Closed szepeviktor closed 9 years ago
Forced SPDY v2:
src/spdycat -nv -2 https://www.atlantischild.hu/
[ 0.007] NPN select next protocol: the remote server offers:
NPN selected the protocol: spdy/2
[ 0.023] Handshake complete
[ 0.023] send SYN_STREAM frame <version=2, flags=1, length=187>
(stream_id=1, assoc_stream_id=0, pri=3)
:host: www.atlantischild.hu
:method: GET
:path: /
:scheme: https
:version: HTTP/1.1
accept: */*
accept-encoding: gzip, deflate
user-agent: spdylay/1.3.2-DEV
and stalling.
What is the URL of your site?
From your output I see two URLs.
https://www.domain.hu/
this one do not have a working TLS/SSL.
https://www.atlantischild.hu/
This one DO NOT have a NPN extension in the protocol.
Please provide the hostname of your site so I can help you test it out.
Thank you for your answer!
The site is https://www.atlantischild.hu/
but it points to the old, non-SSL server.
I'll post another comment when DNS will be changed.
BTW. How do you test an SSL webserver before going live?? Qualys' SSL test is only for live sites.
Somehow openssl s_client
does not connect with TLSv1.1 and v1.2 but browsers do.
And gnutls-cli
does.
openssl
should connect to >TLSv1
check your openssl version
Thank you for your answer.
Now it is live https://www.atlantischild.hu/ and has A+ from Qualys.
Suddenly s_clients
works. Maybe a DNS issue.
See also: https://spdycheck.org/#atlantischild.hu
https://spdycheck.org/#blck.io seem broken also. Missing NPN Extension in SSL/TLS Handshake
I am very sorry. After putting config files to /etc/apache2/modules-available
the server got all-green:
https://spdycheck.org/#atlantischild.hu
Now stalling at a later point:
src/spdycat -nv https://www.atlantischild.hu/
[ 0.003] NPN select next protocol: the remote server offers:
* spdy/3
* spdy/2
* http/1.1
* x-mod-spdy/0.9.4.1-3bced7d
NPN selected the protocol: spdy/3
[ 0.009] Handshake complete
[ 0.009] send SYN_STREAM frame <version=3, flags=1, length=227>
(stream_id=1, assoc_stream_id=0, pri=3)
:host: www.atlantischild.hu
:method: GET
:path: /
:scheme: https
:version: HTTP/1.1
accept: */*
accept-encoding: gzip, deflate
user-agent: spdylay/1.3.2-DEV
[ 0.010] recv SETTINGS frame <version=3, flags=0, length=12>
(niv=1)
[4(0):100]
And Chrome's SDPY Indicator tells me spdy is disabled. Please help me.
A complete spdycat
looks like this:
/root/src/spdylay/src/spdycat -nv https://www.google.com/
[ 0.097] NPN select next protocol: the remote server offers:
* h2-15
* h2-14
* spdy/3.1
* spdy/3
* http/1.1
NPN selected the protocol: spdy/3.1
[ 0.127] Handshake complete
[ 0.128] recv SETTINGS frame <version=3, flags=0, length=20>
(niv=2)
[4(1):100]
[7(0):65536]
[ 0.128] recv WINDOW_UPDATE frame <version=3, flags=0, length=8>
(stream_id=0, delta_window_size=983040)
[ 0.128] send SYN_STREAM frame <version=3, flags=1, length=221>
(stream_id=1, assoc_stream_id=0, pri=3)
:host: www.google.com
:method: GET
:path: /
:scheme: https
:version: HTTP/1.1
accept: */*
accept-encoding: gzip, deflate
user-agent: spdylay/1.3.2-DEV
[ 0.157] recv SYN_REPLY frame <version=3, flags=0, length=195>
(stream_id=1)
:status: 302 Found
:version: HTTP/1.1
alternate-protocol: 443:quic,p=0.02
cache-control: private
content-length: 257
content-type: text/html; charset=UTF-8
date: Mon, 26 Jan 2015 16:47:14 GMT
location: https://www.google.hu/?gfe_rd=cr&ei=km_GVOiQOMuDUKGZgvAB
server: GFE/2.0
[ 0.158] recv DATA frame (stream_id=1, flags=1, length=257)
[ 0.158] send GOAWAY frame <version=3, flags=0, length=8>
(last_good_stream_id=0)
Note the different order of send SYN_STREAM frame
and recv SETTINGS frame
.
Would you please check or post your apache's error_log
?
and i was unable to connect to the domain you stated, chrome said ERR_CONNECTION_TIMED_OUT
I think you have tried in the middle of a node-restart of my VPS provider. Unfortunatelly it was in the middle of the day.
[Tue Jan 27 15:07:54.403797 2015] [spdy:info] [pid 897] [client 79.172.214.123:58931] [mod_spdy/0.9.4.1-3bced7d] [897:897:INFO:mod_spdy.cc(479)] Starting SPDY/3 session
[Tue Jan 27 15:08:00.715895 2015] [spdy:info] [pid 897] [client 79.172.214.123:58931] [mod_spdy/0.9.4.1-3bced7d] [897:897:INFO:mod_spdy.cc(494)] Terminating SPDY/3 session
[Tue Jan 27 15:10:15.381560 2015] [spdy:info] [pid 1147] [client 79.172.214.123:58943] [mod_spdy/0.9.4.1-3bced7d] [1147:1147:INFO:mod_spdy.cc(479)] Starting SPDY/3 session
[Tue Jan 27 15:10:18.554116 2015] [spdy:info] [pid 1147] [client 79.172.214.123:58943] [mod_spdy/0.9.4.1-3bced7d] [1147:1147:INFO:mod_spdy.cc(494)] Terminating SPDY/3 session
While mod_ssl-npn and mod_sdpy was enabled the original Chrome 18 in my Android phone was not able to connect. See the previous comment
Check if there is multiple mod_ssl enabled.. especially if there was statically built one and here comes a bad news: Chrome 40 (the mainline version just released) has deprecated support for SPDY/3.0, which is the highest one the mod_spdy can offer. So chrome 40 will not work with SPDY. Only IE11 on Win8 and Firefox will countinue to work with *mod_spdy. I hope mod_spdy team would put some effort on SPDY/3.1, but probably they would not.. Now the only way for using SPDY/3.1 would be using Nginx as a reverse proxy in front of Apache...
*typo fixed
Thank you! https://github.com/tatsuhiro-t/nghttp2 is an interesting alternative. It is very sorry that Apache is not ready for SPDY. I will begin testing nginx.
Do you know a solution for nginx like mpm_itk ? I'd like to run the webserver workers and PHP under a normal user.
php under nginx (like PHP-FPM, fastcgi) can run under a normal user.
i don't have any ideas for the webserver workers...
Thank you! I do not dare to install a one-user webserver on a production server with several websites.
For SPDY: http://w3techs.com/technologies/segmentation/ce-spdy/web_server
I may misunderstand your question..
I mean PHP under nginx is separate process so it can run as separate users.
Nginx, as I know, would run as a user called nginx
Btw, remember only use nginx as reverse proxy if you have htaccess!
Debian wheezy amd64, backported apache 2.4.10-6~bpo70+1+SID Compiled OK.
Apache error log:
AH01998: Connection closed to child 2 with abortive shutdown
Tool: https://github.com/tatsuhiro-t/spdylayPlease advise.