Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Critical
Fix Version/s: None
Affects Version/s: httpd 2.4.23 GA
Component/s: mod_cluster-native
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

httpd 2.4.29 GA

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Despite having H2 enabled in Undertow https connector, Apache HTTP Server with mod_proxy-cluster terminates H2, i.e.

client <--> httpd communication is H2
direct client <--> worker is H2
but when client is served by worker via httpd, HTTP 1.1 is used between httpd and workers: client <-H2~~> httpd <HTTP 1.1~~-> worker
from the client's point of view, H2 is used, but in fact, it is used just between client and balacer, not all the way to the worker

From Wildfly Undertow access log:

Accessed through httpd balacner:

192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399
192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399
192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399
192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399

Balancer is checking worker's availablity:

192.168.122.172 - "OPTIONS * HTTP/1.0" 200 -
192.168.122.172 - "OPTIONS * HTTP/1.0" 200 -
192.168.122.172 - "OPTIONS * HTTP/1.0" 200 -
192.168.122.172 - "OPTIONS * HTTP/1.0" 200 -

Accessed directly via browser, httpd balancer is skipped:
192.168.122.1   - "GET /clusterbench/requestinfo HTTP/2.0" 200 920
192.168.122.1   - "GET /clusterbench/requestinfo HTTP/2.0" 200 920

Configuration

conf.modules.d/00-proxy.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_express_module modules/mod_proxy_express.so
LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
LoadModule proxy_http2_module modules/mod_proxy_http2.so

conf.d/mod_cluster.conf

LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule cluster_slotmem_module modules/mod_cluster_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule advertise_module modules/mod_advertise.so
LoadModule http2_module modules/mod_http2.so

MemManagerFile /tmp/mod_cluster-eapx/jbcs-httpd24-2.4/httpd/cache/mod_cluster

ServerName rhel7GAx86-64:2080
    SSLEngine on
    SSLProtocol All -SSLv2 -SSLv3
    SSLCipherSuite "HIGH MEDIUM !LOW"
    SSLProxyCipherSuite "HIGH MEDIUM !LOW"
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLHonorCipherOrder On
    SSLCertificateFile /opt/noe-tests/resources/ssl/proper/server.crt
    SSLCertificateKeyFile /opt/noe-tests/resources/ssl/proper/server.key
    SSLCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt
    SSLVerifyClient optional
    SSLProxyVerify optional
    SSLProxyEngine On
    SSLVerifyDepth 10
    SSLProxyVerifyDepth 10
    SSLProxyMachineCertificateFile /opt/noe-tests/resources/ssl/proper/client.pem
    SSLProxyCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt
    SSLProxyProtocol All -SSLv2 -SSLv3

EnableOptions  
LogLevel debug
<IfModule manager_module>
Listen 192.168.122.172:8747
 <VirtualHost 192.168.122.172:8747>
    <Directory />
Require all granted
    </Directory>
    ServerAdvertise on
    EnableMCPMReceive
<Location /mcm>
      SetHandler mod_cluster-manager
Require all granted
   </Location>
AdvertiseGroup 224.0.5.172:62844
AdvertiseBindAddress 192.168.122.172:62844
    SSLEngine on
    SSLProtocol All -SSLv2 -SSLv3
    SSLCipherSuite "HIGH MEDIUM !LOW"
    SSLProxyCipherSuite "HIGH MEDIUM !LOW"
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off
    SSLHonorCipherOrder On
    SSLCertificateFile /opt/noe-tests/resources/ssl/proper/server.crt
    SSLCertificateKeyFile /opt/noe-tests/resources/ssl/proper/server.key
    SSLCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt
    SSLVerifyClient optional
    SSLProxyVerify optional
    SSLProxyEngine On
    SSLVerifyDepth 10
    SSLProxyVerifyDepth 10
    SSLProxyMachineCertificateFile /opt/noe-tests/resources/ssl/proper/client.pem
    SSLProxyCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt
    SSLProxyProtocol All -SSLv2 -SSLv3

Protocols h2
ProtocolsHonorOrder on
KeepAliveTimeout 60
MaxKeepAliveRequests 0
ServerAdvertise on
AdvertiseFrequency 5
ManagerBalancerName qacluster

</VirtualHost>
</IfModule>

Mod_cluster subsystem

MCMP uses HTTP 1/1 (https), becasue at the moment, one cannot make it to use wildfly-openssl provider: ~~JBEAP-9688~~

clones

MODCLUSTER-578 mod_proxy_cluster terminates HTTP/2 and talks HTTP/1.1 (https) to WildFly/Tomcat workers

Closed

Assignee:: Jean-Frederic Clere

Reporter:: Karm Karm

Tester:: Karm Karm

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2017/04/07 9:13 AM

Updated:: 2021/10/24 6:07 AM

Resolved:: 2018/06/19 11:11 AM

Details

Description

From Wildfly Undertow access log:

Configuration

conf.modules.d/00-proxy.conf

conf.d/mod_cluster.conf

Mod_cluster subsystem

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates