June 2018 - mod_cluster-issues - Jboss List Archives

[JBoss JIRA] (MODCLUSTER-580) EnableWsTunnel enables only ws comunication

by Jean-Frederic Clere (JIRA)

[ https://issues.jboss.org/browse/MODCLUSTER-580?page=com.atlassian.jira.pl... ] Jean-Frederic Clere commented on MODCLUSTER-580: ------------------------------------------------ Probably allowing EnableWsTunnel NONE and ANY is the quick solution. > EnableWsTunnel enables only ws comunication > ------------------------------------------- > > Key: MODCLUSTER-580 > URL: https://issues.jboss.org/browse/MODCLUSTER-580 > Project: mod_cluster > Issue Type: Bug > Components: Native (httpd modules) > Affects Versions: 1.3.5.Final > Reporter: Bogdan Sikora > Assignee: Jean-Frederic Clere > > WebSocket configuration for apache httpd (EnableWsTunnel) balancer enables only ws communication, but undertow as balancer enables both http and ws. > {noformat} > # mod_proxy_balancer should be disabled when mod_cluster is used > LoadModule proxy_cluster_module modules/mod_proxy_cluster.so > LoadModule cluster_slotmem_module modules/mod_cluster_slotmem.so > LoadModule manager_module modules/mod_manager.so > LoadModule advertise_module modules/mod_advertise.so > MemManagerFile /mnt/hudson_workspace/mod_cluster/jbcs-httpd24-2.4/httpd/cache/mod_cluster > ServerName dev89:2080 > EnableWsTunnel > LogLevel warn > <IfModule manager_module> > Listen 10.19.70.244:8747 > <VirtualHost 10.19.70.244:8747> > <Directory /> > Require all granted > </Directory> > ServerAdvertise on > EnableMCPMReceive > <Location /mcm> > SetHandler mod_cluster-manager > Require all granted > </Location> > AdvertiseGroup 224.0.5.244:55918 > AdvertiseBindAddress 10.19.70.244:55918 > KeepAliveTimeout 60 > MaxKeepAliveRequests 0 > ServerAdvertise on > AdvertiseFrequency 5 > ManagerBalancerName qacluster > </VirtualHost> > </IfModule> > {noformat} > Worker joins with > {noformat} > <h1> Node jboss-eap-7.1 (ws://10.19.70.244:8080): </h1> > {noformat} > and all http comunication ends with > {noformat} > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>500 Internal Server Error</title> > </head><body> > <h1>Internal Server Error</h1> > <p>The server encountered an internal error or > misconfiguration and was unable to complete > your request.</p> > <p>Please contact the server administrator at > Administrator@localhost to inform them of the time this error occurred, > and the actions you performed just before this error.</p> > <p>More information about this error may be available > in the server error log.</p> > <hr> > <address>Apache/2.4.23 (Red Hat) Server at 10.19.70.244 Port 2080</address> > </body></html> > {noformat} > And log message > {noformat} > [Sat Apr 08 16:21:29.335633 2017] [proxy:warn] [pid 12680] [client 10.19.70.244:55922] AH01144: No protocol handler was valid for the URL /clusterbench/jvmroute. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (MODCLUSTER-580) EnableWsTunnel enables only ws comunication

by Jean-Frederic Clere (JIRA)

[ https://issues.jboss.org/browse/MODCLUSTER-580?page=com.atlassian.jira.pl... ] Jean-Frederic Clere commented on MODCLUSTER-580: ------------------------------------------------ In fact mod_cluster would be to set upgrade=NONE to allow HTTP/1.1 and websocket. > EnableWsTunnel enables only ws comunication > ------------------------------------------- > > Key: MODCLUSTER-580 > URL: https://issues.jboss.org/browse/MODCLUSTER-580 > Project: mod_cluster > Issue Type: Bug > Components: Native (httpd modules) > Affects Versions: 1.3.5.Final > Reporter: Bogdan Sikora > Assignee: Jean-Frederic Clere > > WebSocket configuration for apache httpd (EnableWsTunnel) balancer enables only ws communication, but undertow as balancer enables both http and ws. > {noformat} > # mod_proxy_balancer should be disabled when mod_cluster is used > LoadModule proxy_cluster_module modules/mod_proxy_cluster.so > LoadModule cluster_slotmem_module modules/mod_cluster_slotmem.so > LoadModule manager_module modules/mod_manager.so > LoadModule advertise_module modules/mod_advertise.so > MemManagerFile /mnt/hudson_workspace/mod_cluster/jbcs-httpd24-2.4/httpd/cache/mod_cluster > ServerName dev89:2080 > EnableWsTunnel > LogLevel warn > <IfModule manager_module> > Listen 10.19.70.244:8747 > <VirtualHost 10.19.70.244:8747> > <Directory /> > Require all granted > </Directory> > ServerAdvertise on > EnableMCPMReceive > <Location /mcm> > SetHandler mod_cluster-manager > Require all granted > </Location> > AdvertiseGroup 224.0.5.244:55918 > AdvertiseBindAddress 10.19.70.244:55918 > KeepAliveTimeout 60 > MaxKeepAliveRequests 0 > ServerAdvertise on > AdvertiseFrequency 5 > ManagerBalancerName qacluster > </VirtualHost> > </IfModule> > {noformat} > Worker joins with > {noformat} > <h1> Node jboss-eap-7.1 (ws://10.19.70.244:8080): </h1> > {noformat} > and all http comunication ends with > {noformat} > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>500 Internal Server Error</title> > </head><body> > <h1>Internal Server Error</h1> > <p>The server encountered an internal error or > misconfiguration and was unable to complete > your request.</p> > <p>Please contact the server administrator at > Administrator@localhost to inform them of the time this error occurred, > and the actions you performed just before this error.</p> > <p>More information about this error may be available > in the server error log.</p> > <hr> > <address>Apache/2.4.23 (Red Hat) Server at 10.19.70.244 Port 2080</address> > </body></html> > {noformat} > And log message > {noformat} > [Sat Apr 08 16:21:29.335633 2017] [proxy:warn] [pid 12680] [client 10.19.70.244:55922] AH01144: No protocol handler was valid for the URL /clusterbench/jvmroute. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. > {noformat} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (MODCLUSTER-656) Remove *-javadoc.jar from distribution profiles

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/MODCLUSTER-656?page=com.atlassian.jira.pl... ] Radoslav Husar updated MODCLUSTER-656: -------------------------------------- Status: Resolved (was: Pull Request Sent) Resolution: Done > Remove *-javadoc.jar from distribution profiles > ----------------------------------------------- > > Key: MODCLUSTER-656 > URL: https://issues.jboss.org/browse/MODCLUSTER-656 > Project: mod_cluster > Issue Type: Task > Components: CI & Packaging > Affects Versions: 1.4.0.Final > Reporter: Radoslav Husar > Assignee: Radoslav Husar > Priority: Minor > Fix For: 2.0.0.Alpha1, 1.4.1.Final > > > Looks like unintended consequence of updating the distribution profiles. While this is fine, I think we should drive people to use javadoc from web/IDE/sources rather than providing them in a distribution bundle. > https://www.dropbox.com/s/izhjsmqh7drik72/Screenshot%202018-04-16%2017.54... -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 5 months

1
0
0 / 0

[JBoss JIRA] (MODCLUSTER-578) mod_proxy_cluster terminates HTTP/2 and talks HTTP/1.1 (https) to WildFly/Tomcat workers

by Michal Karm Babacek (JIRA)

[ https://issues.jboss.org/browse/MODCLUSTER-578?page=com.atlassian.jira.pl... ] Michal Karm Babacek updated MODCLUSTER-578: ------------------------------------------- Summary: mod_proxy_cluster terminates HTTP/2 and talks HTTP/1.1 (https) to WildFly/Tomcat workers (was: mod_proxy_cluster terminates HTTP/2 and talks HTTP/1.1 (https) to WildFly workers) > mod_proxy_cluster terminates HTTP/2 and talks HTTP/1.1 (https) to WildFly/Tomcat workers > ---------------------------------------------------------------------------------------- > > Key: MODCLUSTER-578 > URL: https://issues.jboss.org/browse/MODCLUSTER-578 > Project: mod_cluster > Issue Type: Bug > Components: Native (httpd modules) > Affects Versions: 1.3.6.Final, 1.3.8.Final > Reporter: Michal Karm Babacek > Assignee: Jean-Frederic Clere > Priority: Critical > > Despite having H2 enabled in Undertow https connector, Apache HTTP Server with mod_proxy-cluster terminates H2, i.e. > * client <--> httpd communication is H2 > * direct client <--> worker is H2 > * but when client is served by worker via httpd, HTTP 1.1 is used between httpd and workers: client <--H2--> httpd <--HTTP 1.1--> worker > * from the client's point of view, H2 is used, but in fact, it is used just between client and balacer, not all the way to the worker > h3. From Wildfly Undertow access log: > Accessed through httpd balacner: > {code} > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > {code} > Balancer is checking worker's availablity: > {code} > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > {code} > {code} > Accessed directly via browser, httpd balancer is skipped: > 192.168.122.1 - "GET /clusterbench/requestinfo HTTP/2.0" 200 920 > 192.168.122.1 - "GET /clusterbench/requestinfo HTTP/2.0" 200 920 > {code} > h3. Configuration > h4. conf.modules.d/00-proxy.conf > {code} > LoadModule proxy_module modules/mod_proxy.so > LoadModule proxy_connect_module modules/mod_proxy_connect.so > LoadModule proxy_express_module modules/mod_proxy_express.so > LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so > LoadModule proxy_http_module modules/mod_proxy_http.so > LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so > LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so > LoadModule proxy_http2_module modules/mod_proxy_http2.so > {code} > h4. conf.d/mod_cluster.conf > {code} > LoadModule proxy_cluster_module modules/mod_proxy_cluster.so > LoadModule cluster_slotmem_module modules/mod_cluster_slotmem.so > LoadModule manager_module modules/mod_manager.so > LoadModule advertise_module modules/mod_advertise.so > LoadModule http2_module modules/mod_http2.so > MemManagerFile /tmp/mod_cluster-eapx/jbcs-httpd24-2.4/httpd/cache/mod_cluster > ServerName rhel7GAx86-64:2080 > SSLEngine on > SSLProtocol All -SSLv2 -SSLv3 > SSLCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCheckPeerCN Off > SSLProxyCheckPeerName Off > SSLHonorCipherOrder On > SSLCertificateFile /opt/noe-tests/resources/ssl/proper/server.crt > SSLCertificateKeyFile /opt/noe-tests/resources/ssl/proper/server.key > SSLCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLVerifyClient optional > SSLProxyVerify optional > SSLProxyEngine On > SSLVerifyDepth 10 > SSLProxyVerifyDepth 10 > SSLProxyMachineCertificateFile /opt/noe-tests/resources/ssl/proper/client.pem > SSLProxyCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLProxyProtocol All -SSLv2 -SSLv3 > EnableOptions > LogLevel debug > <IfModule manager_module> > Listen 192.168.122.172:8747 > <VirtualHost 192.168.122.172:8747> > <Directory /> > Require all granted > </Directory> > ServerAdvertise on > EnableMCPMReceive > <Location /mcm> > SetHandler mod_cluster-manager > Require all granted > </Location> > AdvertiseGroup 224.0.5.172:62844 > AdvertiseBindAddress 192.168.122.172:62844 > SSLEngine on > SSLProtocol All -SSLv2 -SSLv3 > SSLCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCheckPeerCN Off > SSLProxyCheckPeerName Off > SSLHonorCipherOrder On > SSLCertificateFile /opt/noe-tests/resources/ssl/proper/server.crt > SSLCertificateKeyFile /opt/noe-tests/resources/ssl/proper/server.key > SSLCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLVerifyClient optional > SSLProxyVerify optional > SSLProxyEngine On > SSLVerifyDepth 10 > SSLProxyVerifyDepth 10 > SSLProxyMachineCertificateFile /opt/noe-tests/resources/ssl/proper/client.pem > SSLProxyCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLProxyProtocol All -SSLv2 -SSLv3 > Protocols h2 > ProtocolsHonorOrder on > KeepAliveTimeout 60 > MaxKeepAliveRequests 0 > ServerAdvertise on > AdvertiseFrequency 5 > ManagerBalancerName qacluster > </VirtualHost> > </IfModule> > {code} > h3. Mod_cluster subsystem > MCMP uses HTTP 1/1 (https), becasue at the moment, one cannot make it to use wildfly-openssl provider: JBEAP-9688 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

[JBoss JIRA] (MODCLUSTER-578) mod_proxy_cluster terminates HTTP/2 and talks HTTP/1.1 (https) to WildFly workers

by Michal Karm Babacek (JIRA)

[ https://issues.jboss.org/browse/MODCLUSTER-578?page=com.atlassian.jira.pl... ] Michal Karm Babacek updated MODCLUSTER-578: ------------------------------------------- Affects Version/s: 1.3.8.Final > mod_proxy_cluster terminates HTTP/2 and talks HTTP/1.1 (https) to WildFly workers > --------------------------------------------------------------------------------- > > Key: MODCLUSTER-578 > URL: https://issues.jboss.org/browse/MODCLUSTER-578 > Project: mod_cluster > Issue Type: Bug > Components: Native (httpd modules) > Affects Versions: 1.3.6.Final, 1.3.8.Final > Reporter: Michal Karm Babacek > Assignee: Jean-Frederic Clere > Priority: Critical > > Despite having H2 enabled in Undertow https connector, Apache HTTP Server with mod_proxy-cluster terminates H2, i.e. > * client <--> httpd communication is H2 > * direct client <--> worker is H2 > * but when client is served by worker via httpd, HTTP 1.1 is used between httpd and workers: client <--H2--> httpd <--HTTP 1.1--> worker > * from the client's point of view, H2 is used, but in fact, it is used just between client and balacer, not all the way to the worker > h3. From Wildfly Undertow access log: > Accessed through httpd balacner: > {code} > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > 192.168.122.172 - "GET /clusterbench/requestinfo HTTP/1.1" 200 1399 > {code} > Balancer is checking worker's availablity: > {code} > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > 192.168.122.172 - "OPTIONS * HTTP/1.0" 200 - > {code} > {code} > Accessed directly via browser, httpd balancer is skipped: > 192.168.122.1 - "GET /clusterbench/requestinfo HTTP/2.0" 200 920 > 192.168.122.1 - "GET /clusterbench/requestinfo HTTP/2.0" 200 920 > {code} > h3. Configuration > h4. conf.modules.d/00-proxy.conf > {code} > LoadModule proxy_module modules/mod_proxy.so > LoadModule proxy_connect_module modules/mod_proxy_connect.so > LoadModule proxy_express_module modules/mod_proxy_express.so > LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so > LoadModule proxy_http_module modules/mod_proxy_http.so > LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so > LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so > LoadModule proxy_http2_module modules/mod_proxy_http2.so > {code} > h4. conf.d/mod_cluster.conf > {code} > LoadModule proxy_cluster_module modules/mod_proxy_cluster.so > LoadModule cluster_slotmem_module modules/mod_cluster_slotmem.so > LoadModule manager_module modules/mod_manager.so > LoadModule advertise_module modules/mod_advertise.so > LoadModule http2_module modules/mod_http2.so > MemManagerFile /tmp/mod_cluster-eapx/jbcs-httpd24-2.4/httpd/cache/mod_cluster > ServerName rhel7GAx86-64:2080 > SSLEngine on > SSLProtocol All -SSLv2 -SSLv3 > SSLCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCheckPeerCN Off > SSLProxyCheckPeerName Off > SSLHonorCipherOrder On > SSLCertificateFile /opt/noe-tests/resources/ssl/proper/server.crt > SSLCertificateKeyFile /opt/noe-tests/resources/ssl/proper/server.key > SSLCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLVerifyClient optional > SSLProxyVerify optional > SSLProxyEngine On > SSLVerifyDepth 10 > SSLProxyVerifyDepth 10 > SSLProxyMachineCertificateFile /opt/noe-tests/resources/ssl/proper/client.pem > SSLProxyCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLProxyProtocol All -SSLv2 -SSLv3 > EnableOptions > LogLevel debug > <IfModule manager_module> > Listen 192.168.122.172:8747 > <VirtualHost 192.168.122.172:8747> > <Directory /> > Require all granted > </Directory> > ServerAdvertise on > EnableMCPMReceive > <Location /mcm> > SetHandler mod_cluster-manager > Require all granted > </Location> > AdvertiseGroup 224.0.5.172:62844 > AdvertiseBindAddress 192.168.122.172:62844 > SSLEngine on > SSLProtocol All -SSLv2 -SSLv3 > SSLCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCipherSuite "HIGH MEDIUM !LOW" > SSLProxyCheckPeerCN Off > SSLProxyCheckPeerName Off > SSLHonorCipherOrder On > SSLCertificateFile /opt/noe-tests/resources/ssl/proper/server.crt > SSLCertificateKeyFile /opt/noe-tests/resources/ssl/proper/server.key > SSLCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLVerifyClient optional > SSLProxyVerify optional > SSLProxyEngine On > SSLVerifyDepth 10 > SSLProxyVerifyDepth 10 > SSLProxyMachineCertificateFile /opt/noe-tests/resources/ssl/proper/client.pem > SSLProxyCACertificateFile /opt/noe-tests/resources/ssl/proper/myca.crt > SSLProxyProtocol All -SSLv2 -SSLv3 > Protocols h2 > ProtocolsHonorOrder on > KeepAliveTimeout 60 > MaxKeepAliveRequests 0 > ServerAdvertise on > AdvertiseFrequency 5 > ManagerBalancerName qacluster > </VirtualHost> > </IfModule> > {code} > h3. Mod_cluster subsystem > MCMP uses HTTP 1/1 (https), becasue at the moment, one cannot make it to use wildfly-openssl provider: JBEAP-9688 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

6 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

mod_cluster-issues June 2018