Stefan,
I'm trying to test mod_http2 for the 2.4.17 release, but I cannot for
the life of me get ALPN and the h2 protocol working together. h2c seems
to work, as does http/1.1 over TLS. My hope is that I'm just missing a
config directive somewhere; can anyone else confirm that h2 negotiation
is working for them?
I've attached a few files; hopefully they help.
- working.txt shows the debug log for an HTTP/1.1 Firefox request that
ends in a 404. Note "ALPN selected protocol: 'http/1.1'", so ALPN
appears to be functioning there.
- not_working.txt shows the same request, but after I've added a
`Protocols h2 http/1.1` line and restarted the server. Note the "h2_h2,
error reading 24 bytes speculative" line with status "End of file
found". Firefox sees a response of zero bytes and does nothing.
- httpd.conf is my server configuration. (It's the result of trying to
strip out huge pieces of the actual conf to see where the error started
from; sorry for the mess.)
It's not just Firefox: nghttp also complains that h2 is not being
negotiated and refuses to continue with the request. I saw the
no-matching-SSL-virtual-host error first and thought that might have
something to do with it, but adding ServerAliases didn't seem to help
anything.
I'm running on Ubuntu 14.04 with Apache 2.4.17, APR 2.0, OpenSSL 1.0.2d,
nghttp2 1.3.4.
Thanks for any wisdom you can provide,
--Jacob
[Fri Oct 09 16:20:40.025116 2015] [ssl:info] [pid 31871:tid 140387363649280]
[client 127.0.0.1:51559] AH01964: Connection to child 1 established (server
127.0.1.1:8081)
[Fri Oct 09 16:20:40.025294 2015] [ssl:debug] [pid 31871:tid 140387363649280]
ssl_engine_kernel.c(1940): [client 127.0.0.1:51559] AH02044: No matching SSL
virtual host for servername localhost found (using default/first virtual host)
[Fri Oct 09 16:20:40.025306 2015] [core:debug] [pid 31871:tid 140387363649280]
protocol.c(1840): [client 127.0.0.1:51559] select protocol from ,
choices=h2,spdy/3.1,http/1.1 for server 127.0.1.1
[Fri Oct 09 16:20:40.025316 2015] [ssl:debug] [pid 31871:tid 140387363649280]
ssl_engine_kernel.c(1940): [client 127.0.0.1:51559] AH02044: No matching SSL
virtual host for servername localhost found (using default/first virtual host)
[Fri Oct 09 16:20:40.025814 2015] [ssl:debug] [pid 31871:tid 140387363649280]
ssl_engine_kernel.c(1860): [client 127.0.0.1:51559] AH02041: Protocol: TLSv1.2,
Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)
[Fri Oct 09 16:20:40.025842 2015] [ssl:debug] [pid 31871:tid 140387363649280]
ssl_engine_io.c(1439): [client 127.0.0.1:51559] AH02836: ALPN selected
protocol: 'http/1.1'
[Fri Oct 09 16:20:40.025872 2015] [ssl:debug] [pid 31871:tid 140387363649280]
ssl_engine_kernel.c(245): [client 127.0.0.1:51559] AH02034: Initial (No.1)
HTTPS request received for child 1 (server 127.0.1.1:8081)
[Fri Oct 09 16:20:40.025917 2015] [authz_core:debug] [pid 31871:tid
140387363649280] mod_authz_core.c(809): [client 127.0.0.1:51559] AH01626:
authorization result of Require all granted: granted
[Fri Oct 09 16:20:40.025928 2015] [authz_core:debug] [pid 31871:tid
140387363649280] mod_authz_core.c(809): [client 127.0.0.1:51559] AH01626:
authorization result of <RequireAny>: granted
[Fri Oct 09 16:20:40.025943 2015] [core:info] [pid 31871:tid 140387363649280]
[client 127.0.0.1:51559] AH00128: File does not exist:
/usr/local/apache2/htdocs/httpbin/
[Fri Oct 09 16:20:44.933271 2015] [ssl:debug] [pid 31871:tid 140387087730432]
ssl_engine_io.c(1007): [remote 127.0.0.1:51559] AH02001: Connection closed to
child 1 with standard shutdown (server 127.0.1.1:8081)
[Fri Oct 09 16:21:10.973803 2015] [ssl:info] [pid 32076:tid 140387338471168]
[client 127.0.0.1:51561] AH01964: Connection to child 132 established (server
127.0.1.1:8081)
[Fri Oct 09 16:21:10.974118 2015] [ssl:debug] [pid 32076:tid 140387338471168]
ssl_engine_kernel.c(1940): [client 127.0.0.1:51561] AH02044: No matching SSL
virtual host for servername localhost found (using default/first virtual host)
[Fri Oct 09 16:21:10.974133 2015] [core:debug] [pid 32076:tid 140387338471168]
protocol.c(1840): [client 127.0.0.1:51561] select protocol from h2,http/1.1,
choices=h2,spdy/3.1,http/1.1 for server 127.0.1.1
[Fri Oct 09 16:21:10.974149 2015] [core:debug] [pid 32076:tid 140387338471168]
protocol.c(1885): [client 127.0.0.1:51561] select protocol,
proposals=h2,http/1.1 preferences=h2,http/1.1 configured=h2,http/1.1
[Fri Oct 09 16:21:10.974157 2015] [core:debug] [pid 32076:tid 140387338471168]
protocol.c(1902): [client 127.0.0.1:51561] selected protocol=h2
[Fri Oct 09 16:21:10.974166 2015] [ssl:debug] [pid 32076:tid 140387338471168]
ssl_engine_kernel.c(1940): [client 127.0.0.1:51561] AH02044: No matching SSL
virtual host for servername localhost found (using default/first virtual host)
[Fri Oct 09 16:21:10.981341 2015] [ssl:debug] [pid 32076:tid 140387338471168]
ssl_engine_kernel.c(1860): [client 127.0.0.1:51561] AH02041: Protocol: TLSv1.2,
Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)
[Fri Oct 09 16:21:10.987345 2015] [http2:debug] [pid 32076:tid 140387338471168]
h2_h2.c(190): (70014)End of file found: [client 127.0.0.1:51561] h2_h2, error
reading 24 bytes speculative
[Fri Oct 09 16:21:10.987469 2015] [ssl:debug] [pid 32076:tid 140387338471168]
ssl_engine_io.c(1007): [client 127.0.0.1:51561] AH02001: Connection closed to
child 132 with standard shutdown (server 127.0.1.1:8081)
Listen 8081
LoadModule alias_module modules/mod_alias.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule http2_module modules/mod_http2.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule status_module modules/mod_status.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule version_module modules/mod_version.so
LogLevel debug
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/usr/local/apache2/htdocs"
<Directory "/usr/local/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Protocols h2 http/1.1
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:8081>
SSLEngine On
SSLCertificateFile "/etc/ssl/certs/ssl-cert-snakeoil.pem"
SSLCertificateKeyFile "/etc/ssl/private/ssl-cert-snakeoil.key"
</VirtualHost>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
CustomLog "/usr/local/apache2/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
