Err_spdy_protocol_error


#1

HI,

Suddenly (around 6th of July) this error code display: ERR_SPDY_PROTOCOL_ERROR. I have check both safari and Chrome displays ERR_SPDY_PROTOCOL_ERROR and safari display kCFErrorDomainCFNetwork error 303.

I have not done anything on server level. Just updated the Let’s Encrypt certicate. I have done a test in chrome://net-internals/#events and get the following error messages. Don’t now what to do with it though:

119628: URL_REQUEST
https://www.allduplo.se/
Start Time: 2018-07-17 14:36:04.632

t=6143 [st= 0] +REQUEST_ALIVE [dt=956]
–> priority = “HIGHEST”
–> url = “https://www.allduplo.se/
t=6144 [st= 1] URL_REQUEST_DELEGATE [dt=0]
t=6144 [st= 1] +URL_REQUEST_START_JOB [dt=953]
–> load_flags = 18433 (MAIN_FRAME_DEPRECATED | MAYBE_USER_GESTURE | VALIDATE_CACHE)
–> method = “GET”
–> url = “https://www.allduplo.se/
t=6144 [st= 1] URL_REQUEST_DELEGATE [dt=0]
t=6144 [st= 1] HTTP_CACHE_GET_BACKEND [dt=0]
t=6144 [st= 1] HTTP_CACHE_OPEN_ENTRY [dt=0]
–> net_error = -2 (ERR_FAILED)
t=6144 [st= 1] HTTP_CACHE_CREATE_ENTRY [dt=0]
t=6144 [st= 1] HTTP_CACHE_ADD_TO_ENTRY [dt=0]
t=6144 [st= 1] +HTTP_STREAM_REQUEST [dt=1]
t=6144 [st= 1] HTTP_STREAM_JOB_CONTROLLER_BOUND
–> source_dependency = 119630 (HTTP_STREAM_JOB_CONTROLLER)
t=6145 [st= 2] HTTP_STREAM_REQUEST_BOUND_TO_JOB
–> source_dependency = 119631 (HTTP_STREAM_JOB)
t=6145 [st= 2] -HTTP_STREAM_REQUEST
t=6145 [st= 2] +HTTP_TRANSACTION_SEND_REQUEST [dt=0]
t=6145 [st= 2] HTTP_TRANSACTION_HTTP2_SEND_REQUEST_HEADERS
–> :authority: www.allduplo.se
:method: GET
:path: /
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
accept-encoding: gzip, deflate, br
accept-language: sv-SE,sv;q=0.9,en-US;q=0.8,en;q=0.7
cache-control: max-age=0
cookie: _ga=GA1.2.152687942.1531808727; _gid=GA1.2.1796538786.1531808727
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
t=6145 [st= 2] -HTTP_TRANSACTION_SEND_REQUEST
t=6145 [st= 2] +HTTP_TRANSACTION_READ_HEADERS [dt=951]
t=7096 [st=953] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
–> HTTP/1.1 200
status: 200
server: nginx
date: Tue, 17 Jul 2018 12:36:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
link: https://www.allduplo.se/wp-json/; rel=“https://api.w.org/
link: https://www.allduplo.se/; rel=shortlink
x-powered-by: EasyEngine 3.7.4
rt-fastcgi-cache: MISS
content-encoding: gzip
t=7096 [st=953] -HTTP_TRANSACTION_READ_HEADERS
t=7096 [st=953] +HTTP_CACHE_WRITE_INFO [dt=1]
t=7097 [st=954] HTTP2_STREAM_ERROR
–> description = “Server reset stream.”
–> net_error = “ERR_SPDY_PROTOCOL_ERROR”
–> stream_id = 3
t=7097 [st=954] -HTTP_CACHE_WRITE_INFO
t=7097 [st=954] HTTP_CACHE_WRITE_DATA [dt=0]
t=7097 [st=954] HTTP_CACHE_WRITE_INFO [dt=0]
t=7097 [st=954] URL_REQUEST_DELEGATE [dt=0]
t=7097 [st=954] URL_REQUEST_FILTERS_SET
–> filters = “GZIP”
t=7097 [st=954] -URL_REQUEST_START_JOB
t=7097 [st=954] +URL_REQUEST_DELEGATE [dt=1]
t=7097 [st=954] DELEGATE_INFO [dt=1]
–> delegate_blocked_by = “MojoAsyncResourceHandler”
t=7098 [st=955] -URL_REQUEST_DELEGATE
t=7098 [st=955] HTTP_TRANSACTION_READ_BODY [dt=0]
–> net_error = -337 (ERR_SPDY_PROTOCOL_ERROR)
t=7098 [st=955] FAILED
–> net_error = -337 (ERR_SPDY_PROTOCOL_ERROR)
t=7099 [st=956] -REQUEST_ALIVE
–> net_error = -337 (ERR_SPDY_PROTOCOL_ERROR)

Url: www.allduplo.se
Installed on: Ubuntu 16.04 LTS Linux Nginx

Thanks!


#2

Hi,

Can you kindly share us your Nginx / Apache configuration of this site… (Looks like this is your issue)

Thank you


#3

Your webserver seems to be malfunctioning. When debugging with the nghttp tool (a client util from the nghttp2 library), the client receives some sort of “reset” command from your webserver:

osiris@client ~ $ nghttp -nv https://www.allduplo.se/
[  0.071] Connected
The negotiated protocol: h2
[  0.165] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
          (niv=3)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):128]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65536]
          [SETTINGS_MAX_FRAME_SIZE(0x05):16777215]
[  0.165] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
          (window_size_increment=2147418112)
[  0.165] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
          (niv=2)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[  0.165] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
          (dep_stream_id=0, weight=201, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
          (dep_stream_id=0, weight=101, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
          (dep_stream_id=0, weight=1, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
          (dep_stream_id=7, weight=1, exclusive=0)
[  0.165] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
          (dep_stream_id=3, weight=1, exclusive=0)
[  0.165] send HEADERS frame <length=40, flags=0x25, stream_id=13>
          ; END_STREAM | END_HEADERS | PRIORITY
          (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
          ; Open new stream
          :method: GET
          :path: /
          :scheme: https
          :authority: www.allduplo.se
          accept: */*
          accept-encoding: gzip, deflate
          user-agent: nghttp2/1.31.1
[  0.236] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.953] recv (stream_id=13) :status: 200
[  0.953] recv (stream_id=13) server: nginx
[  0.953] recv (stream_id=13) date: Tue, 17 Jul 2018 17:36:23 GMT
[  0.953] recv (stream_id=13) content-type: text/html; charset=UTF-8
[  0.953] recv (stream_id=13) vary: Accept-Encoding
[  0.953] recv (stream_id=13) x-frame-options: SAMEORIGIN
[  0.953] recv (stream_id=13) link: <https://www.allduplo.se/wp-json/>; rel="https://api.w.org/"
[  0.953] recv (stream_id=13) link: <https://www.allduplo.se/>; rel=shortlink
[  0.953] recv (stream_id=13) x-powered-by: EasyEngine 3.7.4
[  0.953] recv (stream_id=13) rt-fastcgi-cache: MISS
[  0.953] recv (stream_id=13) content-encoding: gzip
[  0.953] recv HEADERS frame <length=238, flags=0x04, stream_id=13>
          ; END_HEADERS
          (padlen=0)
          ; First response header
[  0.953] recv RST_STREAM frame <length=4, flags=0x00, stream_id=13>
          (error_code=INTERNAL_ERROR(0x02))
[  0.953] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
          (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
Some requests were not processed. total=1, processed=0
osiris@client ~ $

After the reset, the client sends a “go away” command, but this isn’t unusual if you compare it to a regular HTTP2 session, for example, when connecting to google.com:

osiris@client ~ $ nghttp -nv https://google.com/
[  0.142] Connected
The negotiated protocol: h2
[  0.259] recv SETTINGS frame <length=18, flags=0x00, stream_id=0>
          (niv=3)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):1048576]
          [SETTINGS_MAX_HEADER_LIST_SIZE(0x06):16384]
[  0.259] recv WINDOW_UPDATE frame <length=4, flags=0x00, stream_id=0>
          (window_size_increment=983041)
[  0.259] send SETTINGS frame <length=12, flags=0x00, stream_id=0>
          (niv=2)
          [SETTINGS_MAX_CONCURRENT_STREAMS(0x03):100]
          [SETTINGS_INITIAL_WINDOW_SIZE(0x04):65535]
[  0.259] send SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=3>
          (dep_stream_id=0, weight=201, exclusive=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=5>
          (dep_stream_id=0, weight=101, exclusive=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=7>
          (dep_stream_id=0, weight=1, exclusive=0)
[  0.259] send PRIORITY frame <length=5, flags=0x00, stream_id=9>
          (dep_stream_id=7, weight=1, exclusive=0)
[  0.260] send PRIORITY frame <length=5, flags=0x00, stream_id=11>
          (dep_stream_id=3, weight=1, exclusive=0)
[  0.260] send HEADERS frame <length=35, flags=0x25, stream_id=13>
          ; END_STREAM | END_HEADERS | PRIORITY
          (padlen=0, dep_stream_id=11, weight=16, exclusive=0)
          ; Open new stream
          :method: GET
          :path: /
          :scheme: https
          :authority: google.com
          accept: */*
          accept-encoding: gzip, deflate
          user-agent: nghttp2/1.31.1
[  0.395] recv SETTINGS frame <length=0, flags=0x01, stream_id=0>
          ; ACK
          (niv=0)
[  0.395] recv (stream_id=13) :status: 301
[  0.395] recv (stream_id=13) location: https://www.google.com/
[  0.395] recv (stream_id=13) content-type: text/html; charset=UTF-8
[  0.395] recv (stream_id=13) date: Tue, 17 Jul 2018 17:38:45 GMT
[  0.395] recv (stream_id=13) expires: Thu, 16 Aug 2018 17:38:45 GMT
[  0.395] recv (stream_id=13) cache-control: public, max-age=2592000
[  0.395] recv (stream_id=13) server: gws
[  0.395] recv (stream_id=13) content-length: 220
[  0.395] recv (stream_id=13) x-xss-protection: 1; mode=block
[  0.395] recv (stream_id=13) x-frame-options: SAMEORIGIN
[  0.395] recv (stream_id=13) alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
[  0.395] recv HEADERS frame <length=220, flags=0x04, stream_id=13>
          ; END_HEADERS
          (padlen=0)
          ; First response header
[  0.395] recv DATA frame <length=220, flags=0x00, stream_id=13>
[  0.395] recv DATA frame <length=0, flags=0x01, stream_id=13>
          ; END_STREAM
[  0.395] recv PING frame <length=8, flags=0x00, stream_id=0>
          (opaque_data=0000000000000000)
[  0.395] send GOAWAY frame <length=8, flags=0x00, stream_id=0>
          (last_stream_id=0, error_code=NO_ERROR(0x00), opaque_data(0)=[])
osiris@cllient ~ $ 

You can clearly see the difference: after the response header, the Google webserver sends a “DATA frame” (the website itself) whereas your webserver sends a “RST_STREAM frame”.

So I would check your webservers error log, possibly increasing its verbosity if you don’t get any errors at first.


#4

Hi,

Thank you for your reply. Here is the nginx.conf file. I have also tried to turn off firewall but that did not work either. Can you make something out of this? I also tried to reboot the server but ended up with “Error establishing a database connection”.

user www-data;
worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;

events {
	worker_connections 4096;
	multi_accept on;
}

http {
	##
	# EasyEngine Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 30;
	types_hash_max_size 2048;

	server_tokens off;
	reset_timedout_connection on;
	add_header X-Powered-By "EasyEngine 3.7.4";
	add_header rt-Fastcgi-Cache $upstream_cache_status;

	# Limit Request
	limit_req_status 403;
	limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

	# Proxy Settings
	# set_real_ip_from	proxy-server-ip;
	# real_ip_header	X-Forwarded-For;

	fastcgi_read_timeout 300;
	client_max_body_size 100m;

	##
	# SSL Settings
	##

	ssl_session_cache shared:SSL:20m;
	ssl_session_timeout 10m;
	ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	
	##
	# Basic Settings
	##
	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	# Log format Settings
	log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '
	'$http_host "$request" $status $body_bytes_sent '
	'"$http_referer" "$http_user_agent"';

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types
	    application/atom+xml
	    application/javascript
	    application/json
	    application/rss+xml
	    application/vnd.ms-fontobject
	    application/x-font-ttf
	    application/x-web-app-manifest+json
	    application/xhtml+xml
	    application/xml
	    font/opentype
	    image/svg+xml
	    image/x-icon
	    text/css
	    text/plain
	    text/x-component
	    text/xml
	    text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

#5

I restored a backup so the issue is solved.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.