[scl.org] httpd24 and http/2

Joni Herttuainen joni.herttuainen at cern.ch
Mon Jan 15 10:14:17 UTC 2018 

Hi again Joe (+SCL mailing list),

I tested my setup with newer version of Apache (2.4.29) on my development machine and this I did not experience this issue with it. This makes me more confident that the issue is due to the known patch and that the issue is not patched in the apache available in SCL repo.

So, my question remains:
Is this bug patched in the apache package available in your repo? If not, would it be too much to ask to have it patched?

It would really ease up the automatic server installation process.

Thank you very much and excuse me if I am a burden and/or spamming you on this issue.

Yours Sincerely,
Joni Herttuainen

On Mon, 2017-12-18 at 10:29 +0100, Joni Herttuainen wrote:
Hi Joe (+SCL mailing list),

I have been using the apache 2.4.27 with the mod_ssl compiled with / supporting OpenSSL 1.0.2k provided by your repo (using the MPM Event). HTTP/2 works perfectly fine out of the box.

However, sending multiple requests (>3) to the server's CGI Scripts at the same time, quite often one of them keeps hanging and dies due to a timeout. I checked this and the scripts actually finish, but the server hangs. I increased the log verbosity in the apache, and I keep seeing following log pattern:

[pid 20042:tid 140036703991552] h2_mplx.c(1239): [client 128.141.154.92:37154] h2_mplx(65): dispatch events
[pid 20042:tid 140036703991552] h2_session.c(1711): [client 128.141.154.92:37154] h2_session(65,BUSY,1): NO_IO event, 1 streams open
[pid 20042:tid 140036703991552] h2_session.c(1612): [client 128.141.154.92:37154] AH03078: h2_session(65,BUSY,1): transit [BUSY] -- no io --> [WAIT]
[pid 20042:tid 140036703991552] h2_mplx.c(619): [client 128.141.154.92:37154] h2_mplx(65): trywait on data for 200.000000 ms)
[pid 20042:tid 140036703991552] h2_session.c(1612): [client 128.141.154.92:37154] AH03078: h2_session(65,WAIT,1): transit [WAIT] -- wait cycle --> [BUSY]
[pid 20042:tid 140036703991552] h2_filter.c(144): [client 128.141.154.92:37154] h2_session(65): read, NONBLOCK_READ, mode=0, readbytes=65536
[pid 20042:tid 140036703991552] h2_filter.c(189): (11)Resource temporarily unavailable: [client 128.141.154.92:37154] h2_session(65): read

which ends up in:
[pid 20042:tid 140036703991552] h2_mplx.c(1239): [client 128.141.154.92:37154] h2_mplx(65): dispatch events
[pid 20042:tid 140036703991552] h2_session.c(1711): [client 128.141.154.92:37154] h2_session(65,BUSY,1): NO_IO event, 1 streams open
[pid 20042:tid 140036703991552] h2_session.c(1612): [client 128.141.154.92:37154] AH03078: h2_session(65,BUSY,1): transit [BUSY] -- no io --> [WAIT]
[pid 20042:tid 140037216536320] h2_bucket_beam.c(1275): [client 128.141.154.92:37154] beam(65-237,output,closed=0,aborted=0,empty=1,buf=0): send_out(after)
[pid 20042:tid 140036703991552] h2_mplx.c(619): [client 128.141.154.92:37154] h2_mplx(65): trywait on data for 200.000000 ms)
[pid 20042:tid 140037216536320] h2_task.c(119): (70007)The timeout specified has expired: [client 128.141.154.92:37154] h2_task(65-237): send_out (390840 bytes)

and finally in the log I see:
[pid 20042:tid 140037216536320] h2_task.c(119): (103)Software caused connection abort: [client 128.141.154.92:37154] h2_task(65-237): send_out (0 bytes)

I tried to search for the root cause of the issue and I found these:
https://github.com/icing/mod_h2/issues/143
https://bz.apache.org/bugzilla/show_bug.cgi?id=61382

Which leads me to asking, is this bug patched in the apache package available in your repo? If not, would it be too much to ask to have it patched?
Here's a link to the patch:
https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.4.27/PR61382-Fix.patch

Sincerely,
Joni Herttuainen


On Tue, 2017-10-17 at 16:34 +0100, Joe Orton wrote:

Hi Joni,

On Fri, Oct 13, 2017 at 12:33:08PM +0000, Joni Herttuainen wrote:
...


The apache of httpd24 provided by SCL is recent enough to support
HTTP/2. But when I installed the package and configured it, I could not
get the communication in h2 protocol to work.

First of all, there was an error message when loading the mod_http2:


httpd: Syntax error on line 56 of
/opt/rh/httpd24/root/etc/httpd/conf/httpd.conf: Syntax error on line
40 of /opt/rh/httpd24/root/etc/httpd/conf.modules.d/00-base.conf:
Cannot load modules/mod_http2.so into server: libnghttp2-
httpd24.so.14: cannot open shared object file: No such file or
directory





You will typically get this error if you try to run the httpd executable
from outside the SCL environment (i.e. not either under "scl enable
httpd24" nor from the systemd unit).  Otherwise you should not see this;
LoadFile tricks to get the libary loaded are definitely not recommended,
"scl enable" will adjust LD_LIBRARY_PATH so the library can be find.



However, this was not the cause for the http2 not to work. The actual
cause was that the SSL module provided by SCL (httpd24-mod_ssl) seems
to be built against OpenSSL version 1.0.1e which is older than the
version required (1.0.2) to support ALPN (i.e. to have http/2
communication with the all the major browsers).



Yes, unfortunately we can't support HTTP/2 with ALPN on the older
OpenSSL.

The updated httpd24 collection in testing for RHSCL 3.0 Beta has httpd
2.4.27 packages which do support ALPN if running on OpenSSL 1.0.2 (i.e.
RHEL 7.4).  We'd very much welcome testing feedback there if you're able
to test that out.  Note that recent versions of mod_http2 also require
switching to the "event" MPM.

Regards, Joe


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/sclorg/attachments/20180115/abd84784/attachment.htm>

More information about the SCLorg mailing list