On 02/15/2017 12:19 PM, Jordan Gigov wrote:
> On 15 February 2017 at 12:50, Sander Hoentjen <san...@hoentjen.eu> wrote:
>> Hey guys,
>>
>> I am trying to use both mod_remoteip with ProxyProtocol and mod_http2.
>> It looks like mod_http2 gets handed the connection before mod_remoteip,
>> so things don't work as they should. ProxyProtocol should always be
>> handled first, since it is prepended to the stream. Any pointers to
>> where in the code I can look to change things around?
>>
>> --
>> Sander
> Try modules/http2/h2_h2.c line 550 add "mod_remoteip.c" after "mod_ssl.c".
>
> This reminds me since remoteip is being updated, maybe it should also
> specify some before and after mods to avoid.
It seems I was wrong, the issue is that for some reason
remoteip_hook_pre_connection is called twice for a h2 connection:
[Wed Feb 15 14:32:08.048968 2017] [remoteip:debug] [pid 8521]
mod_remoteip.c(1015): [client 192.168.122.1:35136] AH03503:
RemoteIPProxyProtocol: enabled on connection to 192.168.122.249:84
[Wed Feb 15 14:32:08.049082 2017] [remoteip:debug] [pid 8521]
mod_remoteip.c(1406): [client 192.168.122.1:35136] AH03511:
RemoteIPProxyProtocol: received valid PROXY header: 192.168.122.1:35136
[Wed Feb 15 14:32:08.049554 2017] [http2:debug] [pid 8521]
h2_session.c(994): [client 192.168.122.1:35136] AH03200: h2_session(4)
created, max_streams=100, stream_mem=32768, workers_limit=6,
workers_max=1, push_diary(type=1,N=256)
[Wed Feb 15 14:32:08.049579 2017] [http2:debug] [pid 8521]
h2_session.c(1088): [client 192.168.122.1:35136] AH03201: h2_session(4):
start, INITIAL_WINDOW_SIZE=65535, MAX_CONCURRENT_STREAMS=100
[Wed Feb 15 14:32:08.049589 2017] [http2:debug] [pid 8521]
h2_session.c(2067): [client 192.168.122.1:35136] AH03079: h2_session(4):
started on localhost.localdomain:84
[Wed Feb 15 14:32:08.049596 2017] [http2:debug] [pid 8521]
h2_session.c(1721): [client 192.168.122.1:35136] AH03078: h2_session(4):
transit [INIT] -- init --> [BUSY]
[Wed Feb 15 14:32:08.049616 2017] [http2:debug] [pid 8521]
h2_session.c(441): [client 192.168.122.1:35136] AH03066: h2_session(4):
recv FRAME[SETTINGS[length=0, stream=0]], frames=0/0 (r/s)
[Wed Feb 15 14:32:08.049628 2017] [http2:debug] [pid 8521]
h2_stream.c(189): [client 192.168.122.1:35136] AH03082: h2_stream(4-1):
opened
[Wed Feb 15 14:32:08.049655 2017] [http2:debug] [pid 8521]
h2_session.c(441): [client 192.168.122.1:35136] AH03066: h2_session(4):
recv FRAME[HEADERS[length=31, hend=1, stream=1, eos=1]], frames=1/0 (r/s)
[Wed Feb 15 14:32:08.049706 2017] [http2:debug] [pid 8521]
h2_session.c(677): [client 192.168.122.1:35136] AH03068: h2_session(4):
sent FRAME[SETTINGS[length=6, stream=0]], frames=2/0 (r/s)
[Wed Feb 15 14:32:08.049768 2017] [remoteip:debug] [pid 8521]
mod_remoteip.c(1015): [client 192.168.122.1:35136] AH03503:
RemoteIPProxyProtocol: enabled on connection to 192.168.122.249:84
[Wed Feb 15 14:32:08.049810 2017] [remoteip:warn] [pid 8521] [client
192.168.122.1:35136] AH03496: RemoteIPProxyProtocol data is missing, but
required! Aborting request.
[Wed Feb 15 14:32:08.049840 2017] [http2:debug] [pid 8521]
h2_request.c(271): [client 192.168.122.1:35136] AH03367: h2_request:
access_status=400, request_create failed
mod_remote ip has:
/* mod_proxy creates outgoing connections - we don't want those */
if (!remoteip_is_server_port(c->local_addr->port)) {
return DECLINED;
}
I am guessing something similar is needed for h2 connections?
--
Sander
