greenbytes.de> wrote:
>>>> Chris,
>>>> =20
>>>> I wrote some advice at https://icing.github.io/mod_h2/howto.html =
>> already.
>>>> =20
>>>> There are several checks described. Which one fails for you and how? =
>> I need
>>>> the output of the step that differs from the advice. Just a verbal =
>> description
>>>> is not enough. Thx.
>>>> =20
>>>> //Stefan
>>>> =20
>>>>> Am 16.10.2015 um 11:00 schrieb Chris <chrcoluk@gmail.com>:
>>>>> =20
>>>>> Hi guys.
>>>>> =20
>>>>> Was excited to see the module got added to 2.4.17 but I cannot get =
>> it
>>>>> to work in my testing following information from this url.
>>>>> https://icing.github.io/mod_h2/howto.html#http
>>>>> =20
>>>>> So what is confirmed working?
>>>>> =20
>>>>> I compiled apache with the appropriate configure flag.
>>>>> =20
>>>>> I can confirm in the error log the module loads.
>>>>> =20
>>>>> However the protocols directive seems to be ignored, testing with =
>> both
>>>>> curl and nghttp2, confirm only http 1.1. is used.  I have tried =
>> using
>>>>> invalid syntax on the protocols directive to cause an error but the
>>>>> server starts anyway without error as if it ignores the value, I =
>> have
>>>>> tried the value in both the server config and vhost which has no
>>>>> affect.
>>>>> =20
>>>>> Any ideas?
>>>>> =20
>>>>> I have been testing on both http and https and both stuck on http =
>> 1.1.
>>>>> =20
>>>>> Chris
>>>> =20
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message