-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi all,
After a bunch of debugging, I found that the problems with Openshifts websockets (used for logs and shell etc) were due to:
- - HTTP/2 (Upgrade: and Connection: headers get silently dropped for HTTP/2, websockets aren't defined yet for it...)
- - Balancer protocols
I'd like +1s to apply the underneath patch to fix this, and enable logs from the prod openshift web console.
It is working in staging.
commit 095fe0257320998e0f316787042cb4a0245ad345 (HEAD -> master)
Author: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
Date: Wed Sep 12 01:55:40 2018 +0200
Fix websockets for prod openshift
Signed-off-by: Patrick Uiterwijk <patrick@xxxxxxxxxxxxxx>
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 403e1e6f1..5e9bf89ae 100644
- --- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -576,6 +576,9 @@
site_name: os.fedoraproject.org
sslonly: true
cert_name: "{{wildcard_cert_name}}"
+ # The Connection and Upgrade headers don't work for h2
+ # So non-h2 is needed to fix websockets.
+ use_h2: false
tags:
- os.fedoraproject.org
@@ -585,6 +588,9 @@
sslonly: true
cert_name: "{{os_wildcard_cert_name}}"
SSLCertificateChainFile: "{{os_wildcard_int_file}}"
+ # The Connection and Upgrade headers don't work for h2
+ # So non-h2 is needed to fix websockets.
+ use_h2: false
tags:
- app.os.fedoraproject.org
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf
index 77a8dd35b..06f913720 100644
- --- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf
@@ -19,7 +19,6 @@ ProxyPreserveHost On
{% if balancer_name is defined %}
SSLProxyEngine On
- -{% if env == "staging" %}
<Proxy "balancer://{{balancer_name}}-websocket">
{% for member in balancer_members %}
@@ -32,7 +31,6 @@ RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC]
RewriteCond %{HTTP:Connection} ^Upgrade$ [NC]
RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
- -{% endif %}
<Proxy "balancer://{{balancer_name}}">
{% for member in balancer_members %}
BalancerMember "https://{{ member }}"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJbmFaOAAoJEIZXmA2atR5QgWEP/RsP1mtvud2LOSFLcg6CLbl1
dfB4hH39rmY27/Gkr0keLxgtBczejrhJ1HQKMDZiInegESvgE7+msLN/SAHnjG8H
5KZ5SNRWfyEdlYvXxk5CMZjpOIeZMWHff2+LJvfBX2Z5GNq6OPzgtiM+7jPwjlma
NDGqgHgDRDkhQKoAy34l069GieHBF3P7W0rP8A3Jf56WdBrahCAspdhHYU79TTyg
8tM0wsFYCBFxOJfH1YfUKp6vmfs2Fi255PBALETUZe7LsLD+E5RQI5ILZwWhHUlr
JD9EpV74wk128mygwfDZCfWpnEPuHVaUWAB5yHpIuoXzHENysIZTJ0oF3JNmxh5K
F2c0tHutUD9zSigKbUKLql2ZHQCRz9iM8Hhl/EL7YqQAZosHzf68HqhTjjwazD9U
vMXBrwmIZrmjgqtqOyhWJ3SH8MuosmD9Exbx14ekaq0p8uj7g8kzug9le1oQjk3Q
4HfxVphfWHdZ2LMAn4lOboiZACqU3rkvYEk+7uwCXpRLioO0UdVTaqLoyx9Z2NeP
StHuClZZOMgFAQ38b6VsLGBOa7nUj/JzDeEVrdaIX0tzaNWGeaEVY9kpOIFDRaOg
h02O1aJJCzX+n5Xz3DtJH84GgWqL2Ir4sX8ZgIpkRJW1mpES0JXOpAbhh/I9M3zG
IfmiXpXmSa1CK0FXufNB
=9UjA
-----END PGP SIGNATURE-----
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
