> > 3) When I enable "http2_push_preload on;" on the nginx (because nginx wants
> > to push images etc.) then the website is not working and I have the
> > following entries in the haproxy-log:
> > Feb 26 12:04:50 localhost haproxy[31691]: srcip=1.1.1.1:56146
> > feip=10.10.10.10:443(http-in,http-in~,1) beip=-:-(http-in,0)
> > serverip=-:-(<NOSRV>) <BADREQ> 1/1/0/0/0 0/0 requests=11 resptime=-1
> > bytesread=0 status=0 tsc=PR-- sslv=TLSv1.2 ms=114
> > Feb 26 12:04:50 localhost haproxy[31691]: srcip=1.1.1.1:56146
> > feip=10.10.10.10:443(http-in,http-in~,1) beip=10.10.10.10:38632(server1,0)
> > serverip=10.20.20.20:443(webserver1) GET /auth HTTP/1.1 1/1/0/0/0 0/0
> > requests=10 resptime=-1 bytesread=0 status=-1 tsc=SD-- sslv=TLSv1.2 ms=114
>
> This is very strange. We don't support push, but push is a negotiation,
> so there is no reason for push responses to be sponatenously emitted by
> nginx if not invited to do so! Or maybe it fails on the settings frame
> because nginx announces an incorrect value (the standard allows only 0
> or 1) ?
OK, I am stupid. This is the reason for your problem above. Please apply
the attached patch (or simply pull the 1.9 repo), I'm pretty sure it will
be fixed.
The reason is that PUSH is enabled by default in H2. We used not to
advertise its non-support because originally our SETTINGS frames were
only sent to clients and they don't care. But now we needed to update
the function to properly advertise this to the servers, otherwise they
will rightfully use PUSH.
Thanks for reporting this,
Willy
>From 6034728ef888eaef60225cc737d7595b07a0cd0e Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w...@1wt.eu>
Date: Tue, 26 Feb 2019 16:01:52 +0100
Subject: BUG/MEDIUM: h2: advertise to servers that we don't support push
The h2c_send_settings() function was initially made to serve on the
frontend. Here we don't need to advertise that we don't support PUSH
since we don't do that ourselves. But on the backend side it's
different because PUSH is enabled by default so we must announce that
we don't want the server to use it.
This must be backported to 1.9.
(cherry picked from commit 0bbad6bb06f39185a1b6803e354dac1a48be6c16)
Signed-off-by: Willy Tarreau <w...@1wt.eu>
---
src/mux_h2.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/mux_h2.c b/src/mux_h2.c
index a8208abaf..8133f7d92 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -1026,6 +1026,11 @@ static int h2c_send_settings(struct h2c *h2c)
"\x00\x00\x00\x00", /* stream ID : 0 */
9);
+ if (h2c->flags & H2_CF_IS_BACK) {
+ /* send settings_enable_push=0 */
+ chunk_memcat(&buf, "\x00\x02\x00\x00\x00\x00", 6);
+ }
+
if (h2_settings_header_table_size != 4096) {
char str[6] = "\x00\x01"; /* header_table_size */
--
2.20.1
