-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Envoy always got remote_reset on HTTP/2 with Microsoft-IIS/10.0 #32869
Comments
if Envoy is getting a remote reset, IIS is resetting and you need to look at logs there. The most common failure mode here AFIK is having scheme not match crypto (e.g. https scheme over cleartext. |
But when I try to I don't know why that happen and I request partner to turn HTTP2 off. |
Tangentially related but I'm currently having issues where when Envoy upgrades plaintext connections to https. Envoy seems to use the downstream :scheme/xff/downstream connection to infer the scheme. This can cause problems with HTTP2 servers that validate whether the scheme pseudo-header matches the transport layer protocol (example). Stuff I haven't verified but looked into while digging (still personally looking for ways to address this in the VHDS service in a per-route basis):
|
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions. |
Title: Envoy always got remote reset on HTTP/2 with Microsoft-IIS/10.0
Description:
I try to use envoy upstream to partner Microsoft-IIS/10.0 and got remote reset error and every thing work fine when I disabled http2 on alpn.
Please help me read trace log and find this problem.
Envoy: v1.29.2
TLSv1.2
My traffic like curl -(HTTP http/1.1)-> envoy -(TLS http/2) -> Microsoft-IIS will fail.
but for curl -(TLS http/2) -> Microsoft-IIS will success.
Here my config on envoy
and I attached success log of http/1.1 and fail log http/2 as well.
success-http1.1.log
fail-h2.log
The text was updated successfully, but these errors were encountered: