-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi all,
After a bunch of debugging, I found that the problems with Openshifts websockets (used for logs and shell etc) were due to: - - HTTP/2 (Upgrade: and Connection: headers get silently dropped for HTTP/2, websockets aren't defined yet for it...) - - Balancer protocols
I'd like +1s to apply the underneath patch to fix this, and enable logs from the prod openshift web console. It is working in staging.
commit 095fe0257320998e0f316787042cb4a0245ad345 (HEAD -> master) Author: Patrick Uiterwijk patrick@puiterwijk.org Date: Wed Sep 12 01:55:40 2018 +0200
Fix websockets for prod openshift
Signed-off-by: Patrick Uiterwijk patrick@puiterwijk.org
diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 403e1e6f1..5e9bf89ae 100644 - --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -576,6 +576,9 @@ site_name: os.fedoraproject.org sslonly: true cert_name: "{{wildcard_cert_name}}" + # The Connection and Upgrade headers don't work for h2 + # So non-h2 is needed to fix websockets. + use_h2: false tags: - os.fedoraproject.org
@@ -585,6 +588,9 @@ sslonly: true cert_name: "{{os_wildcard_cert_name}}" SSLCertificateChainFile: "{{os_wildcard_int_file}}" + # The Connection and Upgrade headers don't work for h2 + # So non-h2 is needed to fix websockets. + use_h2: false tags: - app.os.fedoraproject.org
diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index 77a8dd35b..06f913720 100644 - --- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -19,7 +19,6 @@ ProxyPreserveHost On
{% if balancer_name is defined %} SSLProxyEngine On - -{% if env == "staging" %}
<Proxy "balancer://{{balancer_name}}-websocket"> {% for member in balancer_members %} @@ -32,7 +31,6 @@ RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC] RewriteCond %{HTTP:Connection} ^Upgrade$ [NC] RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P]
- -{% endif %} <Proxy "balancer://{{balancer_name}}"> {% for member in balancer_members %} BalancerMember "https://%7B%7B member }}"
On 09/11/2018 04:58 PM, Patrick Uiterwijk wrote:
Hi all,
After a bunch of debugging, I found that the problems with Openshifts websockets (used for logs and shell etc) were due to:
- HTTP/2 (Upgrade: and Connection: headers get silently dropped for HTTP/2, websockets aren't defined yet for it...)
- Balancer protocols
I'd like +1s to apply the underneath patch to fix this, and enable logs from the prod openshift web console. It is working in staging.
+1.
Pity it does not also fix firefox, but oh well.
kevin
+1 On Tue, 11 Sep 2018 at 20:25, Kevin Fenzi kevin@scrye.com wrote:
On 09/11/2018 04:58 PM, Patrick Uiterwijk wrote:
Hi all,
After a bunch of debugging, I found that the problems with Openshifts websockets (used for logs and shell etc) were due to:
- HTTP/2 (Upgrade: and Connection: headers get silently dropped for HTTP/2, websockets aren't defined yet for it...)
- Balancer protocols
I'd like +1s to apply the underneath patch to fix this, and enable logs from the prod openshift web console. It is working in staging.
+1.
Pity it does not also fix firefox, but oh well.
kevin
infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedorapro...
infrastructure@lists.fedoraproject.org