Netty HTTP/2 configuration with apache
See original GitHub issueExpected behavior
Apache httpd has to accept and service the HTTP/2 request originating from server.
Server ( OKHttp/Netty Library) --> Apache httpd ( HTTP2) --> Service 1
Note : Using a self signed certificate in httpd and have added the same to the java truststore in the Server
Actual behavior
- We have used this setup with OKHttp library and it works fine
- How ever with netty libraray it fails with the error
io.netty.handler.codec.http2.Http2Exception: First received frame was not SETTINGS. Hex dump for first 5 bytes: 485454502f
and the access logs shows this SERVERHOST - - [11/Jan/2019:12:36:51 +0000] “PRI * HTTP/2.0” 400 226 and the request logs shows this [11/Jan/2019:12:36:36 +0000] SERVERHOST TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 “PRI * HTTP/2.0” 226 PRI
Additional Info
ssl.conf of apache `
SSLEngine on
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
Mutex sysvsem default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
KeepAlive On
KeepAliveTimeout 3600
MaxKeepAliveRequests 0
Protocols h2 h2c http/1.1
ErrorLog /home/apache2/logs/ssl_error_log
TransferLog /home/apache2/logs/ssl_access_log
LogLevel info
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
SSLHonorCipherOrder on
SSLCertificateFile /home/self-Signed.cert
SSLCertificateKeyFile /home/self-Signed.key `
SSLVerifyDepth 5
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Location />
SSLVerifyClient none
ProxyPass balancer://workers/ nocanon
ProxyPassReverse balancer://workers/
</Location>
Minimal yet complete reproducer code (or URL to code)
Netty version
4.1.25.Final
JVM version (e.g. java -version
)
1.8.0_191 alpn-boot-8.1.13.v20181017.jar
OS version (e.g. uname -a
)
CentOS 6
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
HTTP/2 in Netty | Baeldung
Netty is an NIO-based client-server framework that gives Java developers the power to operate on the network layers.
Read more >Netty Configuration - Apache CXF
This section is for configuring the Netty runtime used for the CXF standalone model. The Netty runtime is used by HTTP servers and...
Read more >Http2Client xref - Netty
14 */ 15 package io.netty.example.http2.helloworld.client; ... 69 70 public static void main(String[] args) throws Exception { 71 // Configure SSL.
Read more >Let's make server-push enabled HTTP/2 server with Netty |
As a open-source software library, Apache Netty plays a huge role when implementing servers and clients in Java. Even though they have shown ......
Read more >Configuring the Netty-based HTTP client - AWS SDK for Java 2.x
Learn how to configure the Netty-based HTTP clients in the AWS SDK for Java 2.x. ... SdkHttpClient; import software.amazon.awssdk.http.apache.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
So we are using Http2ConnectionHandler and as found in this - https://github.com/netty/netty/issues/4197 . It directly connects over http2. And by default in apache for h2 protocol, direct http2 is turned off by default. Had to set
H2Direct on
then it started workingfinal ChannelPipeline pipeline = channel.pipeline(); pipeline.addLast(READ_TIMEOUT_HANDLER_NAME, new ReadTimeoutHandler(this.readTimeout)); pipeline.addLast(WRITE_TIMEOUT_HANDLER_NAME, new WriteTimeoutHandler(this.writeTimeout)); final SslHandler sslHandler = this.sslContext.newHandler(channel.alloc()); sslHandler.handshakeFuture().addListener(new SSLHandshakeCompleteListener(pipeline, this.server, this.trustModel)); pipeline.addLast(sslHandler);