[
https://issues.apache.org/jira/browse/TS-3416?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14343192#comment-14343192
]
Neil Craig edited comment on TS-3416 at 3/2/15 2:33 PM:
--------------------------------------------------------
Hi again Susan
Thanks for the reply but sadly, it doesn't work for me. I have tried many
combinations and just re-tried:
records.config:
CONFIG proxy.config.http2.enabled INT 1
CONFIG proxy.config.http.server_ports STRING 80:http 443:ssl
There are no obvious issues highlighted in diags.log:
[Mar 2 14:28:24.587] {0x2b6e796bc060} STATUS: opened
/var/log/trafficserver/diags.log
[Mar 2 14:28:24.587] {0x2b6e796bc060} NOTE: updated diags config
[Mar 2 14:28:24.591] Server {0x2b6e796bc060} NOTE: cache clustering disabled
[Mar 2 14:28:24.599] Server {0x2b6e796bc060} NOTE: ip_allow.config updated,
reloading
[Mar 2 14:28:24.604] Server {0x2b6e796bc060} NOTE: cache clustering disabled
[Mar 2 14:28:24.609] Server {0x2b6e796bc060} NOTE: logging initialized[3],
logging_mode = 3
[Mar 2 14:28:24.614] Server {0x2b6e796bc060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/header_rewrite.so'
[Mar 2 14:28:24.615] Server {0x2b6e796bc060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/xdebug.so'
[Mar 2 14:28:24.616] Server {0x2b6e796bc060} NOTE: loading SSL certificate
configuration from /usr/local/etc/trafficserver/ssl_multicert.config
[Mar 2 14:28:24.648] Server {0x2b6e796bc060} NOTE: traffic server running
[Mar 2 14:28:24.711] Server {0x2b6e7a14b700} NOTE: cache enabled
[Mar 2 14:28:49.012] {0x2b0af06ce060} STATUS: opened
/var/log/trafficserver/diags.log
[Mar 2 14:28:49.013] {0x2b0af06ce060} NOTE: updated diags config
[Mar 2 14:28:49.016] Server {0x2b0af06ce060} NOTE: cache clustering disabled
[Mar 2 14:28:49.020] Server {0x2b0af06ce060} NOTE: ip_allow.config updated,
reloading
[Mar 2 14:28:49.023] Server {0x2b0af06ce060} NOTE: cache clustering disabled
[Mar 2 14:28:49.025] Server {0x2b0af06ce060} NOTE: logging initialized[3],
logging_mode = 3
[Mar 2 14:28:49.032] Server {0x2b0af06ce060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/header_rewrite.so'
[Mar 2 14:28:49.034] Server {0x2b0af06ce060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/xdebug.so'
[Mar 2 14:28:49.036] Server {0x2b0af06ce060} NOTE: loading SSL certificate
configuration from /usr/local/etc/trafficserver/ssl_multicert.config
[Mar 2 14:28:49.084] Server {0x2b0af06ce060} NOTE: traffic server running
[Mar 2 14:28:49.130] Server {0x2b0af115d700} NOTE: cache enabled
[Mar 2 14:28:49.896] Server {0x2b0af3875700} WARNING: skipping access control
checks for HTTP/2 connection
[Mar 2 14:28:49.910] Server {0x2b0af3976700} WARNING: skipping access control
checks for HTTP/2 connection
[Mar 2 14:28:49.982] Server {0x2b0af3a77700} WARNING: skipping access control
checks for HTTP/2 connection
[Mar 2 14:28:49.996] Server {0x2b0af3875700} WARNING: skipping access control
checks for HTTP/2 connection
Is it possible that it's because my origin is HTTP rather than HTTPS or some
issue with the underlying openSSL lib or something? Seems odd that all HTTPS
proxying breaks but it does - thought HTTP proxying continues to work fine.
Cheers
Neil
was (Author: neil.craig):
Hi again Susan
Thanks for the reply but sadly, it doesn't work for me. I have tried many
combinations and just re-tried:
records.config:
CONFIG proxy.config.http2.enabled INT 1
# plain HTTP
#CONFIG proxy.config.http.server_ports STRING 80
# plain SSL
CONFIG proxy.config.http.server_ports STRING 80:http 443:ssl
There are no obvious issues highlighted in diags.log:
[Mar 2 14:28:24.587] {0x2b6e796bc060} STATUS: opened
/var/log/trafficserver/diags.log
[Mar 2 14:28:24.587] {0x2b6e796bc060} NOTE: updated diags config
[Mar 2 14:28:24.591] Server {0x2b6e796bc060} NOTE: cache clustering disabled
[Mar 2 14:28:24.599] Server {0x2b6e796bc060} NOTE: ip_allow.config updated,
reloading
[Mar 2 14:28:24.604] Server {0x2b6e796bc060} NOTE: cache clustering disabled
[Mar 2 14:28:24.609] Server {0x2b6e796bc060} NOTE: logging initialized[3],
logging_mode = 3
[Mar 2 14:28:24.614] Server {0x2b6e796bc060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/header_rewrite.so'
[Mar 2 14:28:24.615] Server {0x2b6e796bc060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/xdebug.so'
[Mar 2 14:28:24.616] Server {0x2b6e796bc060} NOTE: loading SSL certificate
configuration from /usr/local/etc/trafficserver/ssl_multicert.config
[Mar 2 14:28:24.648] Server {0x2b6e796bc060} NOTE: traffic server running
[Mar 2 14:28:24.711] Server {0x2b6e7a14b700} NOTE: cache enabled
[Mar 2 14:28:49.012] {0x2b0af06ce060} STATUS: opened
/var/log/trafficserver/diags.log
[Mar 2 14:28:49.013] {0x2b0af06ce060} NOTE: updated diags config
[Mar 2 14:28:49.016] Server {0x2b0af06ce060} NOTE: cache clustering disabled
[Mar 2 14:28:49.020] Server {0x2b0af06ce060} NOTE: ip_allow.config updated,
reloading
[Mar 2 14:28:49.023] Server {0x2b0af06ce060} NOTE: cache clustering disabled
[Mar 2 14:28:49.025] Server {0x2b0af06ce060} NOTE: logging initialized[3],
logging_mode = 3
[Mar 2 14:28:49.032] Server {0x2b0af06ce060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/header_rewrite.so'
[Mar 2 14:28:49.034] Server {0x2b0af06ce060} NOTE: loading plugin
'/usr/local/libexec/trafficserver/xdebug.so'
[Mar 2 14:28:49.036] Server {0x2b0af06ce060} NOTE: loading SSL certificate
configuration from /usr/local/etc/trafficserver/ssl_multicert.config
[Mar 2 14:28:49.084] Server {0x2b0af06ce060} NOTE: traffic server running
[Mar 2 14:28:49.130] Server {0x2b0af115d700} NOTE: cache enabled
[Mar 2 14:28:49.896] Server {0x2b0af3875700} WARNING: skipping access control
checks for HTTP/2 connection
[Mar 2 14:28:49.910] Server {0x2b0af3976700} WARNING: skipping access control
checks for HTTP/2 connection
[Mar 2 14:28:49.982] Server {0x2b0af3a77700} WARNING: skipping access control
checks for HTTP/2 connection
[Mar 2 14:28:49.996] Server {0x2b0af3875700} WARNING: skipping access control
checks for HTTP/2 connection
Is it possible that it's because my origin is HTTP rather than HTTPS or some
issue with the underlying openSSL lib or something? Seems odd that all HTTPS
proxying breaks but it does - thought HTTP proxying continues to work fine.
Cheers
Neil
> Enabling HTTP2 breaks proxying
> ------------------------------
>
> Key: TS-3416
> URL: https://issues.apache.org/jira/browse/TS-3416
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, HTTP/2
> Reporter: Neil Craig
>
> Hi guys
> Firstly, apologies if this is the wrong place to ask.
> I have ATS 5.3, compiled (with experimental plugins) from a github pull a
> couple of days ago, runnning on CentOS 6.6 64 bit. I'm trying to get ATS
> working with h2 as a reverse proxy but every time I enable h2 via
> proxy.config.http2.enabled in records.config, proxying breaks. I've tried
> both http and https backends and many variants of http_ports config.
> H2 is working in that the chrome/firefox indicator shows it and i can see it
> in chrome:net-internals but as i say, proxying breaks. The moment i disable
> h2 via proxy.config.http2.enabled INT 0, proxying works again (as does
> vanilla TLS).
> I can't see anything in the logs which is helpful. My configs are below:
> records.config:
> CONFIG proxy.config.http2.enabled INT 1
> CONFIG proxy.config.http.server_ports STRING 80:http 443:ssl:proto=http2
> CONFIG proxy.config.log.logfile_dir STRING /var/log/trafficserver
> CONFIG proxy.config.body_factory.template_sets_dir STRING
> etc/trafficserver/body_factory
> CONFIG proxy.config.url_remap.filename STRING remap.config
> proxy.config.log.common_log_enabled INT 1
> proxy.config.log.common_log_is_ascii INT 1
> proxy.config.log.common_log_name STRING nutscrape.log
> CONFIG proxy.config.cache.control.filename STRING cache.config
> CONFIG proxy.config.ssl.server.multicert.filename STRING ssl_multicert.config
> CONFIG proxy.config.log.extended_log_enabled INT 1
> CONFIG proxy.config.log.extended_log_is_ascii INT 1
> CONFIG proxy.config.log.extended_log_name STRING ext.log
> CONFIG proxy.config.ssl.server.cert.path STRING /usr/local/etc/tls-certs/
> CONFIG proxy.config.ssl.server.private_key.path STRING
> /usr/local/etc/tls-certs/
> remap.config:
> map_with_recv_port https://<edge-hostname> http://<origin-hostname>
> reverse_map http://<origin-hostname> https://<edge-hostname>
> I haven't changed anything else I can think of and have no plugins running.
> In terms of logs, the error.log shows 404s for the origin requests (but i can
> curl/wget the same resources from the server). The diag.log looks like this:
> [Feb 27 11:23:55.589] {0x2b0a0481e060} STATUS: opened
> /var/log/trafficserver/diags.log
> [Feb 27 11:23:55.589] {0x2b0a0481e060} NOTE: updated diags config
> [Feb 27 11:23:55.591] Server {0x2b0a0481e060} NOTE: cache clustering disabled
> [Feb 27 11:23:55.592] Server {0x2b0a0481e060} NOTE: ip_allow.config updated,
> reloading
> [Feb 27 11:23:55.594] Server {0x2b0a0481e060} NOTE: cache clustering disabled
> [Feb 27 11:23:55.595] Server {0x2b0a0481e060} NOTE: logging initialized[3],
> logging_mode = 3
> [Feb 27 11:23:55.600] Server {0x2b0a0481e060} NOTE: loading SSL certificate
> configuration from /usr/local/etc/trafficserver/ssl_multicert.config
> [Feb 27 11:23:55.627] Server {0x2b0a0481e060} NOTE: traffic server running
> [Feb 27 11:23:55.637] Server {0x2b0a06e94700} WARNING: skipping access
> control checks for HTTP/2 connection
> [Feb 27 11:23:55.653] Server {0x2b0a06e94700} WARNING: skipping access
> control checks for HTTP/2 connection
> [Feb 27 11:23:55.727] Server {0x2b0a0481e060} NOTE: cache enabled
> (after a restart).
> That's about all i can think of that's likely to be useful.
> Any advice or a pointer to a better place to ask would be very gratefully
> received.
> Cheers
> Neil
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
