Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
http/2 traffic stopping with hitch/varnish 5.2.0 #2431
I'm not certain if i encountered a bug or design flaw. The Varnish 5.2.0 final version didn't solved my problems.
The sess_fail counter is raising to 33804924 in seconds if im enabling alpn-protos with h2 support in hitch. if im watching the logs, i see that only http2 requests getting logged, so i'm asume that h1 request can't pass anymore.
The effects reminds me about same issues (haproxy SSL offloading -> nginx, solution see: https://ispire.me/http2-ssl-offloading-with-haproxy-and-nginx/) i encountered when i was pointing/mixing traffic (h1 traffic to h2 or vice versa) to wrong endpoint protocols.
i ran hitch with this settings:
What i finally dont understand is how Varnish will distinguish between PUBLICIP:80 HTTP Traffic HTTP1 only coming directly via HTTP to Varnish and
My current idea is to replace hitch with haproxy as SSL Offloader and doing same with varnish what i do on haproxy > nginx only setups already (see Howto) but for that i need a separate definition parameter h1+PROXY,h2+PROXY to point each protocol to the right listener.
So a definition like setting protocol per Listener would be necessary to make such setup possible:
PublicIP:80 Varnish (non SSL) -> Nginx 10.0.10.2:80
varnish listen config definition without h1/h2 or PROXY (non SSL) should enable HTTP layer while h1/h2 or PROXY (SSL only) varnish config definition should enable raw TCP socket layer
might this be the proper way or does have varnish another approach doing it?
I wonder if the issue you are seeing is related to the
If you're on a non-ancient linux system, you could probably just remove it (thus setting it to 0), or you could try setting it to
The issue you are seeing may also be related to #2418. Could you for now please try a new setting for
I removed thread_pool_add_delay completly as you mentioned. Now it takes some more seconds but then still everything stuck.
If i disable alpn-protos = "h2, http/1.1" again it just runs normal.
Another sideffect i got since 5.2 is that varnishncsa is stopping logging (doesn't complete the log line) and running at 100%cpu load. If i have h2 enabled its doing this all the time, restarting varnishncsa doesn't solve this.
varnishncsa custom daemon options i use are:
I think the varnishncsa issue is due to the logging in our current H/2 implementation. For now could you try adding
Improving the log bits for h/2 is on my list, and I plan on making these only enabled via a special debug bit.
I stopped using h/2 support until its fixed. So currently this occurs with usual h/1