[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [scl.org] httpd24 and http/2



Hi Joe (+SCL mailing list),

I have been using the apache 2.4.27 with the mod_ssl compiled with / supporting OpenSSL 1.0.2k provided by your repo (using the MPM Event). HTTP/2 works perfectly fine out of the box. 

However, sending multiple requests (>3) to the server's CGI Scripts at the same time, quite often one of them keeps hanging and dies due to a timeout. I checked this and the scripts actually finish, but the server hangs. I increased the log verbosity in the apache, and I keep seeing following log pattern:

[pid 20042:tid 140036703991552] h2_mplx.c(1239): [client 128.141.154.92:37154] h2_mplx(65): dispatch events
[pid 20042:tid 140036703991552] h2_session.c(1711): [client 128.141.154.92:37154] h2_session(65,BUSY,1): NO_IO event, 1 streams open
[pid 20042:tid 140036703991552] h2_session.c(1612): [client 128.141.154.92:37154] AH03078: h2_session(65,BUSY,1): transit [BUSY] -- no io --> [WAIT]
[pid 20042:tid 140036703991552] h2_mplx.c(619): [client 128.141.154.92:37154] h2_mplx(65): trywait on data for 200.000000 ms)
[pid 20042:tid 140036703991552] h2_session.c(1612): [client 128.141.154.92:37154] AH03078: h2_session(65,WAIT,1): transit [WAIT] -- wait cycle --> [BUSY]
[pid 20042:tid 140036703991552] h2_filter.c(144): [client 128.141.154.92:37154] h2_session(65): read, NONBLOCK_READ, mode=0, readbytes=65536
[pid 20042:tid 140036703991552] h2_filter.c(189): (11)Resource temporarily unavailable: [client 128.141.154.92:37154] h2_session(65): read

which ends up in:
[pid 20042:tid 140036703991552] h2_mplx.c(1239): [client 128.141.154.92:37154] h2_mplx(65): dispatch events
[pid 20042:tid 140036703991552] h2_session.c(1711): [client 128.141.154.92:37154] h2_session(65,BUSY,1): NO_IO event, 1 streams open
[pid 20042:tid 140036703991552] h2_session.c(1612): [client 128.141.154.92:37154] AH03078: h2_session(65,BUSY,1): transit [BUSY] -- no io --> [WAIT]
[pid 20042:tid 140037216536320] h2_bucket_beam.c(1275): [client 128.141.154.92:37154] beam(65-237,output,closed=0,aborted=0,empty=1,buf=0): send_out(after)
[pid 20042:tid 140036703991552] h2_mplx.c(619): [client 128.141.154.92:37154] h2_mplx(65): trywait on data for 200.000000 ms)
[pid 20042:tid 140037216536320] h2_task.c(119): (70007)The timeout specified has expired: [client 128.141.154.92:37154] h2_task(65-237): send_out (390840 bytes)

and finally in the log I see:
[pid 20042:tid 140037216536320] h2_task.c(119): (103)Software caused connection abort: [client 128.141.154.92:37154] h2_task(65-237): send_out (0 bytes)

I tried to search for the root cause of the issue and I found these:

Which leads me to asking, is this bug patched in the apache package available in your repo? If not, would it be too much to ask to have it patched?
Here's a link to the patch:

Sincerely,
Joni Herttuainen


On Tue, 2017-10-17 at 16:34 +0100, Joe Orton wrote:
Hi Joni,

On Fri, Oct 13, 2017 at 12:33:08PM +0000, Joni Herttuainen wrote:
...
The apache of httpd24 provided by SCL is recent enough to support HTTP/2. But when I installed the package and configured it, I could not get the communication in h2 protocol to work. First of all, there was an error message when loading the mod_http2:
httpd: Syntax error on line 56 of /opt/rh/httpd24/root/etc/httpd/conf/httpd.conf: Syntax error on line 40 of /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-base.conf: Cannot load modules/mod_http2.so into server: libnghttp2- httpd24.so.14: cannot open shared object file: No such file or directory
You will typically get this error if you try to run the httpd executable from outside the SCL environment (i.e. not either under "scl enable httpd24" nor from the systemd unit). Otherwise you should not see this; LoadFile tricks to get the libary loaded are definitely not recommended, "scl enable" will adjust LD_LIBRARY_PATH so the library can be find.
However, this was not the cause for the http2 not to work. The actual cause was that the SSL module provided by SCL (httpd24-mod_ssl) seems to be built against OpenSSL version 1.0.1e which is older than the version required (1.0.2) to support ALPN (i.e. to have http/2 communication with the all the major browsers).
Yes, unfortunately we can't support HTTP/2 with ALPN on the older OpenSSL. The updated httpd24 collection in testing for RHSCL 3.0 Beta has httpd 2.4.27 packages which do support ALPN if running on OpenSSL 1.0.2 (i.e. RHEL 7.4). We'd very much welcome testing feedback there if you're able to test that out. Note that recent versions of mod_http2 also require switching to the "event" MPM. Regards, Joe

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]