Bug 901145 (JBEWS-53)

Summary: mod_cluster returns HTTP 502 or (500 Proxy Error) with https connector
Product: [JBoss] JBoss Enterprise Web Server 2 Reporter: Michal Karm Babacek <mbabacek>
Component: mod_clusterAssignee: Weinan Li <weli>
Status: CLOSED CURRENTRELEASE QA Contact: Michal Karm Babacek <mbabacek>
Severity: high Docs Contact:
Priority: high    
Version: 2.0.0CC: aogburn, jclere, jdoyle, majoshi, mbabacek, mhasko, mhusnain, myarboro, pcheung, pslavice, rsvoboda
Target Milestone: ---Flags: weli: needinfo+
Target Release: 2.0.1   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBEWS-53
Whiteboard: mod_cluster
Fixed In Version: Doc Type: Bug Fix
Doc Text:
An HTTP error 502 (Bad Gateway) is displayed after a period of inactivity when only HTTPS connector is enabled for balancer-worker communication for mod_cluster with https. Httpd tries to re-use a connection that have been closed already. SSL handshake fails resulting in HTTP error. The bug in mod_cluster has now been fixed. mod_cluster works as expected and does not return an HTTP error 502 (Bad Gateway) after a period of inactivity when only HTTPS connector is enabled for balancer-worker communication.
 Story Points: ---
Clone Of:
: 956307 (view as bug list) Environment:
Last Closed: 2014-01-03 12:58:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 956307    
Attachments:
Description Flags
JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip
none
JBPAPP-9493-reproduced-with-EWS2.0.0.CR4.zip none

Description Michal Karm Babacek 2012-10-31 23:30:36 UTC 
Complexity: High
project_key: JBEWS

Jira
* [JBPAPP-10319] mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https
is likely to affect EWS 2.0 as well.

h3. Issue confirmed

Issue reproduced with *EWS 2.0.0 CR4*. See the attached [^JBPAPP-9493-reproduced-with-EWS2.0.0.CR4.zip]
Comment 1 Michal Karm Babacek 2012-10-31 23:30:36 UTC 
Link: Added: This issue Cloned from JBPAPP-10319
Comment 2 Michal Karm Babacek 2012-10-31 23:30:36 UTC 
Link: Added: This issue is related to JBPAPP-10029
Comment 3 Michal Karm Babacek 2012-10-31 23:30:37 UTC 
Link: Added: This issue is related to JBPAPP-9493
Comment 4 Michal Karm Babacek 2012-10-31 23:33:33 UTC 
Steps to Reproduce: Removed: h3. How to reproduce
 # Configure AS7 with HTTPS connector as in [^JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip]
 # Configure Httpd + Mod_cluster with SSL as in [^JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip]
 # Start httpd
 # Start AS7
 # Send a request, e.g. like:
 {noformat}
curl https://localhost:8888/SessionTest/session --cert /home/mbabacek/EAP6/Client/client.crt --key /home/mbabacek/EAP6/Client/client.key --cacert /home/mbabacek/EAP6/Client/myca.crt --insecure -c originally_empty_cookiefile.txt -b originally_empty_cookiefile.txt 2> /dev/null
 {noformat}
 # Optionally, wait ~10 minutes. (!) You might start to having errors even without this request free wait period.
 # Sned another request & get an error
 # Eventually, after *STATUS* message is received, you will get correct HTTP 200 again.

(i) *Note:* As soon as STATUS message is received, it picks up again...
 
Workaround Description: Removed: Turning off keepAlive settings, see [Aaron's comment|https://issues.jboss.org/browse/JBPAPP-9493?focusedCommentId=12709722&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12709722]
Comment 5 Libor Fuka 2012-11-05 12:35:09 UTC 
Link: Added: This issue relates to JBPAPP-9551
Comment 6 Michal Karm Babacek 2012-11-05 13:54:55 UTC 
Release Notes Text: Added: Issue causes mod_cluster to return an HTTP error 502 (Bad Gateway) after a period of inactivity in case only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered. Known workaround: Either allow AJP connector on workers or: Set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration.
Comment 7 Michal Karm Babacek 2012-11-05 15:15:18 UTC 
Attachment: Added: JBPAPP-9493-reproduced-with-EWS2.0.0.CR4.zip
Comment 8 Misha H. Ali 2012-11-05 15:23:39 UTC 
Release Notes Docs Status: Added: Documented as Known Issue
Writer: Added: mhusnain
Release Notes Text: Removed: Issue causes mod_cluster to return an HTTP error 502 (Bad Gateway) after a period of inactivity in case only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered. Known workaround: Either allow AJP connector on workers or: Set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration. Added: mod_cluster returns a HTTP error 502 (Bad Gateway) after a period of inactivity if only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered.

As a workaround, either allow AJP connector on all workers or set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration.
Comment 9 Michal Karm Babacek 2012-11-05 15:55:09 UTC 
Workaround in *Release Notes* by [~aogburn] in [comment|https://issues.jboss.org/browse/JBPAPP-9493?focusedCommentId=12709722&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12709722].
Comment 10 Michal Karm Babacek 2012-11-07 14:59:12 UTC 
Follow the most up-to-date feed on [JBPAPP-10029|https://issues.jboss.org/browse/JBPAPP-10029?focusedCommentId=12732465&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12732465] ...
Comment 11 Jiri Skrabal 2012-11-13 15:56:38 UTC 
Release Notes Docs Status: Removed: Documented as Known Issue 
Writer: Removed: mhusnain 
Release Notes Text: Removed: mod_cluster returns a HTTP error 502 (Bad Gateway) after a period of inactivity if only HTTPS connector is enabled for balancer-worker communication. Httpd tries to re-use a connection that have been closed already. SSL handshake fails and HTTP error is triggered.

As a workaround, either allow AJP connector on all workers or set maxKeepAliveRequests="1" in server.xml, Set smax to 0 in mod_cluster worker configuration, SetEnv proxy-nokeepalive 1 and SetEnv proxy-initial-not-pooled 1 in your httpd configuration. 
Docs QE Status: Removed: NEW
Comment 12 Adam Kovari 2012-11-14 08:35:55 UTC 
Link: Added: This issue is related to JBPAPP-10409
Comment 13 Jean-frederic Clere 2013-04-23 12:32:28 UTC 
It needs either the patch from:
https://github.com/modcluster/mod_cluster/commit/855cdda451eb561abe10463133f36360d5a302fe
or:
a release 1.2.4.Final from mod_cluster.
Comment 14 Permaine Cheung 2013-04-25 18:40:34 UTC 
mod_cluster-1.2.4-1.Final_redhat_1.ep6.el6
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el6

mod_cluster-1.2.4-1.Final_redhat_1.ep6.el5
mod_cluster-native-1.2.4-1.Final.redhat_1.ep6.el5

built in Brew.
Comment 15 Michal Karm Babacek 2013-05-06 22:36:27 UTC 
Verified in EWS 2.0.1.ER1, FIXED in mod_cluster-1.2.4. THX.
Comment 16 Mandar Joshi 2013-05-16 12:45:40 UTC 
Added DocText.

@Wei Nan Li, can you please review the Doc Text content?