Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Netty HTTP/2 configuration with apache

See original GitHub issue

Expected behavior

Apache httpd has to accept and service the HTTP/2 request originating from server.

Server ( OKHttp/Netty Library) --> Apache httpd ( HTTP2) --> Service 1

Note : Using a self signed certificate in httpd and have added the same to the java truststore in the Server

Actual behavior

We have used this setup with OKHttp library and it works fine
How ever with netty libraray it fails with the error io.netty.handler.codec.http2.Http2Exception: First received frame was not SETTINGS. Hex dump for first 5 bytes: 485454502f and the access logs shows this SERVERHOST - - [11/Jan/2019:12:36:51 +0000] “PRI * HTTP/2.0” 400 226 and the request logs shows this [11/Jan/2019:12:36:36 +0000] SERVERHOST TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 “PRI * HTTP/2.0” 226 PRI

Additional Info

ssl.conf of apache `

SSLEngine on
 SSLPassPhraseDialog  builtin
 SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
Mutex sysvsem default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
 KeepAlive On
 KeepAliveTimeout 3600
MaxKeepAliveRequests 0
Protocols h2 h2c http/1.1
ErrorLog /home/apache2/logs/ssl_error_log
TransferLog /home/apache2/logs/ssl_access_log
LogLevel info

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA
SSLHonorCipherOrder on

SSLCertificateFile /home/self-Signed.cert
SSLCertificateKeyFile /home/self-Signed.key `
SSLVerifyDepth       5

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

<Location />
    SSLVerifyClient none
    ProxyPass        balancer://workers/ nocanon
    ProxyPassReverse balancer://workers/
</Location>

Minimal yet complete reproducer code (or URL to code)

Netty version

4.1.25.Final

JVM version (e.g. `java -version`)

1.8.0_191 alpn-boot-8.1.13.v20181017.jar

OS version (e.g. `uname -a`)

CentOS 6

Issue Analytics

State:
Created 5 years ago
Comments:6 (2 by maintainers)

Top GitHub Comments

2reactions

pradeepKumar32commented, Mar 13, 2019

So we are using Http2ConnectionHandler and as found in this - https://github.com/netty/netty/issues/4197 . It directly connects over http2. And by default in apache for h2 protocol, direct http2 is turned off by default. Had to set H2Direct on then it started working

0reactions

pradeepKumar32commented, Mar 6, 2019

final ChannelPipeline pipeline = channel.pipeline(); pipeline.addLast(READ_TIMEOUT_HANDLER_NAME, new ReadTimeoutHandler(this.readTimeout)); pipeline.addLast(WRITE_TIMEOUT_HANDLER_NAME, new WriteTimeoutHandler(this.writeTimeout)); final SslHandler sslHandler = this.sslContext.newHandler(channel.alloc()); sslHandler.handshakeFuture().addListener(new SSLHandshakeCompleteListener(pipeline, this.server, this.trustModel)); pipeline.addLast(sslHandler);