Neil Craig created TS-3416:
------------------------------
Summary: Enabling HTTP2 breaks proxying
Key: TS-3416
URL: https://issues.apache.org/jira/browse/TS-3416
Project: Traffic Server
Issue Type: Bug
Components: Core, HTTP/2
Reporter: Neil Craig
Hi guys
Firstly, apologies if this is the wrong place to ask.
I have ATS 5.3, compiled (with experimental plugins) from a github pull a
couple of days ago, runnning on CentOS 6.6 64 bit. I'm trying to get ATS
working with h2 as a reverse proxy but every time I enable h2 via
proxy.config.http2.enabled in records.config, proxying breaks. I've tried both
http and https backends and many variants of http_ports config.
H2 is working in that the chrome/firefox indicator shows it and i can see it in
chrome:net-internals but as i say, proxying breaks. The moment i disable h2 via
proxy.config.http2.enabled INT 0, proxying works again (as does vanilla TLS).
I can't see anything in the logs which is helpful. My configs are below:
records.config:
CONFIG proxy.config.http2.enabled INT 1
CONFIG proxy.config.http.server_ports STRING 80:http 443:ssl:proto=http2
CONFIG proxy.config.log.logfile_dir STRING /var/log/trafficserver
CONFIG proxy.config.body_factory.template_sets_dir STRING
etc/trafficserver/body_factory
CONFIG proxy.config.url_remap.filename STRING remap.config
proxy.config.log.common_log_enabled INT 1
proxy.config.log.common_log_is_ascii INT 1
proxy.config.log.common_log_name STRING nutscrape.log
CONFIG proxy.config.cache.control.filename STRING cache.config
CONFIG proxy.config.ssl.server.multicert.filename STRING ssl_multicert.config
CONFIG proxy.config.log.extended_log_enabled INT 1
CONFIG proxy.config.log.extended_log_is_ascii INT 1
CONFIG proxy.config.log.extended_log_name STRING ext.log
CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/tls-certs/
CONFIG proxy.config.ssl.server.private_key.path STRING /usr/local/etc/tls-certs/
remap.config:
map_with_recv_port https://<edge-hostname> http://<origin-hostname>
reverse_map http://<origin-hostname> https://<edge-hostname>
I haven't changed anything else I can think of and have no plugins running.
In terms of logs, the error.log shows 404s for the origin requests (but i can
curl/wget the same resources from the server). The diag.log looks like this:
[Feb 27 11:23:55.589] {0x2b0a0481e060} STATUS: opened
/var/log/trafficserver/diags.log
[Feb 27 11:23:55.589] {0x2b0a0481e060} NOTE: updated diags config
[Feb 27 11:23:55.591] Server {0x2b0a0481e060} NOTE: cache clustering disabled
[Feb 27 11:23:55.592] Server {0x2b0a0481e060} NOTE: ip_allow.config updated,
reloading
[Feb 27 11:23:55.594] Server {0x2b0a0481e060} NOTE: cache clustering disabled
[Feb 27 11:23:55.595] Server {0x2b0a0481e060} NOTE: logging initialized[3],
logging_mode = 3
[Feb 27 11:23:55.600] Server {0x2b0a0481e060} NOTE: loading SSL certificate
configuration from /usr/local/etc/trafficserver/ssl_multicert.config
[Feb 27 11:23:55.627] Server {0x2b0a0481e060} NOTE: traffic server running
[Feb 27 11:23:55.637] Server {0x2b0a06e94700} WARNING: skipping access control
checks for HTTP/2 connection
[Feb 27 11:23:55.653] Server {0x2b0a06e94700} WARNING: skipping access control
checks for HTTP/2 connection
[Feb 27 11:23:55.727] Server {0x2b0a0481e060} NOTE: cache enabled
(after a restart).
That's about all i can think of that's likely to be useful.
Any advice or a pointer to a better place to ask would be very gratefully
received.
Cheers
Neil
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
