| Author |
|
CamaroSS
Joined: 24 Jan 2013
Posts: 78
Location: RF, Tver
|
 Posted: Tue 22 Sep '15 10:07 Post subject: mod_h2 – browsers getting confused? |
 |
|
So I've decided to try out this new HTTP/2 stuff on my server. 5 minutes of checking and I had to disable mod_h2. So here's the situation.
I have
www.domain.com, api.domain.com and static.domain.com
all sharing one IP and one multi-domain SSL at the moment.
When I try to load a page from www.domain.com that loads resources from static.domain.com and does some ajax stuff with api.domain.com, some of the requests fail with HTTP status 421, the page can even hang.
| Quote: | Misdirected Request
The client needs a new connection for this request as the requested host name does not match the Server Name Indication (SNI) in use for this connection. |
The server error log reads
| Quote: | | AH02032: Hostname static.domain.com provided via SNI and hostname www.domain.com provided via HTTP select a different server |
Both Firefox and Chrome behave like this. So I guess HTTP/2 dreamland is closed for me right now 
Anything I can do apart from (supposedly) bringing api. and static. on another IP? |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Tue 22 Sep '15 10:23 Post subject: |
|
|
Did you download the latest zip ?
Date of mod_h2.so in the zip is 21 Sept 2015 13:36 (my time). |
|
| Back to top |
|
CamaroSS
Joined: 24 Jan 2013
Posts: 78
Location: RF, Tver
|
| Posted: Tue 22 Sep '15 10:36 Post subject: |
|
|
Yes, this one, 93 696 bytes.
MD5 CAFA02C4765BF209A0781F619DFA19CB
I must add that the www. page itself loads properly, as well as all the resources grabbed from www.
Another weird idea is to serve static. and api. from /static and /api, given that I don't need domain diversification with HTTP/2. |
|
| Back to top |
|
CamaroSS
Joined: 24 Jan 2013
Posts: 78
Location: RF, Tver
|
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Tue 22 Sep '15 10:50 Post subject: |
|
|
That's a diff check sum:
MD5-Checksum for: httpd-2.4.17-dev-win64-VC14.zip:
09400ABFDC7DECE7EE955ED46E92E80D
SHA1-Checksum for: httpd-2.4.17-dev-win64-VC14.zip:
4FE1B885A84757A37D4752D0DE9E22817DC51E80
All working fine with 2.4.16 ? |
|
| Back to top |
|
CamaroSS
Joined: 24 Jan 2013
Posts: 78
Location: RF, Tver
|
| Posted: Tue 22 Sep '15 10:54 Post subject: |
|
|
I checksum'd the module itself, I've already deleted the zip, so I'll never know. But I think it has to do with the protocol itself, because it's browser that makes a mistake (4XX status).
2.4.16 is working ok. As well as this latest version with h2 disabled. |
|
| Back to top |
|
CamaroSS
Joined: 24 Jan 2013
Posts: 78
Location: RF, Tver
|
| Posted: Tue 22 Sep '15 11:07 Post subject: |
|
|
https://github.com/icing/mod_h2
| Quote: |
Known Issues
When multiple vhosts share the same certificate, browsers will reuse an open connection for all those requests. mod_h2 currently only allows requests for the same host the connection was opened with. Some browsers throw then away the existing connection and open a new one. This can heavily impact performance. |
My bad, too lazy to read it all 
So I guess serving from subfolders is my best bet here. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
|
| Back to top |
|
CamaroSS
Joined: 24 Jan 2013
Posts: 78
Location: RF, Tver
|
| Posted: Tue 22 Sep '15 11:30 Post subject: |
|
|
| Thank you Steffen, but it is an already known issue, see my reply above. |
|
| Back to top |
|
icing
Joined: 22 Sep 2015
Posts: 41
Location: Münster, Germany
|
| Posted: Tue 22 Sep '15 12:43 Post subject: |
|
|
CamaroSS already found the caveat. Most browsers are smart about this and will not degrade performance. They will see the 421 response once and then use a new connection, keeping the old connection for the other host.
So, it works and, most likely, this is what we will ship in 2.4.18 (fingers crossed).
For some future release, we need to address the TLS renegotiation issues. Hosts A and B might have different SSL configurations, so reusing a connection between them is not possible. That is why we prevent reuse for any other vhost.
In the future, we will check SSL configs for compatiblity, so reuse between vhosts will work if SSL params are the same. |
|
| Back to top |
|
CamaroSS
Joined: 24 Jan 2013
Posts: 78
Location: RF, Tver
|
| Posted: Tue 22 Sep '15 16:49 Post subject: |
|
|
| icing wrote: | CamaroSS already found the caveat. Most browsers are smart about this and will not degrade performance. They will see the 421 response once and then use a new connection, keeping the old connection for the other host.
|
Firefox is not, it worked on a small amount of subdomain requests and died on a chat page that loads lots of smilies, avatars from static., does frequent api. calls. Just got "Application not responding" for whole browser. |
|
| Back to top |
|
Cy4n1d3
Joined: 22 Apr 2013
Posts: 17
|
| Posted: Sat 27 Feb '16 16:40 Post subject: |
|
|
I can't really find updated information about this issue.
I'm still getting the 421 Error while using Chromium, Firefox seems to be a bit more robust right now.
Strangely it's not happening all the time, but still I'm running into this error frequently.
Am I missing something here? Can I actually fix this myself or is it still a limitation of mod_h2? |
|
| Back to top |
|
maba
Joined: 05 Feb 2012
Posts: 64
Location: Germany, Heilbronn
|
| Posted: Tue 01 Mar '16 22:33 Post subject: |
|
|
| Why not issue 3 certificates using "letsencrypt" ? |
|
| Back to top |
|
