Antwort: Re: [users@httpd] Problems with Http11NioProtocol and proxy server

[bulau@xxxxxxxxx]

Hi Luca,

1) there is no error in error_log during
that time. Maybe we need to change the log level?

2) In this example it's a post request
to upload a file. It's the same request, sometimes it's working without
any errors (HTTP 200) and sometimes an error occurs (HTTP 400 or HTTP 500).

3) Below you find the proxy config:

<VirtualHost x.x.x.x:80>
    ServerName    
     example.com

    DocumentRoot    
   /var/www/docs/empty

    RedirectMatch    
  .*$     https://example.com
</VirtualHost>

<VirtualHost x.x.x.x:443>
    ServerName    
             example.com

    DocumentRoot    
           /var/www/docs/empty

    SSLEngine    
              on
    SSLCipherSuite  
           EECDH:EDH:!RC4!DES!3DES!DES-CBC3-SHA!EDH-RSA-DES-CBC3-SHA!ECDHE-RSA-DES-CBC3-SHA
    Header      
               always set Strict-Transport-Security
"max-age=31556926"

    SSLCertificateFile  
       "/etc/apache2/ssl/certs/example.crt"
    SSLCertificateKeyFile
      "/etc/apache2/ssl/keys/example.key"
    SSLCertificateChainFile
    "/etc/apache2/ssl/certs/example-ca.crt"

    ProxyPreserveHost On

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD}
^(HEAD|GET) [NC]
    RewriteCond %{HTTP:Range}
([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+ [OR]
    RewriteCond %{HTTP:Request-Range}
([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+
    RewriteCond %{REQUEST_METHOD}
^OPTIONS
    RewriteRule .* - [F]
    RewriteCond %{HTTP:Connection}
Upgrade [NC]
    RewriteCond %{HTTP:Upgrade}
websocket [NC]
    RewriteRule /(.*) ws://y.y.y.y:8080/$1
[P,L]

    BrowserMatch ".*MSIE.*"
\
         nokeepalive
ssl-unclean-shutdown \
         downgrade-1.0
force-response-1.0

    ProxyRequests Off

    ProxyPass    
      /jmx-console    !
    ProxyPass    
      /web-console    !

    AddOutputFilterByType
DEFLATE text/html text/xml text/css text/_javascript_ application/x-_javascript_
application/_javascript_

    ProxyPass    
      /              
http://y.y.y.y:8080/
    ProxyPassReverse  
 /               http://y.y.y.y:8080/
</VirtualHost>

4) In case of HTTP 400/HTTP 500 the
request is not reaching the access.log of the EAP/Tomact.

Thanks & best regards
Marco



Von:      
 Luca Toscano <toscano.luca@xxxxxxxxx>
An:      
 users@xxxxxxxxxxxxxxxx
Datum:      
 31.08.2017 13:44
Betreff:    
   Re: 
Problems with Http11NioProtocol and proxy server

---

Hi Marco,

2017-08-29 11:07 GMT+02:00 <bulau@xxxxxxxxx>:
Hi, 

we've build a web application with JSF 2.1 and RichFaces 4.5.13.Final running
on JBoss EAP 6.4.12. We're also using a Apache HTTP server 2.4.7 as a HTTPS/WSS
proxy to access the application for customers. 

After we've changed the EAP http connector to "org.apache.coyote.http11.Http11NioProtocol"
(for using websockets/push), ajax requests are often answered by HTTP 400
(Bad Request) or HTTP 500 (Bad Gateway). 

We're switched back to the EAP http connector "HTTP/1.1" and
everything is working again as expected. 

If we're accessing the EAP directly (not via proxy) there is also no problem.
It looks like that there is a problem using Http11NioProtocol with Apache
HTTP server as a proxy. 

Is there anyone who run into the same problem or has an idea how we can
solove it? 

We'd need to know a couple of things to help:

1) Is there any specific error in the httpd error_log
that gets logged when the 400/500s are returned?
2) What kind of requests are you issuing to httpd when
you get a 400 and a 500? Are they different?
3) Can you share your configuration? (at least the one
for the proxy)
4) Do you find anything useful in the Tomcat logs when
httpd returns the errors?

Luca