Uploaded image for project: 'JBoss Enterprise Application Platform 6'
  1. JBoss Enterprise Application Platform 6
  2. JBPAPP6-1170

mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: EAP 6.0.1 ER 3
    • Fix Version/s: EAP 6.0.1
    • Component/s: mod_cluster
    • Labels:
    • Environment:

      Confirmed: RHEL on x86 x86_64
      , To be confirmed: Solaris, Windows

    • Steps to Reproduce:
      Hide

      How to reproduce

      1. Configure AS7 with HTTPS connector as in JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip
      2. Configure Httpd + Mod_cluster with SSL as in JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip
      3. Start httpd
      4. Start AS7
      5. Send a request, e.g. like: 

        curl https://localhost:8888/SessionTest/session --cert /home/mbabacek/EAP6/Client/client.crt --key /home/mbabacek/EAP6/Client/client.key --cacert /home/mbabacek/EAP6/Client/myca.crt --insecure -c originally_empty_cookiefile.txt -b originally_empty_cookiefile.txt 2> /dev/null

      6. Optionally, wait ~10 minutes. You might start to having errors even without this request free wait period.
      7. Sned another request & get an error
      8. Eventually, after STATUS message is received, you will get correct HTTP 200 again.

      Note: As soon as STATUS message is received, it picks up again...

      Show
      How to reproduce Configure AS7 with HTTPS connector as in JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip Configure Httpd + Mod_cluster with SSL as in JBPAPP-9493-reproduced-with-m_c-1.2.3.Final.zip Start httpd Start AS7 Send a request, e.g. like: curl https://localhost:8888/SessionTest/session --cert /home/mbabacek/EAP6/Client/client.crt --key /home/mbabacek/EAP6/Client/client.key --cacert /home/mbabacek/EAP6/Client/myca.crt --insecure -c originally_empty_cookiefile.txt -b originally_empty_cookiefile.txt 2> /dev/null Optionally, wait ~10 minutes. You might start to having errors even without this request free wait period. Sned another request & get an error Eventually, after STATUS message is received, you will get correct HTTP 200 again. Note: As soon as STATUS message is received, it picks up again...
    • Forum Reference:
    • Workaround Description:
      Hide

      Turning off keepAlive settings, see Aaron's comment

      Show
      Turning off keepAlive settings, see Aaron's comment
    • Estimated Difficulty:
      High

      Description

      Error 

      [info] [client 127.0.0.1] Connection to child 0 established (server dhcp-27-136.brq.redhat.com:8888)
      		 
      [info] Seeding PRNG with 144 bytes of entropy
      		 
      [debug] ssl_engine_kernel.c(1889): OpenSSL: Handshake: start
      		 
      [debug] ssl_engine_kernel.c(1897): OpenSSL: Loop: before/connect initialization
      		 
      [debug] ssl_engine_kernel.c(1897): OpenSSL: Loop: SSLv2/v3 write client hello A
      		 
      [debug] ssl_engine_io.c(1897): OpenSSL: read 7/7 bytes from BIO#7fe4c4d61a00 [mem: 7fe4c4d646e0] (BIO dump follows)
      		 
      [debug] ssl_engine_io.c(1830): +-------------------------------------------------------------------------+
      		 
      [debug] ssl_engine_io.c(1869): | 0000: 15 03 01 00 02 02 0a                             .......          |
      		 
      [debug] ssl_engine_io.c(1875): +-------------------------------------------------------------------------+
      		 
      [debug] ssl_engine_kernel.c(1902): OpenSSL: Read: SSLv2/v3 read server hello A
      		 
      [debug] ssl_engine_kernel.c(1926): OpenSSL: Exit: error in SSLv2/v3 read server hello A
      		 
      [info] [client 127.0.0.1] SSL Proxy connect failed
      		 
      [info] SSL Library Error: 336032754 error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message
      		 
      [info] [client 127.0.0.1] Connection closed to child 0 with abortive shutdown (server dhcp-27-136.brq.redhat.com:8888)
      		 
      [error] (502)Unknown error 502: proxy: pass request body failed to 127.0.0.1:8443 (localhost)
      		 
      [error] [client 127.0.0.1] proxy: Error during SSL Handshake with remote server returned by /SessionTest/session
      		 
      [error] proxy: pass request body failed to 127.0.0.1:8443 (localhost) from 127.0.0.1 ()
      		 
      [debug] proxy_util.c(2029): proxy: HTTPS: has released connection for (localhost)

      Related reading

      This problem is being actively investigated as a part of [JBPAPP-10029]. The original JIRA is JBPAPP-9493.

      • [2012-10-31] At the moment, follow comments on [JBPAPP-10029] please.

        Gliffy Diagrams

          Attachments

            Issue Links

            cloned to

            Bug - A problem which impairs or prevents the functions of the product. JBEWS-53 mod_cluster returns HTTP 502 or (500 Proxy Error) with https connector

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed
            is related to

            Bug - A problem which impairs or prevents the functions of the product. JBPAPP-10409 mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https

            • Major - A request that should be considered seriously but is not a show stopper.
            • Closed

            Support Patch - A one-off patch related to a customer support case JBPAPP-9493 mod_cluster returns "Bad Gateway" HTTP ErrorCode 502 with https

            • Major - A request that should be considered seriously but is not a show stopper.
            • Resolved

              Activity

                People

                • Assignee:
                  permaine Permaine Cheung
                  Reporter:
                  mbabacek Michal Karm Babacek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: